Lucene search
K

978 matches found

Chainguard
Chainguard
added last week7 views

CVE-2014-3608 vulnerabilities

Vulnerabilities for packages: openstack-nova-2025.2...

2.7CVSS5.9AI score0.0171EPSS
Exploits1
OSV
OSV
added 2026/06/30 12:0 a.m.2 views

OPENSUSE-SU-2026:11163-1 libxreaderdocument3-4.6.5-1.1 on GA media

These are all security issues fixed in the libxreaderdocument3-4.6.5-1.1 package on the GA media of openSUSE Tumbleweed...

8.4CVSS5.8AI score0.00529EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 9:10 a.m.14 views

Malicious code in dtxto1ols (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 926fc822a2a507fafa6d2e1bb02a9b2bada7d89d3042bd3f0cac0ba2fd7c1991 package.json declares a postinstall script that runs automatically on npm install. The script performs filesystem reconnaissance find / -type f...

5.8AI score
Exploits0References1
Chainguard
Chainguard
added 2026/06/16 2:17 p.m.14 views

CVE-2026-48522 vulnerabilities

Vulnerabilities for packages: netbox, openstack-placement-2025.2-fips, openstack-horizon-2025.2-fips, openstack-glance-2025.1-fips, openstack-placement-2025.1-fips, openstack-placement-2026.1, openstack-horizon-2026.1-fips, openstack-horizon-2025.1-fips, airflow-postgres-fips,...

4.2CVSS6.1AI score0.00181EPSS
Exploits1
OSV
OSV
added 2026/06/16 12:0 a.m.4 views

OPENSUSE-SU-2026:11043-1 python313-distributed-2026.6.0-1.1 on GA media

These are all security issues fixed in the python313-distributed-2026.6.0-1.1 package on the GA media of openSUSE Tumbleweed...

9.8CVSS8.3AI score0.02876EPSS
Exploits0References1
OSV
OSV
added 2026/06/11 12:0 a.m.3 views

OPENSUSE-SU-2026:10996-1 git-bug-0.10.1-6.1 on GA media

These are all security issues fixed in the git-bug-0.10.1-6.1 package on the GA media of openSUSE Tumbleweed...

6.5CVSS5.3AI score0.00295EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:29 p.m.16 views

Malicious code in gethandler-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b6925d4c07df297f8cb573df4d85a396794d8793179e7a97f2cfde3aadfcfbc On npm install, postinstall.js unconditionally sends an HTTPS GET to https://webhook.site/18dc4281-d366-438a-9186-76fbcd56ade5 carrying the installer...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:28 p.m.14 views

Malicious code in getui-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf281a31a53827497d9a24ff0602f277b568f495a00c14603c3e9bf11a30327a On npm install, postinstall.js issues an HTTPS GET to https://webhook.site/18dc4281-d366-438a-9186-76fbcd56ade5 with query parameters containing the...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/09 12:0 a.m.5 views

OPENSUSE-SU-2026:10979-1 agama-web-ui-21+360.16caae772-44.1 on GA media

These are all security issues fixed in the agama-web-ui-21+360.16caae772-44.1 package on the GA media of openSUSE Tumbleweed...

9.2CVSS5.5AI score0.00848EPSS
Exploits1References2
OSV
OSV
added 2026/06/09 12:0 a.m.6 views

OPENSUSE-SU-2026:10982-1 graphite2-1.3.15-1.1 on GA media

These are all security issues fixed in the graphite2-1.3.15-1.1 package on the GA media of openSUSE Tumbleweed...

7.3CVSS5.4AI score0.00112EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 12:0 a.m.7 views

OPENSUSE-SU-2026:10969-1 perl-IO-Compress-2.220.0-2.1 on GA media

These are all security issues fixed in the perl-IO-Compress-2.220.0-2.1 package on the GA media of openSUSE Tumbleweed...

7.3CVSS5.5AI score0.00262EPSS
Exploits0References1
OSV
OSV
added 2026/06/07 4:59 p.m.15 views

MAL-2026-5297 Malicious code in consumerweb-authflow (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector acbd81f78a40f87b410799545f06c929bc7e7c3f552eeea06254416b3b9e0977 On npm install, the package's postinstall.js collects host identifiers via os.hostname, os.userInfo.username, os.platform, and the current working...

5.4AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.13 views

PT-2026-44786

These are all security issues fixed in the libsuricata8 0 5-8.0.5-1.1 package on the GA media of openSUSE Tumbleweed...

5.8AI score0.02219EPSS
Exploits0References16
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/27 7:15 p.m.17 views

Malicious code in @polka-ui/config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 662c2a1b8ad5d264ec01b078f95c130c96398305ba009a2c2de33cc9d7db7486 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/22 3:54 p.m.9 views

CLSA-2026-1779465287 Update of tomcat

Bump leading release to maintain monotonic rpm-version ordering in the AlmaLinux 9.2 ESU update stream...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/20 7:7 p.m.20 views

GO-2026-5001 SiYuan Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution in github.com/siyuan-note/siyuan/kernel

SiYuan Bazaar marketplace renders unescaped package name and version metadata, allowing stored XSS and Electron code execution in github.com/siyuan-note/siyuan/kernel...

9CVSS6.2AI score0.00361EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.16 views

PT-2026-42383

SiYuan Bazaar marketplace renders unescaped package name and version metadata, allowing stored XSS and Electron code execution in github.com/siyuan-note/siyuan/kernel...

9CVSS6.2AI score0.00361EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/14 6:13 p.m.9 views

CVE-2026-45375 SiYuan: Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan's Bazaar community marketplace renders the name and version fields of a package's plugin.json and the equivalent theme.json / template.json / widget.json / icon.json into the Settings → Marketplace UI without HT...

9CVSS5.8AI score0.00361EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 6:13 p.m.38 views

CVE-2026-45375 SiYuan: Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan's Bazaar community marketplace renders the name and version fields of a package's plugin.json and the equivalent theme.json / template.json / widget.json / icon.json into the Settings → Marketplace UI without HT...

9CVSS0.00361EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/13 11:23 p.m.10 views

Malicious code in npmjs_solc-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b789c7234e3c391e6e2f6359d87f873205fb341c1bf186194815b16d53c7fa71 The package.json defines a postinstall lifecycle hook that invokes childprocess.exec to run curl -s...

5.7AI score
Exploits0References2
Rows per page
Query Builder