Lucene search
K

61 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.4 views

Malicious code in zeppelin-nymph-wpa677-project (npm)

The package zeppelin-nymph-wpa677-project was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.3 views

Malicious code in lilypad-hammock-cnr879-project (npm)

The package lilypad-hammock-cnr879-project was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.4 views

Malicious code in lilypad-butterfly-qzq971-project (npm)

The package lilypad-butterfly-qzq971-project was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.3 views

Malicious code in everest-delta-sco019-project (npm)

The package everest-delta-sco019-project was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.5 views

Malicious code in vortex-dragon-qps375-project (npm)

The package vortex-dragon-qps375-project was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-40052 Malicious code in xylophone-myth-wbx282-project (npm)

The package xylophone-myth-wbx282-project was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-32717 Malicious code in saturn-quasar-uss495-project (npm)

The package saturn-quasar-uss495-project was found to contain malicious code...

7.2AI score
Exploits0
NVD
NVD
added 2025/07/28 8:17 p.m.9 views

CVE-2025-50486

Improper session invalidation in the component /carrental/update-password.php of PHPGurukul Car Rental Project v3.0 allows attackers to execute a session hijacking attack...

7.1CVSS0.00322EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/06/24 12:0 a.m.4 views

PT-2025-26760 · Sentry · Sentry

Name of the Vulnerable Software and Affected Versions: Sentry versions 25.1.0 through 25.5.1 Description: The issue allows an authenticated attacker to access a project's issue endpoint and perform unauthorized actions, such as adding a comment, without being a member of the project's team. This...

4.2CVSS5.9AI score0.00194EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/22 5:1 a.m.4 views

CVE-2016-20003

The REST/JSON project 7.x-1.x for Drupal allows user enumeration, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy...

7.5CVSS7.1AI score0.01045EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2023-38497

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cargo downloads the Rust project's dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not...

7.9CVSS6.9AI score0.00763EPSS
Exploits0References3
OSV
OSV
added 2025/02/07 7:21 a.m.16 views

BIT-GITLAB-2024-3976 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose via the UI the confidential issues title and description from a public project to...

6.5CVSS6.2AI score0.00484EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/02/05 12:2 p.m.9 views

CVE-2024-3976 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose via the UI the confidential issues title and description from a public project to...

6.5CVSS6.2AI score0.00484EPSS
Exploits0References2
Drupal
Drupal
added 2025/01/22 12:0 a.m.10 views

Material Admin - Critical - Unsupported - SA-CONTRIB-2025-006

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

6.6CVSS7.1AI score0.00456EPSS
Exploits0References2
CVE
CVE
added 2025/01/13 7:41 p.m.40 views

CVE-2025-23027

CVE-2025-23027 affects the next-forge Next.js boilerplate. The root cause is a BASEHUB_TOKEN committed in apps/web/.env.example, exposing credentials and potentially granting unauthorized access if the token is active. Public references (NVD/Red Hat/OSV and others) describe the issue in terms of ...

6.3CVSS6.6AI score0.00267EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/09/03 7:57 p.m.11 views

Moderate: Red Hat Security Advisory: containernetworking-plugins security update

An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

5.9CVSS6.8AI score0.00667EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/08/14 5:48 p.m.24 views

WebOb's location header normalization during redirect leads to open redirect

Impact When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. urlparse however treats a // at the start of a string as a URI without a scheme, and th...

6.1CVSS6.5AI score0.00497EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/31 12:0 a.m.4 views

PT-2024-05: Remote Code Execution when creating a project from a git repository in PT Application Inspector (PT AI)

The vulnerability was identified in PT AI affecting versions 4.3.1 to 4.7.2. The vulnerability can be exploited by an attacker with network access to the PT AI control server to remotely execute code on the control server. Exploitation of the vulnerability requires authorization of the "project...

9.3CVSS7.7AI score
Exploits0References1
Veracode
Veracode
added 2024/06/25 5:7 a.m.18 views

Improper Access Control

github.com/rancher/rancher is vulnerable to Improper Access Control. The vulnerability is due to improper cleanup of roleBindings associated with a user or group when they are removed from a project, allowing former members to continue creating, updating, reading, and deleting namespaces in that...

8.1CVSS6.6AI score0.01048EPSS
Exploits0References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/01/25 12:0 a.m.32 views

GitLab 14.0 < 16.6.6 / 16.7 < 16.7.4 / 16.8 < 16.8.1 (CVE-2024-0456)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that th...

4.3CVSS5.4AI score0.00488EPSS
Exploits0References8
Rows per page
Query Builder