Lucene search
K

8 matches found

NVD
NVD
added last week10 views

CVE-2026-57234

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema see CVE-2020-26247, was not correctly enforced on the JRuby implementation. As a result, a schema parsed with...

2.6CVSS0.00166EPSS
Exploits0References1
OSV
OSV
added 2026/06/19 3:13 p.m.10 views

MAL-2026-6213 Malicious code in @bytemend/mfebus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3d53776853d18aabf967b0f1882eb45f2164feedd600eeccc927f496002f5e4 The package advertises itself as a small in-memory pubsub library but its main entry dist/index.js eagerly requires dist/bootstrap.js, a 277KB...

6AI score
Exploits0References6
OSV
OSV
added 2026/06/11 7:28 a.m.12 views

MAL-2026-5608 Malicious code in claimora (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b785b842f24aeae0e20157784b17a8bff7003e72575ac9a3aa9cbeb550a5c92 claimora impersonates the jsonwebtoken library auth0: package.json sets author to "auth0", points repository at a non-existent...

5.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 3:46 p.m.13 views

Malicious code in @sql-trigger/nodesql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39e37d95fb040c83277583e2bf90b56363f86360337f1c30e63c85eb56579ada The package advertises itself as a simple SQL helper but its main entry index.js is heavily obfuscated obfuscator.io string-array + RC4 + base64,...

5.7AI score
Exploits0References2
OSV
OSV
added 2026/05/21 4:36 a.m.6 views

MAL-2026-4573 Malicious code in git-userhub (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 859f77ac10aa89722823e0477f8f6986db2b54dd25b1b2aedb05ee31d5891071 Package name 'git-userhub' is a lookalike of a GitHub-related identity, with no legitimate publisher backing. The package.json declares a postinstall...

6.4AI score
Exploits0References2
OSV
OSV
added 2026/05/20 8:14 a.m.8 views

MAL-2026-4601 Malicious code in local-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4649a6cac828460ea4a3e6d867038eaa507f109eb6a46de9eef1fc340d867608 The package executes lifecycle and import-time code that fetches executables and posts host data to off-publisher infrastructure. download.js line 92...

5.9AI score
Exploits0References21
OSV
OSV
added 2026/04/03 3:30 a.m.1 views

GHSA-WC4H-2348-JC3P Ech0 has Unauthenticated Server-Side Request Forgery in Website Preview Feature

Summary Ech0 implements link preview editor fetches a page title through GET /api/website/title. That is legitimate product behavior, but the implementation is unsafe: the route is unauthenticated, accepts a fully attacker-controlled URL, performs a server-side GET, reads the entire response body...

7.5CVSS6AI score0.00327EPSS
Exploits1References3
Metasploit
Metasploit
added 2025/12/09 6:55 p.m.376 views

HTTPS Fetch, Linux Command Shell, Bind TCP Inline

Fetch and execute an MIPSLE payload from an HTTPS server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/https/ppc/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options...

5.8AI score
Exploits0
Rows per page
Query Builder