Lucene search
+L

62193 matches found

OSV
OSV
added 2026/06/19 2:46 p.m.9 views

GHSA-6RFW-MQ36-JM8H Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()

Summary The AWS Bedrock AgentCore Python SDK bedrock-agentcore is an open-source SDK that enables developers to build, deploy, and manage agents on AWS Bedrock AgentCore. An issue exists in the installpackages method of the Code Interpreter client where crafted package name arguments can bypass...

8.4CVSS6.3AI score0.00302EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2026/05/09 12:13 a.m.11 views

a-mailx (=0.1.0), ai-shell (>=0.1.0 <=1.0.4) +136 more potentially affected by CVE-2026-44897 via mistune (>=3.0.0rc5 <=3.2.0)

mistune PYPI version =3.0.0rc5, =0.1.0, =0.9.5, =3.0.0, =3.2.1b1, =1.0.1, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =0.1.0, =0.0.2, =1.0.0.1, =0.0.1, =0.0.5 and more Source cves: CVE-2026-44897 Source advisory: SNYK:PYTHON-MISTUNE-16624520...

6.1CVSS5.7AI score0.00228EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/04/03 2:36 a.m.7 views

0.app1 (=1.0.52), 0.edsql (>=1.0.49 <=1.0.50) +2520 more potentially affected by CVE-2026-34766 via electron (>=0.1.2 <=38.6.0)

electron NPM version =0.1.2, =1.0.49, =1.0.49, =1.0.49, =1.0.1, =0.0.10, =1.0.2, =1.1.11, =0.1.0, =3.0.5, =3.0.7 and more Source cves: CVE-2026-34766 Source advisory: OSV:GHSA-9899-M83M-QHPJ...

5.4CVSS5.7AI score0.00162EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/06 6:36 p.m.7 views

@igea/oac_backend (>=1.0.35 <=1.0.115), @igea/oac_frontend (>=1.0.31 <=1.0.111) +12 more potentially affected by CVE-2026-30827 via express-rate-limit (=8.1.0)

express-rate-limit NPM version =8.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on express-rate-limit and may be impacted: - @igea/oacbackend =1.0.35, =1.0.31, =7.0.0, =2.0.0-test.19, =0.1.0, =0.29.0, =0.16.0, =0.42.0, =0.27.0, =0.42.0, =0.70.0,...

7.5CVSS5.7AI score0.00455EPSS
Exploits1
NVD
NVD
added 2026/03/05 10:16 p.m.14 views

CVE-2026-28447

OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.1 contain a path traversal vulnerability in plugin installation that allows malicious plugin package names to escape the extensions directory. Attackers can craft scoped package names containing path traversal sequences like .. to write files...

8.1CVSS0.00355EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/05 9:59 p.m.6 views

EUVD-2026-9897

OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.1 contain a path traversal vulnerability in plugin installation that allows malicious plugin package names to escape the extensions directory. Attackers can craft scoped package names containing path traversal sequences like .. to write files...

7.5CVSS5.9AI score0.00355EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/05 9:59 p.m.3 views

CVE-2026-28447 OpenClaw 2026.1.29-beta.1 < 2026.2.1 - Path Traversal in Plugin Installation via Package Name

OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.1 contain a path traversal vulnerability in plugin installation that allows malicious plugin package names to escape the extensions directory. Attackers can craft scoped package names containing path traversal sequences like .. to write files...

8.1CVSS5.8AI score0.00355EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/05 9:59 p.m.34 views

CVE-2026-28447 OpenClaw 2026.1.29-beta.1 < 2026.2.1 - Path Traversal in Plugin Installation via Package Name

OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.1 contain a path traversal vulnerability in plugin installation that allows malicious plugin package names to escape the extensions directory. Attackers can craft scoped package names containing path traversal sequences like .. to write files...

8.1CVSS0.00355EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/05 9:59 p.m.4 views

CVE-2026-28447

OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.1 contain a path traversal vulnerability in plugin installation that allows malicious plugin package names to escape the extensions directory. Attackers can craft scoped package names containing path traversal sequences like .. to write files...

7.5CVSS5.9AI score0.00355EPSS
Exploits0References4
CVE
CVE
added 2026/03/05 9:59 p.m.13 views

CVE-2026-28447

OpenClaw 2026.1.29-beta.1 contains a path traversal flaw in plugin installation that lets crafted package names escape the extensions directory and write files outside the intended area when running the plugins install command. This affects OpenClaw versions prior to 2026.2.1. The issue is a high...

8.1CVSS5.9AI score0.00355EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.8 views

PT-2026-23526

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.1.20 through 2026.2.1 Description The software’s plugin installation process does not properly validate plugin package names, allowing attackers to write files outside the intended installation directory. Specifically,...

9.3CVSS5.8AI score0.00355EPSS
Exploits0References9
NVD
NVD
added 2026/02/06 10:16 p.m.10 views

CVE-2026-25764

OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an HTML injection vulnerability occurs in the time tracking function of OpenProject. The application does not escape HTML tags, an attacker with administrator privileges can create a work...

3.5CVSS0.00241EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.16 views

PT-2026-6806

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 16.6.7 OpenProject versions prior to 17.0.3 Description OpenProject is a web-based project management software. A flaw exists in the time tracking function where the application fails to properly handle HTML tags...

3.5CVSS5.7AI score0.00241EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.5 views

Malicious code in promise-jovian-cli-nightwatch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce7920e2648fd98b014ba6e5691d3aaa8d488968c54a9a951d7f0f09354f62de This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.7 views

Malicious code in singularity-kuiperbelt-loopback-fermiparadox (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f1afa76f7fe37851e702aa99f703e08b3365b03f94bca78843a30a75678da27 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in delphinus-tool-sync-geckodriver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 309471f78b1f61e3fba41e092a36d4ae761dc2439a6686d82cea711c93a982ed This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.5 views

Malicious code in polaris-juno-taphonomy-membrane (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57aadb0c6fc2fa048e9640b5186c58a3bf3c7e138f166b104d24916c8d7d6286 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.7 views

Malicious code in zephyr-mongodb-wavefunction-pm2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb6455e842bfed2e45795b6fa4955bfa999151b2b9d2cf8678f31179f7a042f6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in entanglement-pino-lint-innercore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5bae11fcd1d834d151b4d2a4fabd47aea93d666ed6b8a38c767ddbcfe35e8ab8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.4 views

Malicious code in oauth-zenobia-mechatronics-sirius (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09a302ded4491038396a7065140b8b3fd0cb60afdd87d680b8a4d45bbf1a26e8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
Rows per page
Query Builder