Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Snyk
Snykadded 2026/05/25 8:9 a.m.4 views

Malicious Package

Overview wm-plugin-json-conditions is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSVadded 2026/05/25 8:9 a.m.6 views

MAL-2026-4338 Malicious code in wm-plugin-json-conditions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 43ae510c22e7ea36051bfaa2a241bc7f8035d9047c3fe927438ceef2f2ca81cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
CVE
CVEadded 2026/05/15 4:0 p.m.10 views

CVE-2026-44641

CVE-2026-44641 affects Microsoft APM. Before version 0.8.12, the plugin-loading flow copies components listed in plugin.json into the .apm/ directory and does not validate that manifest paths (agents, skills, commands, hooks) stay inside the plugin root. An attacker can supply absolute or ../ tra...

7.1CVSS5.9AI score0.00057EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/05/07 12:0 a.m.6 views

PT-2026-38624

Name of the Vulnerable Software and Affected Versions Microsoft APM versions prior to 0.8.12 Description Microsoft APM normalizes marketplace plugins by copying components referenced in plugin.json into the .apm/ directory. The implementation fails to verify that the paths specified in the agents...

7.1CVSS5.9AI score0.00057EPSS
Exploits0References6
NVD
NVDadded 2026/04/20 9:16 a.m.1 views

CVE-2026-6618

A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parseopenaipluginjsontotoolbundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. Executing a manipulation of the argument url can lead to server-side request forgery. The...

6.5CVSS0.00043EPSS
Exploits0References4
CVE
CVEadded 2026/04/20 7:45 a.m.4 views

CVE-2026-6618

Summary (CVE-2026-6618): A flaw in langgenius dify up to 1.13.3 affects the component ApiBasedToolSchemaParser, specifically parse_openai_plugin_json_to_tool_bundle in api/core/tools/utils/parser.py. The issue allows an attacker to manipulate the argument url to trigger a server-side request forg...

6.5CVSS6.1AI score0.00043EPSS
Exploits0References4
OSV
OSVadded 2025/11/12 4:29 a.m.1 views

MAL-2025-142314 Malicious code in event-html-webpack-plugin-json-sqlite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 875e00bfa3e1b4edd4e8060b916a67fb8cd83337e82e497bc92c17e79e411199 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSVadded 2025/09/23 3:59 p.m.1 views

MAL-2025-47514 Malicious code in vite-plugin-parse-json (npm)

The package vite-plugin-parse-json was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4013d2b27a0c8568a2b51161431838d7877caf18d55e179597d06e162989b484 Any computer that has this package installed or running should be considered full...

6.9AI score
Exploits0References1
Rows per page
Query Builder