251896 matches found
CVE-2026-6591
A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folderpaths.getannotatedfilepath of the file folderpaths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been...
EUVD-2026-23735
A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folderpaths.getannotatedfilepath of the file folderpaths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been...
PT-2026-33660
A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folder paths.get annotated filepath of the file folder paths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has bee...
PT-2026-33831
Name of the Vulnerable Software and Affected Versions Flowsint affected versions not specified Description Flowsint is an open-source OSINT graph exploration tool used for cybersecurity investigation, transparency, and verification. A remote attacker can create a sketch and trigger the org to asn...
node-security-poc
No d...
Malicious code in chandan-module-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9b92ee71a8547073a6d21685e6190b1769e93db8cbf2be1a57e7e14e8d0d075 The package chandan-module-test was found to contain malicious code. Source: ossf-package-analysis...
CVE-2026-41242 vulnerabilities
Vulnerabilities for packages: vitess, librechat, kibana, gemini-cli, kubeflow-centraldashboard, langfuse, pulumi, renovate, opentelemetry-auto-instrumentations-node, jitsucom-jitsu, langfuse-fips...
Malicious code in react-spa-shadcn (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b0a6436d822911c9ab59cb73cdf9c25c0dfa562feb406fcfa450ad964418f89 The package react-spa-shadcn was found to contain malicious code. Source: ghsa-malware da9de249511ac32f8d560921d4da27724c126e29260a8fb7c4acb1da70c6b7...
Malicious code in pa-marked (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e01d64e50dea2a8be10707dbd49869a6bcea570bf26829a1738ca2237882249 The package pa-marked was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2932 Malicious code in sy-editor-v3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cbd7c2056a09f76b9e73fbd0dae4370df9df455077146ae85b6b985b0394d4f The package sy-editor-v3 was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @ataslkit/profilecard (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8efe1bf5f3d6ed3259b1ef3d48d73c3fd6368a50097725968869b551e73f828a The package @ataslkit/profilecard was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2924 Malicious code in cktool.core.internal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95da3751f8d8f63d46e480fc465291ffa814ac0294663c1d3d62d6b4b40df73c The package cktool.core.internal was found to contain malicious code. Source: ghsa-malware...
Malicious code in cktool.api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b28b7eb696757e668aa67a3d187943f553dce7298e27f7b47cb90022034ac9ba The package cktool.api was found to contain malicious code. Source: ghsa-malware d228f217a2a065caaf43db67d6cc7dc3c842a2bc821523c33e11456a1a7c0d4e Any...
MAL-2026-2922 Malicious code in cktool.api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b28b7eb696757e668aa67a3d187943f553dce7298e27f7b47cb90022034ac9ba The package cktool.api was found to contain malicious code. Source: ghsa-malware d228f217a2a065caaf43db67d6cc7dc3c842a2bc821523c33e11456a1a7c0d4e Any...
Malicious code in cktool.internal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d35ec7e83cb03e16d3d408e617ad1c8a72dae84f6b8655f5439b1e5465e47fc The package cktool.internal was found to contain malicious code. Source: ghsa-malware fea6b6dafa01114874236a50b5923473307ac91ce0b6c562d3ccb2fa27e6af4...
MAL-2026-2918 Malicious code in apple-cloudkit-internal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cfcd7e5376478b86db5942e2492ae0763bad14dda004c55988edf420f5e62ce The package apple-cloudkit-internal was found to contain malicious code. Source: ghsa-malware...
Malicious code in ac-sasskit-internal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c88124eb460a9e33e146185720f25d78918a3b360c1e41d55889b0b392f7ef5f The package ac-sasskit-internal was found to contain malicious code. Source: ghsa-malware...
GHSA-XQ3M-2V4X-88GG vulnerabilities
Vulnerabilities for packages: vitess, librechat, kibana, gemini-cli, kubeflow-centraldashboard, langfuse, pulumi, renovate, opentelemetry-auto-instrumentations-node, jitsucom-jitsu, langfuse-fips...
GHSA-29X4-R6JV-FF4W Zebra Vulnerable to Denial of Service via Interrupted JSON-RPC Requests from Authenticated Clients
A vulnerability in Zebra's JSON-RPC HTTP middleware allows an authenticated RPC client to cause a Zebra node to crash by disconnecting before the request body is fully received. The node treats the failure to read the HTTP request body as an unrecoverable error and aborts the process instead of...
Zebra has rk Identity Point Panic in Transaction Verification
rk Identity Point Panic in Transaction Verification Summary Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity a "zero" value, however, the orchard crate which is used to verify...