Lucene search
K

252644 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/02 12:10 p.m.2 views

Malicious code in vv-ftend-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3096bbbc1b06c1a0df854ff812112a3d902b8a5c8926880c146f8b36e8497897 The package vv-ftend-core was found to contain malicious code. Source: ghsa-malware 31aa4449ee3c83b67dd8e118498746b83b9b02e0d8fe6c095f6d08f6c7a9b62e...

5.9AI score
Exploits0References1
CVE
CVE
added 2026/04/02 11:40 a.m.18 views

CVE-2026-23415

The CVE-2026-23415 issue affects the Linux kernel futex subsystem. A race occurs between futex_key_to_node_opt() reading vma->vm_policy under speculative mmap lock/RCU and mbind() calling vma_replace_policy(), which can free the old mempolicy via kmem_cache_free(). This leads to a use-after-fr...

7.8CVSS5.7AI score0.00124EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/02 11:40 a.m.3 views

CVE-2026-23415

In the Linux kernel, the following vulnerability has been resolved: futex: Fix UaF between futexkeytonodeopt and vmareplacepolicy During futexkeytonodeopt execution, vma-vmpolicy is read under speculative mmap lock and RCU. Concurrently, mbind may call vmareplacepolicy which frees the old mempoli...

5.7AI score0.00124EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2026/04/02 11:40 a.m.3 views

CVE-2026-23415

In the Linux kernel, the following vulnerability has been resolved: futex: Fix UaF between futexkeytonodeopt and vmareplacepolicy During futexkeytonodeopt execution, vma-vmpolicy is read under speculative mmap lock and RCU. Concurrently, mbind may call vmareplacepolicy which frees the old mempoli...

7.8CVSS5.4AI score0.00124EPSS
Exploits0
OSV
OSV
added 2026/04/02 11:28 a.m.3 views

MAL-2026-2421 Malicious code in @mgcrae/pino-pretty-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c31dc9253706aebd955016075e321d19d7dfc9b231882d7b24a6c932fa3dfa80 The package @mgcrae/pino-pretty-logger was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.1 views

PT-2026-29722

In the Linux kernel, the following vulnerability has been resolved: futex: Fix UaF between futex key to node opt and vma replace policy During futex key to node opt execution, vma-vm policy is read under speculative mmap lock and RCU. Concurrently, mbind may call vma replace policy which frees th...

5.8AI score0.00124EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.4 views

PT-2026-29941

Flannel has cross-node remote code execution via extension backend BackendData injection in github.com/flannel-io/flannel...

7.5CVSS6.4AI score0.02709EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/02 12:0 a.m.4 views

Atlassian Jira Service Management Data Center and Server 5.15.2 < 10.3.18 / 10.4.x < 11.3.3 (JSDSERVER-16528)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16528 advisory. - node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link...

8.2CVSS6.6AI score0.00334EPSS
Exploits2References2
Github Security Blog
Github Security Blog
added 2026/04/01 11:44 p.m.7 views

NocoBase Has SQL Injection via template variable substitution in workflow SQL node

Summary NocoBase = 2.0.8 plugin-workflow-sql substitutes template variables directly into raw SQL strings via getParsedValue without parameterization or escaping. Any user who triggers a workflow containing a SQL node with template variables from user-controlled data can inject arbitrary SQL...

8.5CVSS6.3AI score0.00406EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/04/01 11:44 p.m.2 views

GHSA-VX58-FWWQ-5G8J NocoBase Has SQL Injection via template variable substitution in workflow SQL node

Summary NocoBase = 2.0.8 plugin-workflow-sql substitutes template variables directly into raw SQL strings via getParsedValue without parameterization or escaping. Any user who triggers a workflow containing a SQL node with template variables from user-controlled data can inject arbitrary SQL...

8.5CVSS6.3AI score0.00406EPSS
Exploits1References5
Snyk
Snyk
added 2026/04/01 10:59 p.m.5 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the NGAP handover failure message processing. An attacker can cause the service to crash and disrupt connectivity for all users by forcing a gNodeB to send NGAP handover failure messages. Remediation Upgrade...

6.9CVSS5.8AI score0.00317EPSS
Exploits0References2
OSV
OSV
added 2026/04/01 10:19 p.m.3 views

GHSA-35XM-QVJG-8M42 dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration

Summary A stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in the Electron desktop app this can escalate to local code execution because...

8.2CVSS6.3AI score0.00168EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/01 10:19 p.m.5 views

dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration

Summary A stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in the Electron desktop app this can escalate to local code execution because...

8.2CVSS6.3AI score0.00168EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2026/04/01 9:19 p.m.6 views

@01.software/cli (>=0.1.1 <=0.2.0-dev.260310.cf511cb), @01.software/sdk (>=0.0.1-251008.90016 <=0.3.0) +33 more potentially affected by CVE-2026-34747 via payload (>=3.0.0-alpha.46 <=3.79.0)

payload NPM version =3.0.0-alpha.46, =0.1.1, =0.0.1-251008.90016, =0.0.6, =0.0.3, =1.0.1-beta.0, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =3.64.0, =0.0.1-beta.0, =0.2.0, =0.2.14 and more Source cves: CVE-2026-34747 Source advisory: SNYK:JS-PAYLOAD-15873855...

8.5CVSS5.8AI score0.00317EPSS
Exploits0
EUVD
EUVD
added 2026/04/01 6:36 p.m.3 views

EUVD-2026-17958

An unauthenticated remote code execution RCE vulnerability exists in applications that use the Replicator node package manager npm version 1.0.5 to deserialize untrusted user input and execute the resulting object...

6.5CVSS6.5AI score0.00368EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/01 6:36 p.m.8 views

Replicator deserializes untrusted user input

An unauthenticated Remote Code Execution RCE vulnerability exists in applications that use the Replicator node package manager npm version 1.0.5 to deserialize untrusted user input and execute the resulting object...

6.5CVSS6AI score0.00368EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/01 5:3 p.m.4 views

CVE-2026-34377

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid...

8.4CVSS5.7AI score0.00255EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/01 5:3 p.m.4 views

CVE-2026-34202

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-chain version 6.0.1, a vulnerability in Zebra's transaction processing logic allows a remote, unauthenticated attacker to cause a Zebra node to panic crash. This is triggered by sending a specially crafted V5...

9.2CVSS5.8AI score0.00725EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/01 5:3 p.m.5 views

CVE-2026-33577

OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairing approval path that allows low-privilege operators to approve nodes with broader scopes. Attackers can exploit missing callerScopes validation in node-pairing.ts to extend privileges onto paired...

8.6CVSS5.9AI score0.00379EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/01 4:11 p.m.23 views

CVE-2026-2265 Replicator 1.0.5 is vulnerable to Remote Code Execution through Insecure Deserialization

An unauthenticated remote code execution RCE vulnerability exists in applications that use the Replicator node package manager npm version 1.0.5 to deserialize untrusted user input and execute the resulting object...

0.00368EPSS
Exploits0References3
Rows per page
Query Builder