Lucene search
K

39 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 7:54 a.m.10 views

Malicious code in use-context-selector-tony (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6dde262b1fecc08fe5853c4ec7ada6c3c3746a6e7afb5bd18c33d5adfa03843c This package is a name-squat of the popular use-context-selector library and ships a postinstall script dist/postinstall.js / src/postinstall.js that...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/14 7:25 p.m.12 views

Malicious code in prisma-callback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1aab2820bfb9036995418ba2b36887f8970d7deaa69d8bc4aa24e36266bf18d1 [email protected] is a name-confusion package against the genuine prisma ORM. Its package.json declares "preinstall":...

5.9AI score
Exploits0References4
OSV
OSV
added 2026/05/14 7:25 p.m.7 views

MAL-2026-3770 Malicious code in prisma-callback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1aab2820bfb9036995418ba2b36887f8970d7deaa69d8bc4aa24e36266bf18d1 [email protected] is a name-confusion package against the genuine prisma ORM. Its package.json declares "preinstall":...

5.9AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.7 views

NewStart CGSL MAIN 7.02 : wpa_supplicant Vulnerability (NS-SA-2026-0037)

The remote NewStart CGSL host, running version MAIN 7.02, has wpasupplicant packages installed that are affected by a vulnerability: - The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop...

7.4CVSS6.6AI score0.00716EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/12 3:29 p.m.25 views

FrankenPHP's unicode case-folding length expansion causes incorrect split_path index (SCRIPT_NAME/PATH_INFO confusion) in FrankenPHP

Summary FrankenPHP’s CGI path splitting logic improperly handles Unicode characters during case conversion. The logic computes the split index for finding .php on a lowercased copy of the request path but applies that byte index to the original path. Because strings.ToLower in Go can increase the...

9.8CVSS6.2AI score0.0058EPSS
Exploits1References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.5 views

TencentOS Server 3: compat-openssl10 (TSSA-2025:0443)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0443 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

7.4CVSS8AI score0.59501EPSS
Exploits0References2
OSV
OSV
added 2025/10/04 12:11 a.m.8 views

RLSA-2025:7937 Important: compat-openssl11 security update

The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries from the 1.1.1 version and is provided for compatibility with previous releases. Security Fixes: openssl: X.400 address type confusion in X.509 GeneralName...

7.4CVSS7AI score0.59501EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-55010

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00356EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-3288

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to...

4.3CVSS5.1AI score0.00642EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2024-9163

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an...

7.5CVSS5.6AI score0.00356EPSS
Exploits0References2
OSV
OSV
added 2025/05/28 12:12 p.m.10 views

BIT-GITLAB-2024-9163 User Interface (UI) Misrepresentation of Critical Information in GitLab

A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs...

7.5CVSS6.2AI score0.00356EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/25 1:19 p.m.7 views

CVE-2024-9163

A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs...

7.5CVSS6.4AI score0.00356EPSS
Exploits0References1
NVD
NVD
added 2025/05/23 1:15 p.m.8 views

CVE-2024-9163

A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs...

7.5CVSS0.00356EPSS
Exploits0References2
OSV
OSV
added 2025/05/23 1:15 p.m.5 views

UBUNTU-CVE-2024-9163

A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs...

7.5CVSS5.8AI score0.00356EPSS
Exploits0References4
CVE
CVE
added 2025/05/23 12:31 p.m.48 views

CVE-2024-9163

GitLab CE/EE (versions 12.1–<17.10.7, 17.11–<17.11.3, 18.0–

7.5CVSS3.6AI score0.00356EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/05/23 12:31 p.m.3 views

CVE-2024-9163 User Interface (UI) Misrepresentation of Critical Information in GitLab

A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs...

3.5CVSS6.3AI score0.00356EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/05/23 12:31 p.m.10 views

CVE-2024-9163 User Interface (UI) Misrepresentation of Critical Information in GitLab

A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs...

3.5CVSS0.00356EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/23 12:31 p.m.9 views

CVE-2024-9163 User Interface (UI) Misrepresentation of Critical Information in GitLab

A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs...

3.5CVSS6.4AI score0.00356EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/05/23 12:31 p.m.9 views

CVE-2024-9163

Removed by vendor...

7.5CVSS5.8AI score0.00356EPSS
Exploits0
CNNVD
CNNVD
added 2025/05/23 12:0 a.m.5 views

GitLab CE/EE 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE/EE versions prior to 17.10.7, 17.11.3, an...

7.5CVSS6.2AI score0.00356EPSS
Exploits0References3
Rows per page
Query Builder