Lucene search
K

6200 matches found

OSV
OSV
added 2026/06/17 9:34 p.m.6 views

MAL-2026-6081 Malicious code in disksweep (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a6449a8f35de848928e7f17d88c87db80e5aee40e8b53c375e07fc7d43cc05e On every import disksweep, the package's top-level src/disksweep/init.py lines 18-24 calls ctypes.CDLL on a 2.9 MB Windows binary parser.pyd shipped...

5.8AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 9:32 p.m.8 views

Malicious code in syncagents (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aebf468a6887fb09002d4ae4aceab77e347034b389b02e252844f7d0d81fabd6 The PyPI package 'syncagents' impersonates the legitimate PyPI package 'agentsync' — the README, PKG-INFO, CHANGELOG, and project URLs all point at...

5.9AI score
Exploits0References6
OSV
OSV
added 2026/06/17 9:32 p.m.18 views

MAL-2026-6083 Malicious code in syncagents (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aebf468a6887fb09002d4ae4aceab77e347034b389b02e252844f7d0d81fabd6 The PyPI package 'syncagents' impersonates the legitimate PyPI package 'agentsync' — the README, PKG-INFO, CHANGELOG, and project URLs all point at...

5.9AI score
Exploits0References6
NVD
NVD
added 2026/06/17 8:17 p.m.13 views

CVE-2026-55201

Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the downloaddir function that allows a rogue or compromised remote Windows server to write files outside the intended download directory by returning filenames with traversal sequences from Get-ChildItem...

7.4CVSS0.00304EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/17 5:25 p.m.17 views

CVE-2026-2674 Out-of-bounds Write vulnerability in RTI Connext Professional (Queueing Service,Core Libraries,Persistence Service) allows Overflow Buffers.

Out-of-bounds Write, Out-of-bounds Write, Out-of-bounds Write vulnerability in RTI Connext Professional Queueing Service,Core Libraries,Persistence Service allows Overflow Buffers, Overflow Buffers, Overflow Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 befo...

4.8CVSS0.00104EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 5:25 p.m.8 views

EUVD-2026-37757

Out-of-bounds Write, Out-of-bounds Write, Out-of-bounds Write vulnerability in RTI Connext Professional Queueing Service,Core Libraries,Persistence Service allows Overflow Buffers, Overflow Buffers, Overflow Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 befo...

4.8CVSS5.2AI score0.00104EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 5:25 p.m.10 views

CVE-2026-2674 Out-of-bounds Write vulnerability in RTI Connext Professional (Queueing Service,Core Libraries,Persistence Service) allows Overflow Buffers.

Out-of-bounds Write, Out-of-bounds Write, Out-of-bounds Write vulnerability in RTI Connext Professional Queueing Service,Core Libraries,Persistence Service allows Overflow Buffers, Overflow Buffers, Overflow Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 befo...

4.8CVSS5.3AI score0.00104EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 5:25 p.m.13 views

CVE-2026-2674

CVE-2026-2674 is an Out-of-bounds Write vulnerability in RTI Connext Professional affecting Queueing Service, Core Libraries, and Persistence Service. Affected versions are Connext Professional: 6.1.0 through before 6.1.*; 7.0.0 through before 7.3.1.3; 7.4.0 through before 7.7.0. The root cause i...

4.8CVSS5.2AI score0.00104EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:19 p.m.20 views

CVE-2026-0068

In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to local escalation of privilege if a user can install a malicious app with no additional execution...

10CVSS0.00123EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/06/17 7:38 a.m.26 views

145 Mastra npm Packages Compromised via Hijacked Contributor Account

As many as 145 npm packages associated with the Mastra namespace "@mastra/", a popular open-source JavaScript and TypeScript framework for building artificial intelligence AI applications, have been compromised as part of a software supply chain attack codenamed easy-day-js , per findings from...

6AI score
Exploits0
Cvelist
Cvelist
added 2026/06/17 6:49 a.m.27 views

CVE-2026-0068

In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to local escalation of privilege if a user can install a malicious app with no additional execution...

10CVSS0.00123EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 5:0 a.m.6 views

Malicious code in @mastra/docker (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dd2417620dd4f98c496cdb956e0e2cf1b55f25dcc57ad7a360f072acfa88ba9c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/06/17 4:55 a.m.5 views

MAL-2026-6050 Malicious code in create-mastra (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 12df16ee90f6c59f31e4b0b71f2dbf3a0b046e17ecae5e13399b69fec9f3c563 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 3:12 a.m.6 views

Malicious code in @mastra/mongodb (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 49f8ee83c01b471839bea21d7231e347b261071539611998f952f050cded4cbb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/06/17 3:12 a.m.7 views

MAL-2026-5961 Malicious code in @mastra/rag (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e9608d74e59d524d1052f6b05c8fba2b9d181452f28a012785eb80cb6764abe3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/06/17 3:12 a.m.8 views

MAL-2026-5957 Malicious code in @mastra/mongodb (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 49f8ee83c01b471839bea21d7231e347b261071539611998f952f050cded4cbb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 3:12 a.m.10 views

Malicious code in @mastra/fastembed (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c0da5948a94944695bcec24b99ac8a6b9ae7f5f31e8407f8c731379a6fda79c6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/06/17 3:12 a.m.7 views

MAL-2026-5946 Malicious code in @mastra/editor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d15cb5bd62365f9e834fc44ed65e0db2c34aae555a5068c706cc9de0567a5fc0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 3:12 a.m.6 views

Malicious code in @mastra/dynamodb (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 88f1c319acc4591df560a402378efa8b10499f62c6014e785c983eed9c256a87 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/16 9:32 p.m.8 views

OpenStack Nova: Nova scheduler hint injection bypasses Placement resource claims and scheduling constraints

Affects - Nova: =18.0.0 =32.0.0 =33.0.0 33.0.2 Description Erichen from the Institute of Computing Technology, Chinese Academy of Sciences reported that Nova's server create API does not strip internal scheduler hints. An authenticated user can bypass Placement resource claims and scheduling...

8.5CVSS5.2AI score0.00272EPSS
Exploits1References9Affected Software1
Rows per page
Query Builder