Lucene search
K

798 matches found

NVD
NVD
added 2026/07/01 3:16 p.m.8 views

CVE-2026-12374

Improper certificate validation and a time-of-check time-of-use TOCTOU race condition in the PrivilegedHelperTool XPC service in Cato Client before v.5.13.1 on macOS allows a local authenticated attacker to escalate privileges to root via a self-signed certificate that bypasses the XPC caller...

7.3CVSS0.00055EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 2:7 p.m.39 views

CVE-2026-12374

CVE-2026-12374 affects the macOS PrivilegedHelperTool in Cato Client prior to v5.13.1. The issue combines improper XPC caller certificate validation with a TOCTOU race, allowing a local authenticated attacker to escalate to root by using a self-signed certificate that bypasses XPC caller verifica...

7.3CVSS5.8AI score0.00055EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 2:7 p.m.6 views

CVE-2026-12374

Improper certificate validation and a time-of-check time-of-use TOCTOU race condition in the PrivilegedHelperTool XPC service in Cato Client before v.5.13.1 on macOS allows a local authenticated attacker to escalate privileges to root via a self-signed certificate that bypasses the XPC caller...

7.3CVSS5.8AI score0.00055EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/24 11:4 p.m.10 views

MAL-2026-6423 Malicious code in leo-connector-elasticsearch (npm)

The leo-connector-elasticsearch npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...

6AI score
Exploits0References3
NVD
NVD
added 2026/06/23 4:17 p.m.9 views

CVE-2026-56402

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role authorization. Attackers with a valid questionId can approve or reject privileged actions like package installation by submitting approval response...

7.1CVSS0.00213EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/22 2:39 p.m.7 views

CVE-2026-42089

A flaw was found in Yeoman Environment. This vulnerability allows an attacker to install arbitrary packages and execute code during command-line interface CLI bootstrap. This occurs because the software installs missing local generator packages from caller-supplied names without user confirmation...

8.6CVSS6.1AI score0.00139EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/06/16 4:15 p.m.30 views

CVE-2026-42089 yeoman-environment Vulnerable to Arbitrary Package Installation without User Confirmation

Yeoman Environment provides an API to discover, create, and run generators, and to configure where and how a generator is resolved. Versions 2.9.0 through 6.0.0 install missing local generator packages from caller-supplied package names without user confirmation. In downstream consumers that pass...

8.6CVSS0.00139EPSS
Exploits1References3
CVE
CVE
added 2026/06/16 4:15 p.m.25 views

CVE-2026-42089

The CVE concerns yeoman-environment. Vulnerable versions 2.9.0 through 6.0.0 install missing local generator packages from attacker-controlled names without user confirmation, via installLocalGenerators() calling repository.install(). This can cause arbitrary package installation and code executi...

8.6CVSS5.9AI score0.00139EPSS
Exploits1References3
OSV
OSV
added 2026/06/16 4:15 p.m.5 views

CVE-2026-42089 yeoman-environment Vulnerable to Arbitrary Package Installation without User Confirmation

Yeoman Environment provides an API to discover, create, and run generators, and to configure where and how a generator is resolved. Versions 2.9.0 through 6.0.0 install missing local generator packages from caller-supplied package names without user confirmation. In downstream consumers that pass...

8.6CVSS6.4AI score0.00139EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.10 views

RHEL 7 : PackageKit (RHSA-2026:22146)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:22146 advisory. PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architectu...

8.8CVSS5.7AI score0.0046EPSS
Exploits10References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.18 views

Malicious code in awaitly-libsql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b990b0b3ddf0eb2fbfe64fc70090459960085e3268df5cbdd1a86f958f69448e No concrete installer-harm signals were identified in this package version. The package name combines 'awaitly' and 'libsql' a well-known SQLite-fork...

6.1AI score
Exploits0References26
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.18 views

Malicious code in autotel-aws (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e356eee42d8cb9a80967237c11de3358548389fe2e413f1bbc3fae630c7d28f8 No concrete installer-harm signals were identified in this package version. No lifecycle hooks fetching external code, no credential-path reads, no...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.16 views

Malicious code in autotel-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f318ba7cb2f7115530a39f61c409a81a0f2bf94aa552e4a0ac6a0b21570b822 No concrete installer-harm signals were identified for this package version. Coverage of the package contents was partial, so a definitive...

6AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.17 views

Malicious code in autotel-subscribers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 374da77433b452664266e009188064316b6defdcb0ee4b7e391a158a0a5ca6bf No concrete installer-harm signals were identified in this version of autotel-subscribers. There is no observed lifecycle script fetching remote...

6.1AI score
Exploits0References31
OSV
OSV
added 2026/06/05 12:53 a.m.15 views

MAL-2026-5199 Malicious code in @ethlete/contentful (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a13fdab1eac9b66fa0d57b62cbd19dfb84616946491165e61b6fd62692441ca The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.2AI score
Exploits0References3
OSV
OSV
added 2026/06/05 12:53 a.m.12 views

MAL-2026-5223 Malicious code in autotel-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2bbb2ac2e6e954090b85e740a9a10a8267429800107690dfbde310c0b3d9fc7 Pattern-based matches fired on the strings 'ping' and 'POST' co-occurring in the package's bundled output dist/index.cjs, dist/index.js,...

6.2AI score
Exploits0References31
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.21 views

Malicious code in @forjacms/sections (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c21dd7e7453f68aa7240f5ec40de3a37683b0a9655d0218a094c528e042766f The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.1AI score
Exploits0References4
OSV
OSV
added 2026/06/05 12:53 a.m.9 views

MAL-2026-5267 Malicious code in wrangler-deploy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d2085fa4916157b99799df085aa11e3d29bdb9a47f5798c85375b1bfdf8bd7e Package name wrangler-deploy is close to Cloudflare's official wrangler CLI, which raises confusion-risk concerns for developers who may install it...

6.2AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/01 2:57 a.m.14 views

Important: Red Hat Security Advisory: PackageKit security update

An update for PackageKit is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

8.8CVSS5.9AI score0.0046EPSS
Exploits10References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/30 2:47 p.m.17 views

Malicious code in crypto-helper (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bbb379240ef7e43770f6dab576919fa97bd23ffbb8d3e39b31fd656649335fd7 During installation, the code tamper with security settings and downloads and executes malicious executable. --- Category: MALICIOUS - The campaign has clearly...

6AI score
Exploits0References2
Rows per page
Query Builder