Lucene search
K

252644 matches found

OSV
OSV
added 2026/03/28 10:54 a.m.4 views

MAL-2026-2274 Malicious code in autoshipment-public-front (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e88d7d57a4db4ac2a1f359905f9bff3aba5176c373833890d1f58befc32b4d8 The package autoshipment-public-front was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/28 10:54 a.m.6 views

Malicious code in npmamzs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25a8c88c6c60c588983806906169ffad0a2a863d45482ac8e2740f320f7cb2ea The package npmamzs was found to contain malicious code. Source: ossf-package-analysis d494475ee013b73bb0df9b1f0533b2f169fb6feff4b7c3c282c3629588be4e...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.3 views

CVE-2026-33726

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...

5.4CVSS5.8AI score0.00244EPSS
Exploits0References1
Chainguard
Chainguard
added 2026/03/28 1:17 a.m.4 views

GHSA-48C2-RRV3-QJMP vulnerabilities

Vulnerabilities for packages: langfuse, argo-workflows, opensearch-dashboards, tileserver-gl-fips, opentelemetry-auto-instrumentations-node, saf, gitlab-rails-ce-fips, wazuh-dashboard, nextcloud-server, gitlab-rails-ce, vitess, prism, gemini-cli, langfuse-fips, lerna, redisinsight, semaphore,...

5.8AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/28 12:26 a.m.4 views

SUSE CVE-2026-32751

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the mobile file tree MobileFiles.ts renders notebook names via innerHTML without HTML escaping when processing renamenotebook WebSocket events. The desktop version Files.ts properly uses escapeHtml for the same...

9CVSS6.1AI score0.00796EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.8 views

SUSE CVE-2026-33532

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

4.3CVSS6.1AI score0.00469EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-23314

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: regulator: bq257xx: Fix device node reference leak in bq257xxregdtparsegpio In...

5.5CVSS5.3AI score0.00121EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-33896

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, pki.verifyCertificateChain does not...

9.1CVSS6.6AI score0.00303EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-33891

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability...

7.5CVSS5.8AI score0.0058EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-33895

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accept...

8.1CVSS6.7AI score0.00338EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/27 10:29 p.m.8 views

OpenClaw: Silent privilege escalation via gateway shared-auth reconnect

Summary Gateway local shared-auth reconnect silently widens paired device scope from operator.read to operator.admin and reach node RCE Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verificati...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/27 10:19 p.m.7 views

Zebra node crash — V5 transaction hash panic (P2P reachable)

--- Remote Denial of Service via Crafted V5 Transactions Summary A vulnerability in Zebra's transaction processing logic allows a remote, unauthenticated attacker to cause a Zebra node to panic crash. This is triggered by sending a specially crafted V5 transaction that passes initial...

9.2CVSS6AI score0.00725EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2026/03/27 10:19 p.m.3 views

GHSA-QP6F-W4R3-H8WG Zebra node crash — V5 transaction hash panic (P2P reachable)

--- Remote Denial of Service via Crafted V5 Transactions Summary A vulnerability in Zebra's transaction processing logic allows a remote, unauthenticated attacker to cause a Zebra node to panic crash. This is triggered by sending a specially crafted V5 transaction that passes initial...

9.2CVSS6AI score0.00725EPSS
Exploits0References5
NVD
NVD
added 2026/03/27 10:16 p.m.7 views

CVE-2026-33939

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator e.g. n, the compiled template calls lookupPropertydecorators, "n", which returns undefined. Th...

7.5CVSS0.00602EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/03/27 10:12 p.m.3 views

CVE-2026-33891

A flaw was found in the node-forge library, a JavaScript implementation of Transport Layer Security. This vulnerability, inherited from the bundled jsbn library, allows a remote attacker to cause a Denial of Service DoS. When the BigInteger.modInverse function is called with a zero value, it ente...

7.5CVSS5.8AI score0.0058EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/03/27 9:52 p.m.5 views

CVE-2026-33896

A flaw was found in Forge also known as node-forge, a JavaScript implementation of Transport Layer Security TLS. The pki.verifyCertificateChain function does not properly enforce certificate validation rules. This oversight allows an intermediate certificate that lacks specific security extension...

7.4CVSS6.5AI score0.00303EPSS
Exploits1References5
CVE
CVE
added 2026/03/27 9:26 p.m.18 views

CVE-2026-33976

Notesnook stores attacker-controlled attributes from a source page into web-clip HTML during Web Clipper rendering. When a clip is later opened, Notesnook renders this HTML in a same-origin, unsandboxed iframe via contentDocument.write, allowing event-handler attributes (onload, onclick, onmouseo...

9.6CVSS6.5AI score0.00706EPSS
Exploits1References1Affected Software2
NVD
NVD
added 2026/03/27 9:17 p.m.5 views

CVE-2026-33896

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, pki.verifyCertificateChain does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions...

9.1CVSS0.00303EPSS
Exploits1References8
NVD
NVD
added 2026/03/27 9:17 p.m.6 views

CVE-2026-33891

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...

7.5CVSS0.0058EPSS
Exploits1References9
NVD
NVD
added 2026/03/27 9:17 p.m.4 views

CVE-2026-33894

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS1 v1.5 signature verification accepts forged signatures for low public exponent keys e=3. Attackers can forge signatures by stuffing “garbage” bytes within the ASN...

7.5CVSS0.00339EPSS
Exploits0References17
Rows per page
Query Builder