Lucene search
K

286 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/13 12:0 a.m.15 views

Malicious code in ms-graph-types (npm)

Two malicious npm packages published by the micresoft account typosquatting "microsoft" are part of a coordinated supply chain attack sharing identical infrastructure with packages published by the superbase account. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/05/13 12:0 a.m.7 views

MAL-2026-3651 Malicious code in ms-graph-types (npm)

Two malicious npm packages published by the micresoft account typosquatting "microsoft" are part of a coordinated supply chain attack sharing identical infrastructure with packages published by the superbase account. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/13 12:0 a.m.13 views

Malicious code in supabase-javascript (npm)

Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/05/13 12:0 a.m.9 views

MAL-2026-3650 Malicious code in microsoft-applicationinsights-common (npm)

Two malicious npm packages published by the micresoft account typosquatting "microsoft" are part of a coordinated supply chain attack sharing identical infrastructure with packages published by the superbase account. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at...

6AI score
Exploits0References2
OSV
OSV
added 2026/05/13 12:0 a.m.11 views

MAL-2026-3648 Malicious code in auth-javascript (npm)

Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/05/13 12:0 a.m.5 views

MAL-2026-3649 Malicious code in iceberg-javascript (npm)

Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...

5.9AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/06 11:28 a.m.5 views

CVE-2026-43233

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackh323: fix OOB read in decodechoice In decodechoice, the boundary check before getlen uses the variable len, which is still 0 from its initialization at the top of the function: unsigned int type, ext, len = ...

5.8AI score0.00463EPSS
Exploits0References9Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/04 9:49 a.m.10 views

CVE-2026-6527

A flaw was found in Wireshark, a network protocol analyzer. A local user could be affected by this vulnerability if they open a specially crafted capture file containing malformed ASN.1 PER Abstract Syntax Notation One Packed Encoding Rules protocol data. This could lead to a crash of the Wiresha...

5.5CVSS5.7AI score0.00125EPSS
Exploits1References5
CVE
CVE
added 2026/04/30 5:35 a.m.30 views

CVE-2026-6527

The CVE-2026-6527 issue affects Wireshark’s ASN.1 PER protocol dissector, with crashes observed in Wireshark versions 4.6.0–4.6.4 and 4.4.0–4.4.14 that can lead to a denial of service. The root cause is described as an uncontrolled recursion in the dissector, though explicit technical details (e....

5.5CVSS5.2AI score0.00125EPSS
Exploits1References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/30 5:35 a.m.9 views

CVE-2026-6527

ASN.1 PER protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

5.5CVSS5.8AI score0.00125EPSS
Exploits1References2
Amazon
Amazon
added 2026/04/30 12:0 a.m.7 views

Medium: perl-Net-CIDR-Lite

Issue Overview: Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. packipv6 does not check that uncompressed IPv6 addresses without :: have exactly 8 hex groups. Inputs like "abcd", "1:2:3", or "1:2:3:4:5:6:7" are accepted and produce...

7.5CVSS6.4AI score0.00309EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.10 views

Wireshark 安全漏洞

Wireshark is a set of network packet analysis tools developed by the Wireshark team. The software’s function is to capture network packets and display detailed data for analysis. Versions of Wireshark from 4.6.0 to 4.6.4, as well as 4.4.0 to 4.4.14, have security vulnerabilities. These...

5.5CVSS5.8AI score0.00125EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.3 views

Amazon Linux 2023 : perl-Net-CIDR-Lite (ALAS2023-2026-1624)

"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1624 advisory. Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. packipv6 does not check that uncompressed IPv6 addresses without :: have exact...

7.5CVSS5.8AI score0.00309EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/21 7:43 p.m.34 views

CVE-2026-40903 Goshs - ArtiPACKED Vulnerability – GitHub Actions Credential Persistence

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerability. ArtiPACKED can lead to leakage of the GITHUBTOKEN through workflow artifacts, even though the token is not present in the repository source code. This vulnerability is fixed in 2.0.0-beta.6...

9.1CVSS0.00245EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.16 views

PT-2026-34060

Name of the Vulnerable Software and Affected Versions goshs versions prior to 2.0.0-beta.6 Description goshs is a SimpleHTTPServer written in Go. An ArtiPACKED issue allows the leakage of the GITHUB TOKEN through workflow artifacts, even when the token is not included in the repository source cod...

9.1CVSS5.8AI score0.00245EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/14 11:25 p.m.6 views

SUSE CVE-2026-40198

Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. packipv6 does not check that uncompressed IPv6 addresses without :: have exactly 8 hex groups. Inputs like "abcd", "1:2:3", or "1:2:3:4:5:6:7" are accepted and produce packed values of...

6.5CVSS5.8AI score0.00309EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/13 7:25 p.m.7 views

CVE-2026-40198

Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. packipv6 does not check that uncompressed IPv6 addresses without :: have exactly 8 hex groups. Inputs like "abcd", "1:2:3", or "1:2:3:4:5:6:7" are accepted and produce packed values of...

7.5CVSS5.8AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/13 7:25 p.m.4 views

CVE-2026-40199

Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. packipv6 includes the sentinel byte from packipv4 when building the packed representation of IPv4 mapped addresses like ::ffff:192.168.1.1. This produces an 18 byte value instead of...

6.5CVSS5.8AI score0.00307EPSS
Exploits0References1
NVD
NVD
added 2026/04/10 10:16 p.m.4 views

CVE-2026-40199

Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. packipv6 includes the sentinel byte from packipv4 when building the packed representation of IPv4 mapped addresses like ::ffff:192.168.1.1. This produces an 18 byte value instead of...

6.5CVSS0.00307EPSS
Exploits0References3
CVE
CVE
added 2026/04/10 9:49 p.m.40 views

CVE-2026-40199

CVE-2026-40199 affects Net::CIDR::Lite before 0.23 for Perl. The bug: _pack_ipv6() incorrectly reuses the IPv4 sentinel byte when encoding IPv4-mapped IPv6 addresses (::ffff: x.x.x.x), producing an 18-byte packed value instead of 17. This mislength misaligns the IPv4 part and breaks mask operatio...

6.5CVSS5.8AI score0.00307EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder