Lucene search
K

257 matches found

OSV
OSV
added 2025/08/14 4:18 a.m.4 views

MAL-2025-6870 Malicious code in @angular_devkit/build-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 053dbd5b72c824b5644482986fcc9a5caca48fcbe447f90f957e420418f2bcb4 The OpenSSF Package Analysis project identified '@angulardevkit/build-webpack' @ 99.1.1 npm as malicious. It is considered malicious because: -...

7.3AI score
Exploits0
OSV
OSV
added 2025/08/09 2:35 p.m.3 views

MAL-2025-6810 Malicious code in badger-doc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 102e103c2148dd46b3b7b80cbf9641deea29213407e46ee74af433da247bd9ef The OpenSSF Package Analysis project identified 'badger-doc' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

7.1AI score
Exploits0
OSV
OSV
added 2025/08/09 2:24 p.m.4 views

MAL-2025-6813 Malicious code in hcs-image-viewer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 28a35db26dad04831df161435cbbf5343e242f3ebc2fe7764b3feadd1926646c The OpenSSF Package Analysis project identified 'hcs-image-viewer' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/09 11:12 a.m.7 views

Malicious code in @sangith/newrelic (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis df1e3a9bd21e4d7ca6ae9595850002d67806ca9fd408d068bad6ce3a8a4c2dbf The OpenSSF Package Analysis project identified '@sangith/newrelic' @...

7.1AI score
Exploits0
Circl
Circl
added 2025/08/08 11:51 p.m.18 views

CVE-2025-55188

creationtimestamp| type| source ---|---|--- 2025-08-08 23:51:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lvwgzkd4xl2d 2025-08-09 20:16:03+00:00| seen| https://seclists.org/oss-sec/2025/q3/82 2025-08-09 22:51:21+00:00| seen|...

3.6CVSS6.9AI score0.00692EPSS
Exploits2References42
Circl
Circl
added 2025/08/08 10:24 a.m.11 views

CVE-2025-55014

creationtimestamp| type| source ---|---|--- 2025-08-08 10:24:28+00:00| seen| https://seclists.org/oss-sec/2025/q3/81 2025-08-13 03:49:46+00:00| seen| https://bsky.app/profile/thecascading.bsky.social/post/3lwawa53r2h2d...

4.7CVSS4.8AI score0.00377EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/02 11:0 a.m.5 views

Malicious code in undeface-test-2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 69c9b501034a030dc669fcc1ae2026db2508367cac00b2b2b7e4d8df0a78ad7e The OpenSSF Package Analysis project identified 'undeface-test-2' @ 9.9.9 npm as malicious. It is considered malicious because: - The package...

6.9AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/29 10:45 p.m.16 views

Security Bulletin: IBM Aspera Faspex is affected by open-source related vulnerabilities and unauthorized actions from authenticated users

Summary IBM Aspera Faspex has addressed vulnerabilities related to denial-of-service, inefficient code execution under specific conditions, and unintended traffic routing. The 3rd party vulnerabilities are for very specific use cases that are not necessarily exposed through Faspex. Additionally,...

8.7CVSS7.6AI score0.00911EPSS
Exploits2Affected Software6
Rockylinux
Rockylinux
added 2025/07/29 1:38 p.m.4 views

mod_security security update

An update is available for modsecurity. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list ModSecurity is an open source intrusion detection and prevention engine f...

7.5CVSS7.7AI score0.00586EPSS
Exploits1
The Hacker News
The Hacker News
added 2025/07/23 9:28 a.m.9 views

Google Launches OSS Rebuild to Expose Malicious Code in Widely Used Open-Source Packages

Google has announced the launch of a new initiative called OSS Rebuild to bolster the security of the open-source package ecosystems and prevent software supply chain attacks. "As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to...

7.4AI score
Exploits0
NVD
NVD
added 2025/07/17 2:15 p.m.10 views

CVE-2025-53946

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.5 in the idfuncionario parameter of the /html/saude/profilepaciente.php endpoint. This vulnerability allows attacker to...

9.4CVSS0.00371EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/07/10 5:1 p.m.5 views

Malicious code in nbastatsleftnav (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 514ea2a983874eb46d5517a63e127b2503b1f9a0dc1ffa0a726e5f1dbd7559b1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References1
Circl
Circl
added 2025/07/08 3:2 p.m.8 views

CVE-2025-46334

creationtimestamp| type| source ---|---|--- 2025-07-08 15:02:11+00:00| seen| https://github.blog/open-source/git/git-security-vulnerabilities-announced-6/ 2025-07-08 15:11:31+00:00| seen| https://seclists.org/oss-sec/2025/q3/13 2025-07-08 15:56:31+00:00| seen|...

8.6CVSS6.7AI score0.00261EPSS
Exploits0References3
Circl
Circl
added 2025/06/17 6:3 p.m.15 views

CVE-2025-6018

creationtimestamp| type| source ---|---|--- 2025-06-17 18:03:49+00:00| seen| https://seclists.org/oss-sec/2025/q2/261 2025-06-18 05:02:08+00:00| seen| https://bsky.app/profile/buherator.bsky.social/post/3lrua5yfpii2g 2025-06-18 06:56:58+00:00| seen|...

7.8CVSS8.3AI score0.00957EPSS
Exploits13References58
OSV
OSV
added 2025/06/15 1:45 p.m.4 views

MAL-2025-4961 Malicious code in automated-native-creatives (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0108e88450eb534afdbdfd274f6737a7507f4a7915230a113296f63a2a2163fd Any computer that has this package installed or running should be considered...

7.2AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/11 1:21 p.m.7 views

CVE-2025-48877

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, Codepen is present in the default allowediframes site setting, and it can potentially auto-run arbitrary JS...

9.8CVSS6.7AI score0.00348EPSS
Exploits0References1
AlmaLinux
AlmaLinux
added 2025/06/09 12:0 a.m.18 views

Moderate: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 For more details about the security issues, including the impact, a CVSS...

9.1CVSS8.3AI score0.00778EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/06/05 4:9 p.m.11 views

Important: Red Hat Security Advisory: mod_security security update

An update for modsecurity is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update ...

7.5CVSS7.4AI score0.00586EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/06/03 6:14 a.m.12 views

tar-fs can extract outside the specified dir with a specific tarball

Impact v3.0.8, v2.1.2, v1.16.4 and below Patches Has been patched in 3.0.9, 2.1.3, and 1.16.5 Workarounds You can use the ignore option to ignore non files/directories. js ignore , header // pass files & directories, ignore e.g. symlinks return header.type !== 'file' && header.type !== 'directory...

8.7CVSS6.7AI score0.00474EPSS
Exploits0References6Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/05/31 3:32 p.m.7 views

Malicious code in @seo-frontend-components/card-blog-carousel-mobile (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1eaa599a9c0235a5d52b5534f4177883c03e7ae19496ef98593fadfc3a7ccef8 The OpenSSF Package Analysis project identified '@seo-frontend-components/card-blog-carousel-mobile' @ 1.999.2 npm as malicious. It is considere...

7.2AI score
Exploits0
Rows per page
Query Builder