Lucene search
K

25 matches found

OSV
OSV
added 2026/05/12 12:2 a.m.12 views

MAL-2026-3489 Malicious code in @tanstack/start-plugin-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 49b587e79343875d24fc89fcc4df1fd24b25a111762b0a043ae2d01c30e34db5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
vulnersOsv
vulnersOsv
added 2026/05/11 9:0 p.m.9 views

@ardeora/start-devtools (>=1.0.0 <=1.0.1), @carvajalconsultants/headstart (>=1.0.0 <=1.0.2) +23 more potentially affected by CVE-2026-45321 via @tanstack/start-plugin-core (>=1.121.0-alpha.28 <=1.169.20)

@tanstack/start-plugin-core NPM version =1.121.0-alpha.28, =1.0.0, =1.0.0, =0.1.1, =1.20.3-alpha.1, =1.111.10, =1.121.23, =0.0.1, =1.20.3-alpha.1, =1.114.29, =1.121.23, =1.97.4, =1.111.10, =1.141.0, =0.3.0, =0.7.0 and more Source cves: CVE-2026-45321 Source advisory:...

9.6CVSS7.5AI score0.02342EPSS
Exploits3
Veracode
Veracode
added 2026/04/11 5:33 a.m.7 views

Authentication Bypass

ajenti.plugin.core is vulnerable to Authentication Bypass. The vulnerability is due to improper enforcement of password authentication when 2FA is enabled, which allows an attacker to bypass login controls and gain unauthorized access...

9.3CVSS5.8AI score0.00329EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/04/10 7:54 p.m.3 views

GHSA-8647-755Q-FW9P ajenti.plugin.core has race conditions in 2FA

Impact If the 2FA was activated, it was possible during a short moment after the authentication of an user to bypass its authentication. Patches This is fixed in the version 0.112. Users should upgrade to this version as soon as possible...

9.1CVSS5.8AI score0.00232EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/10 7:54 p.m.7 views

Race Condition

Overview ajenti.plugin.core is a Core Affected versions of this package are vulnerable to Race Condition in the 2FA authentication. An attacker can gain unauthorized access by exploiting a timing issue immediately after user authentication, allowing them to bypass intended security checks...

9.1CVSS5.8AI score0.00232EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/10 7:54 p.m.5 views

EUVD-2026-21577

ajenti.plugin.core has race conditions in 2FA...

9.1CVSS5.8AI score0.00232EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/10 7:54 p.m.9 views

ajenti.plugin.core has race conditions in 2FA

Impact If the 2FA was activated, it was possible during a short moment after the authentication of an user to bypass its authentication. Patches This is fixed in the version 0.112. Users should upgrade to this version as soon as possible...

9.1CVSS5.8AI score0.00232EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/04/10 7:47 p.m.9 views

User Impersonation

Overview ajenti.plugin.core is a Core Affected versions of this package are vulnerable to User Impersonation via 2FA authentication. An attacker can gain unauthorized access by bypassing password authentication. Remediation Upgrade ajenti.plugin.core to version 0.112 or higher. References - GitHu...

9.3CVSS5.8AI score0.00329EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/10 7:47 p.m.3 views

EUVD-2026-21575

ajenti.plugin.core has password bypass when 2FA is activated...

9.3CVSS5.8AI score0.00329EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/10 7:47 p.m.9 views

ajenti.plugin.core has password bypass when 2FA is activated

Impact If the 2FA was activated, it was possible to bypass the password authentication Patches This is fixed in the version 0.112. Users should upgrade to this version as soon as possible...

9.3CVSS5.8AI score0.00329EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/10 7:47 p.m.4 views

GHSA-3MCX-6WXM-QR8V ajenti.plugin.core has password bypass when 2FA is activated

Impact If the 2FA was activated, it was possible to bypass the password authentication Patches This is fixed in the version 0.112. Users should upgrade to this version as soon as possible...

9.1CVSS5.8AI score0.00329EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/10 7:30 p.m.21 views

CVE-2026-40178 ajenti.plugin.core has a race conditions in 2FA

ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible during a short moment after the authentication of an user to bypass its authentication. This vulnerability is fixed in 0.112...

9.1CVSS0.00232EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/10 7:29 p.m.22 views

CVE-2026-40177 Password bypass when 2FA is activated

ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible to bypass the password authentication This vulnerability is fixed in 0.112...

9.3CVSS0.00329EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.7 views

PT-2026-32032

Name of the Vulnerable Software and Affected Versions ajenti.plugin.core versions prior to 0.112 Description Prior to version 0.112, a timing issue allowed bypassing two-factor authentication 2FA immediately after a user's successful authentication. This occurred during a brief window after...

9.1CVSS6.1AI score0.00232EPSS
Exploits0References8
Snyk
Snyk
added 2026/04/02 9:0 p.m.5 views

Malicious Package

Overview strapi-plugin-core is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages aren't...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2025/12/15 11:39 a.m.3 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via the PKI realm. An attacker can impersonate other users by presenting specially crafted client certificates signed by a trusted Certificate Authority. Note: This is only exploitable if the attacker...

7.6CVSS6.5AI score0.00162EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/23 12:0 a.m.28 views

WordPress plugin Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

4.3CVSS6.1AI score0.0025EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/23 12:0 a.m.16 views

WordPress plugin Core 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

5.9CVSS5.7AI score0.00203EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.2 views

Malicious code in marley-plugin-core (npm)

The package marley-plugin-core was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.1 views

MAL-2025-25964 Malicious code in marley-plugin-core (npm)

The package marley-plugin-core was found to contain malicious code...

7.2AI score
Exploits0
Rows per page
Query Builder