Lucene search
+L

61 matches found

NVD
NVD
added 3 days ago10 views

CVE-2026-52888

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. In 2.0.59 and earlier, NocoBase @nocobase/plugin-collection-sql used the checkSQL function in packages/plugins/@nocobase/plugin-collection-sql/src/server/utils.ts with an incomplete...

6.8CVSS0.00269EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago11 views

Malicious code in ai-pro-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b035f137addcf0118c3d042ece322d0fdde054e4ed283317d3b2adb309e38689 [email protected] is advertised as a Vercel AI SDK provider for Claude via the Claude Agent SDK, but the published tarball ships no code: package.json...

6.1AI score
Exploits0References4
OSV
OSV
added 2026/07/02 10:16 p.m.4 views

DEBIAN-CVE-2026-12413

An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemblev2incomingfragments would ignore unknown outer payloads but still store these in a fixed size array msgdigest.digestPAYLIMIT...

7.5CVSS6.6AI score0.00597EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 9:19 p.m.24 views

CVE-2026-12413

The CVE-2026-12413 issue affects Libreswan’s pluto daemon and is triggered by an invalidly formatted IKEv2 fragment. The root cause is an off-by-one error in the assertion within reassemble_v2_incoming_fragments(), which can cause the daemon to abort when handling certain outer payloads that are ...

7.5CVSS6.4AI score0.00597EPSS
Exploits0References2Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/13 9:17 p.m.15 views

Malicious code in patientdocuments (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56c5ab4dc6470deaebe29f4851edb91bc5d5704e9f9578a91e238490708c007b package.json declares a preinstall lifecycle script that runs wget --quiet...

6.2AI score
Exploits0References2
GithubExploit
GithubExploit
added 2026/04/06 8:3 a.m.156 views

Exploit for Use After Free in Redis

CVE-2025-49844 RediShell AI-made Revshell PoC Untested comple...

9.9CVSS6.4AI score0.86767EPSS
Exploits15
NVD
NVD
added 2026/03/31 2:16 p.m.8 views

CVE-2026-34156

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.28, NocoBase's Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODUL...

9.9CVSS0.36503EPSS
Exploits7References3
Cvelist
Cvelist
added 2026/03/31 1:33 p.m.30 views

CVE-2026-34156 NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.28, NocoBase's Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODUL...

9.9CVSS0.36503EPSS
Exploits7References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.6 views

CVE-2026-25086

Under certain conditions, an attacker could bind to the same port used by WebCTRL. This could allow the attacker to craft and send malicious packets and impersonate the WebCTRL service without requiring code injection into the WebCTRL software...

7.7CVSS5.9AI score0.00151EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/21 12:31 a.m.7 views

EUVD-2026-13844

Under certain conditions, an attacker could bind to the same port used by WebCTRL. This could allow the attacker to craft and send malicious packets and impersonate the WebCTRL service without requiring code injection into the WebCTRL software...

7.7CVSS5.9AI score0.00151EPSS
Exploits0References4
NVD
NVD
added 2026/03/21 12:16 a.m.6 views

CVE-2026-25086

Under certain conditions, an attacker could bind to the same port used by WebCTRL. This could allow the attacker to craft and send malicious packets and impersonate the WebCTRL service without requiring code injection into the WebCTRL software...

7.7CVSS0.00151EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/09 3:30 p.m.6 views

EUVD-2025-208413

GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debugrnglists data. A logic flaw in the DWARF parsing path causes readelf to repeatedly print the same warning message without making forward progress, resulting in a...

6.2AI score0.00176EPSS
Exploits1References3
OSV
OSV
added 2026/03/06 7:16 p.m.7 views

AZL-79571 CVE-2025-69649 affecting package binutils 2.41-10

GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into displayrelocations, resulting in a segmentation fault SIGSEGV and...

7.5CVSS5.8AI score0.00256EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/03/06 7:16 p.m.3 views

CVE-2025-69652

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort SIGABRT when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in processdebuginfo, an invalid debuginfop state may propagate into DWARF attribute parsing...

6.2CVSS6.3AI score0.00173EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/03/06 12:0 a.m.3 views

CVE-2025-69649

GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into displayrelocations, resulting in a segmentation fault SIGSEGV and...

7.5CVSS5.8AI score0.00256EPSS
Exploits1References2
NVD
NVD
added 2026/01/24 1:15 a.m.6 views

CVE-2026-24399

ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an payload containing a javascript: URI can be processed and executed in the browser context. This allow...

9.3CVSS0.00302EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/24 12:5 a.m.7 views

EUVD-2026-4613

ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an payload containing a javascript: URI can be processed and executed in the browser context. This allow...

9.3CVSS5.4AI score0.00302EPSS
Exploits1References3
EUVD
EUVD
added 2025/12/02 9:31 p.m.8 views

EUVD-2025-200299

A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges...

9.3CVSS7.6AI score0.00628EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2025/11/26 12:0 a.m.175 views

📄 CAREL Boss / Boss Mini 1.4.0 Path Traversal

Proof of concept for an older vulnerability in 2023 where CAREL Boss and Boss Mini version 1.4.0 suffer from a path traversal vulnerability. ============================================================================================================================================= | Title : Boss...

9.8CVSS7AI score0.75387EPSS
Exploits6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-2925

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00783EPSS
Exploits0References5
Rows per page
Query Builder