Lucene search
K

62192 matches found

vulnersOsv
vulnersOsv
added 2026/05/09 12:13 a.m.9 views

a-mailx (=0.1.0), ai-shell (>=0.1.0 <=1.0.4) +136 more potentially affected by CVE-2026-44897 via mistune (>=3.0.0rc5 <=3.2.0)

mistune PYPI version =3.0.0rc5, =0.1.0, =0.9.5, =3.0.0, =3.2.1b1, =1.0.1, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =0.1.0, =0.0.2, =1.0.0.1, =0.0.1, =0.0.5 and more Source cves: CVE-2026-44897 Source advisory: SNYK:PYTHON-MISTUNE-16624520...

6.1CVSS5.7AI score0.00228EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/04/03 2:36 a.m.7 views

0.app1 (=1.0.52), 0.edsql (>=1.0.49 <=1.0.50) +2520 more potentially affected by CVE-2026-34766 via electron (>=0.1.2 <=38.6.0)

electron NPM version =0.1.2, =1.0.49, =1.0.49, =1.0.49, =1.0.1, =0.0.10, =1.0.2, =1.1.11, =0.1.0, =3.0.5, =3.0.7 and more Source cves: CVE-2026-34766 Source advisory: OSV:GHSA-9899-M83M-QHPJ...

5.4CVSS5.7AI score0.00162EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/06 6:36 p.m.7 views

@igea/oac_backend (>=1.0.35 <=1.0.115), @igea/oac_frontend (>=1.0.31 <=1.0.111) +12 more potentially affected by CVE-2026-30827 via express-rate-limit (=8.1.0)

express-rate-limit NPM version =8.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on express-rate-limit and may be impacted: - @igea/oacbackend =1.0.35, =1.0.31, =7.0.0, =2.0.0-test.19, =0.1.0, =0.29.0, =0.16.0, =0.42.0, =0.27.0, =0.42.0, =0.70.0,...

7.5CVSS5.7AI score0.00455EPSS
Exploits1
NVD
NVD
added 2026/03/05 10:16 p.m.12 views

CVE-2026-28447

OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.1 contain a path traversal vulnerability in plugin installation that allows malicious plugin package names to escape the extensions directory. Attackers can craft scoped package names containing path traversal sequences like .. to write files...

8.1CVSS0.00355EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/05 9:59 p.m.3 views

CVE-2026-28447 OpenClaw 2026.1.29-beta.1 < 2026.2.1 - Path Traversal in Plugin Installation via Package Name

OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.1 contain a path traversal vulnerability in plugin installation that allows malicious plugin package names to escape the extensions directory. Attackers can craft scoped package names containing path traversal sequences like .. to write files...

8.1CVSS5.8AI score0.00355EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/05 9:59 p.m.5 views

EUVD-2026-9897

OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.1 contain a path traversal vulnerability in plugin installation that allows malicious plugin package names to escape the extensions directory. Attackers can craft scoped package names containing path traversal sequences like .. to write files...

7.5CVSS5.9AI score0.00355EPSS
Exploits0References3
CVE
CVE
added 2026/03/05 9:59 p.m.8 views

CVE-2026-28447

OpenClaw 2026.1.29-beta.1 contains a path traversal flaw in plugin installation that lets crafted package names escape the extensions directory and write files outside the intended area when running the plugins install command. This affects OpenClaw versions prior to 2026.2.1. The issue is a high...

8.1CVSS5.9AI score0.00355EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/05 9:59 p.m.29 views

CVE-2026-28447 OpenClaw 2026.1.29-beta.1 < 2026.2.1 - Path Traversal in Plugin Installation via Package Name

OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.1 contain a path traversal vulnerability in plugin installation that allows malicious plugin package names to escape the extensions directory. Attackers can craft scoped package names containing path traversal sequences like .. to write files...

8.1CVSS0.00355EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/05 9:59 p.m.4 views

CVE-2026-28447

OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.1 contain a path traversal vulnerability in plugin installation that allows malicious plugin package names to escape the extensions directory. Attackers can craft scoped package names containing path traversal sequences like .. to write files...

7.5CVSS5.9AI score0.00355EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.3 views

PT-2026-23526

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.1.20 through 2026.2.1 Description The software’s plugin installation process does not properly validate plugin package names, allowing attackers to write files outside the intended installation directory. Specifically,...

9.3CVSS5.8AI score0.00355EPSS
Exploits0References9
NVD
NVD
added 2026/02/06 10:16 p.m.6 views

CVE-2026-25764

OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an HTML injection vulnerability occurs in the time tracking function of OpenProject. The application does not escape HTML tags, an attacker with administrator privileges can create a work...

3.5CVSS0.00241EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.13 views

PT-2026-6806

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 16.6.7 OpenProject versions prior to 17.0.3 Description OpenProject is a web-based project management software. A flaw exists in the time tracking function where the application fails to properly handle HTML tags...

3.5CVSS5.7AI score0.00241EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.5 views

Malicious code in vortex-husky-sqlite-exobiology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90045f94e1d9d66252d467fa18357ac19aac151e5ea708173e4ac15adc8779ef This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.5 views

Malicious code in winston-kinetic-zenith-corvus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 33aea94bfb56e0007d05b76e2fd4429326a2eba7c08d4c4190df4b030c654c44 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.4 views

Malicious code in global-upgrade-wolf-betelgeuse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f36eabf70e6a0498bc947c1d4011bf05f67eb39c3e4010c7ab28a2b04e317f4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.8 views

Malicious code in nextjs-shelljs-centaurus-singularity (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c55363b3a5905f100f53657d0b726caa73dfb097b64c18ebd0409751dc343854 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.7 views

Malicious code in sagitta-shelljs-halley-grunt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c27d14c78f0650cc9e36a6a09704b5376e65f49f575b3bcc650e67f28f0dbb37 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.2 views

Malicious code in kronos-phoebe-kronos-elektra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5dc25b80229005403d5a869b7a5ab665719bb0043973fc6000c8f42696c5c624 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.4 views

Malicious code in callback-xanthus-astrochemistry-quantum-computing (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e74905ae15aeed1f45edc675826a313007486a970d1f7ff6229b2fcc6ec21d4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.8 views

Malicious code in miranda-postcss-blitz-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea79ab04fc3a6ac4cbf5514fff31c3ed5fba441933ff5d9a861ea695d6fed4eb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
Rows per page
Query Builder