Lucene search
+L

26 matches found

OSV
OSV
added 2026/03/07 9:17 a.m.4 views

MAL-2026-1278 Malicious code in chat-xdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e1f6d17089af4d8a0d8ab4b5ab9398a250b54d8d605c178080a7f275a6ab4687 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/03 4:5 p.m.10 views

Malicious code in telstra (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e6ff467569b104f23ebbdc6ef58dec14795aaf14548185bd3b31886ecd9b8003 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.5AI score
Exploits0References1
OSV
OSV
added 2025/11/14 5:22 p.m.5 views

MAL-2025-191791 Malicious code in minemeld-core (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dfe7b8c00b3748b3fe38ffdf3bd69558abb58091ee3347d47003929976ceb457 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.2AI score
Exploits0References1
OSV
OSV
added 2025/07/04 9:57 a.m.17 views

MAL-2025-191733 Malicious code in fonafx (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9441463f029726ea263225e9b0092d82b049e2d7a4e059becd24f5e23c70a906 Series of packages mostly with an obfuscated infostealer attempting to collect Chrome data. While discord webhook is usually set to an example, there are other...

7.2AI score
Exploits0References1
NVD
NVD
added 2024/04/16 12:15 a.m.18 views

CVE-2024-1646

parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized...

8.2CVSS8.3AI score0.00701EPSS
Exploits1References2
Spring Security Advisories
Spring Security Advisories
added 2024/04/16 12:0 a.m.42 views

Spring Framework 6.2.0-M1: Overriding Beans in Tests

Spring Framework 6.2.0-M1 has been released, including changes that resolve more than one hundred issues. Among those are a range of new features in Spring's testing support. In this post, I’d like to walk you through one of these new testing features: Bean Overriding support. The previous state ...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2024/01/23 11:30 a.m.20 views

Rayder - A Lightweight Tool For Orchestrating And Organizing Your Bug Hunting Recon / Pentesting Command-Line Workflows

Rayder is a command-line tool designed to simplify the orchestration and execution of workflows. It allows you to define a series of modules in a YAML file, each consisting of commands to be executed. Rayder helps you automate complex processes, making it easy to streamline repetitive modules and...

8AI score
Exploits0References2
OSV
OSV
added 2023/12/15 2:45 a.m.38 views

GHSA-F6GV-HH8J-Q8VQ Named path parameters can be overridden in TrieRouter

Impact The clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources. TrieRouter is used either explicitly or when the application matche...

4.2CVSS4.5AI score0.00638EPSS
Exploits1References5
Code423n4
Code423n4
added 2023/05/22 12:0 a.m.8 views

JBXBuybackDelegate swap pathway always reverts unless slippage is set to 100%

Lines of code Vulnerability details Impact The swap pathway will never work and it will revert due to a validation error unless the user specifies a slippage of 100%. This would be extremely harmful as it would let users be targeted by MEV bots. Proof of Concept This is the pathway to payParams:...

6.6AI score
Exploits0
NVD
NVD
added 2021/10/05 9:15 p.m.30 views

CVE-2021-41120

sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the payment page done after checkout was created with autoincremented payment id /pay-with-paypal/id and therefore it was easy to predict. The problem is that the Credit card form has...

7.5CVSS0.01493EPSS
Exploits0References3
OSV
OSV
added 2021/09/28 11:17 a.m.2 views

SUSE-SU-2021:3244-1 Security update for shibboleth-sp

This update for shibboleth-sp fixes the following issues: - Template generation allows external parameters to override placeholders bsc1184222...

7.1AI score
Exploits0References2
Veracode
Veracode
added 2021/07/26 9:26 a.m.35 views

Denial Of Service (DoS)

curl is vulnerable to denial of service. The SSL backend fails to secure the CURLOPTSSLCERT against current directory file overriding the keychain nickname specified, potentially resulting in the overriding the CURLOPTSSLCERT specified certificate and thus causing denial of service...

7.5CVSS2.8AI score0.0982EPSS
Exploits1References16Affected Software2
RedHat Linux
RedHat Linux
added 2020/09/30 6:42 a.m.128 views

Important: Red Hat Security Advisory: firefox security and bug fix update

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

9.3CVSS6.9AI score0.01961EPSS
Exploits0References14
RedHat Linux
RedHat Linux
added 2020/08/26 10:11 a.m.85 views

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

9.3CVSS7AI score0.01938EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2020/08/26 12:0 a.m.46 views

RHEL 8 : firefox (RHSA-2020:3559)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3559 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

9.3CVSS8AI score0.01938EPSS
Exploits0References22
Tenable Nessus
Tenable Nessus
added 2020/08/26 12:0 a.m.33 views

RHEL 8 : firefox (RHSA-2020:3555)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3555 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

9.3CVSS8AI score0.01938EPSS
Exploits0References22
BDU FSTEC
BDU FSTEC
added 2020/08/19 12:0 a.m.5 views

The vulnerability in the implementation of the grub_script_function_create() function of the Grub2 operating system allows a perpetrator to gain access to confidential data, affect the integrity of the data, and cause service failures.

The vulnerability of the grubscriptfunctioncreate function, which is part of the Grub2 operating system loader, stems from an error in function overriding. This function is already being executed. Exploiting this vulnerability could allow a perpetrator to access confidential data, compromise data...

5.9CVSS6.8AI score0.00977EPSS
Exploits0References14Affected Software6
Prion
Prion
added 2020/01/23 3:15 a.m.11 views

Code injection

In Secure Headers RubyGem secureheaders, a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a semicolon could be injected leading to directive injection. This could be us...

5CVSS6AI score0.01814EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/01/06 12:0 a.m.75 views

Fedora 31 : php (2019-a54a622670)

PHP version 7.3.13 18 Dec 2019 Bcmath: - Fixed bug php78878 Buffer underflow in bcshiftaddsub. CVE-2019-11046. cmb Core: - Fixed bug php78862 link silently truncates after a null byte on Windows. CVE-2019-11044. cmb - Fixed bug php78863 DirectoryIterator class silently truncates after a null byte...

9.8CVSS6.9AI score0.08818EPSS
Exploits5References7
Kitploit
Kitploit
added 2019/05/29 10:4 p.m.166 views

Wpbullet - A Static Code Analysis For WordPress (And PHP)

A static code analysis for WordPress Plugins/Themes and PHP Installation Simply clone the repository, install requirements and run the script $ git clone https://github.com/webarx-security/wpbullet wpbullet $ cd wpbullet $ pip install -r requirements.txt $ python wpbullet.py Usage Available...

7.4AI score
Exploits0References1
Rows per page
Query Builder