Lucene search
K

2825 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago13 views

Malicious code in polymarket-kelly-math-stake (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2cf5ba9cd75b1a773e3a04e6eb45778894e04fd1d55b2e8ad03ae97deb41d16 [email protected] runs a postinstall script scripts/install-check.cjs that fetches a JSON config from...

6.3AI score
Exploits0References2
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-56813 Cookie attribute injection in Plug.Conn.Cookies.encode/2

Improper Neutralization of Parameter/Argument Delimiters vulnerability in elixir-plug plug allows an attacker to inject or override HTTP cookie attributes. The Plug.Conn.Cookies.encode/2 function in lib/plug/conn/cookies.ex builds the Set-Cookie response header by interpolating the cookie value a...

2.1CVSS0.00146EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago8 views

Malicious code in qlinforge (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 713a696ce725031aab16903d7a29c80611a4c4368c7e35bacf29069a3581c602 setup.py registers a custom install command that, on Linux, downloads an opaque binary from http://115.190.124.243:9090/payloadlinuxamd64 to...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago8 views

Malicious code in playwrightr (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e165b925f82629524e611c81597c32a171df7cec246dc73f268d8192ccbe2c5 setup.py registers a CustomInstallCommand that runs automatically on pip install under Windows. It uses WinHTTP via ctypes to fetch a binary from...

6.1AI score
Exploits0References5
NVD
NVD
added 6 days ago5 views

CVE-2026-58251

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user with subscription deny permissions could bypass a plain subject deny rule by using a queue subscription, because queue-specific deny...

6.5CVSS0.00488EPSS
Exploits0References7
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-59261 OpenClaw < 2026.5.28 - Credential Override via Workspace Dotenv Files

OpenClaw before 2026.5.28 contains a credential exposure vulnerability where workspace dotenv files can override provider credentials. Attackers with lower-trust access to configured input paths can expose sensitive data and credentials that should remain within trusted boundaries...

8.4CVSS0.00192EPSS
Exploits0References2
CVE
CVE
added 6 days ago11 views

CVE-2026-59261

OpenClaw vulnerable before version 2026.5.28 due to a credential exposure where workspace dotenv files can override provider credentials. The issue allows attackers with lower-trust access to configured input paths to exfiltrate sensitive data and credentials meant for trusted boundaries. There i...

8.4CVSS6AI score0.00192EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 6 days ago4 views

CVE-2026-49098

A flaw was found in the Apache Camel Kafka Component. A remote attacker can exploit an improper input validation vulnerability by manipulating specific Kafka headers, such as kafka.OVERRIDETOPIC, when an HTTP consumer bridges into a Kafka producer. This allows the attacker to redirect messages to...

6.5CVSS6AI score0.00385EPSS
Exploits0References4
CVE
CVE
added last week12 views

CVE-2026-54601

CVE-2026-54601 affects FastGPT up to 4.15.0-beta4, where an authenticated tenant user can abuse POST /api/core/dataset/collection/create/reTrainingCollection to persist a server-owned datasetId from another tenant. This yields mixed dataset objects and downstream endpoints (dataset, collection, a...

6.3CVSS6AI score0.00246EPSS
Exploits0References4
NVD
NVD
added 2026/07/07 7:16 p.m.12 views

CVE-2026-48954

Improper validation leads to a generic XSS vector in the language override feature...

8.4CVSS0.00147EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/07 5:29 p.m.7 views

CVE-2026-48954

Improper validation leads to a generic XSS vector in the language override feature...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/07 5:29 p.m.34 views

CVE-2026-48954 Joomla! Core - [20260708] - XSS through language overrides

Improper validation leads to a generic XSS vector in the language override feature...

8.4CVSS0.00147EPSS
Exploits0References1
CVE
CVE
added 2026/07/07 5:29 p.m.12 views

CVE-2026-48954

CVE-2026-48954 affects Joomla! Core - Language Overrides. Root cause: improper validation allows a generic XSS in the language override feature. Impact per sources: high-severity issue (CVSS 4.0 base 8.4) with network access, requiring high privileges and passive user interaction; confidentiality...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/07/07 5:29 p.m.5 views

EUVD-2026-42059

Improper validation leads to a generic XSS vector in the language override feature...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.7 views

PT-2026-56227

Name of the Vulnerable Software and Affected Versions Joomla! Core affected versions not specified Description Improper validation in the language override feature allows for a generic Cross-Site Scripting XSS vector. XSS is a type of security flaw where malicious scripts are injected into truste...

8.4CVSS6.1AI score0.00147EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/06 9:36 a.m.32 views

CVE-2026-46588 Apache Camel: CouchDB: Non-Camel-prefixed Exchange headers bypass HeaderFilterStrategy allowing operation override from untrusted input

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue...

0.00399EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 9:35 a.m.34 views

CVE-2026-46587 Apache Camel: Couchbase: Non-Camel-prefixed Exchange headers bypass HeaderFilterStrategy allowing operation override from untrusted input

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue...

0.00399EPSS
Exploits0References1
NVD
NVD
added 2026/07/06 9:16 a.m.12 views

CVE-2026-49086

Improper Input Validation, Unintended Proxy or Intermediary 'Confused Deputy' vulnerability in Apache Camel DAPR component. The camel-dapr Dapr Pub/Sub consumer DaprPubSubConsumer copied two fields from each inbound CloudEvent - its Pub/Sub component name and its topic - into the...

6.5CVSS0.00426EPSS
Exploits0References2
NVD
NVD
added 2026/07/06 9:16 a.m.9 views

CVE-2026-49098

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel Kafka Component. The camel-kafka producer can override its configured target topic at runtime from the kafka.OVERRIDETOPIC Exchange header:...

5.3CVSS0.00385EPSS
Exploits0References2
NVD
NVD
added 2026/07/06 9:16 a.m.11 views

CVE-2026-49099

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Salesforce Component. The camel-salesforce producer resolves its operation parameters - the SOQL query, the SOSL search,...

5.3CVSS0.00341EPSS
Exploits0References2
Rows per page
Query Builder