Lucene search
K

1833 matches found

OSV
OSV
added yesterday4 views

MAL-2026-10534 Malicious code in motion-pull (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e50d15810c044b3b0355460fdeacea42d89944d351e74bcce9fd976f91915ea [email protected] impersonates the pino logger exports module.exports.pino = middleware, uses logger-themed keywords, ships a ./pino require target...

6.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday6 views

Malicious code in motion-pull (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e50d15810c044b3b0355460fdeacea42d89944d351e74bcce9fd976f91915ea [email protected] impersonates the pino logger exports module.exports.pino = middleware, uses logger-themed keywords, ships a ./pino require target...

6.5AI score
Exploits0References2
EUVD
EUVD
added yesterday7 views

EUVD-2026-43578

A security vulnerability has been detected in wandb 0.25.2.dev1. Affected is the function ArtifactManifestEntry.download in the library wandb/sdk/lib/hashutil.py of the component Artifact Integrity Validation. The manipulation leads to use of weak hash. The attack may be initiated remotely. A hig...

3.1CVSS5.5AI score0.00151EPSS
Exploits0References8
OSV
OSV
added 2 days ago2 views

CVE-2026-15529 yzhao062 pyod persistence.py pyod.utils.persistence.load deserialization

A vulnerability was detected in yzhao062 pyod 3.5.0/3.5.1/3.5.2. Affected is the function pyod.utils.persistence.load of the file pyod/utils/persistence.py. Performing a manipulation of the argument path results in deserialization. The attack can be initiated remotely. The pull request to fix thi...

5.3CVSS6AI score0.00252EPSS
Exploits0References9
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42727

A vulnerability was detected in lo48576 fbxcel up to 0.9.0. This affects an unknown part of the file src/pullparser/v7400/parser.rs of the component Node Header Handler. The manipulation results in denial of service. The attack must be initiated from a local position. The exploit is now public an...

4.8CVSS5.5AI score0.0012EPSS
Exploits0References8
OSV
OSV
added 6 days ago2 views

CVE-2026-15311 NousResearch hermes-agent Matrix Adapter matrix.py MatrixAdapter._markdown_to_html cross site scripting

A vulnerability was identified in NousResearch hermes-agent up to 2026.5.29.2. Affected by this issue is the function MatrixAdapter.markdowntohtml of the file gateway/platforms/matrix.py of the component Matrix Adapter. Such manipulation leads to cross site scripting. The attack can be executed...

5.1CVSS4.6AI score0.00203EPSS
Exploits0References9
NVD
NVD
added 6 days ago11 views

CVE-2026-45788

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, secure uploads could be exposed by pullhotlinkedimages when an attacker knew the secured upload URL and the secureuploads site setting was enabled. This issue is fixed in versions 2026.6.0,...

7.5CVSS0.00466EPSS
Exploits0References9
CVE
CVE
added 6 days ago9 views

CVE-2026-15276

Symphonia (pdeljanov) up to version 0.6.0 exposes a denial-of-service vulnerability in the Metadata Handler. The issue affects unknown code paths; exploitation requires local access and a publicly published exploit exists. A fix is in a pull request but has not yet been accepted. The advisory not...

4.8CVSS5.3AI score0.0012EPSS
Exploits0References7
OSV
OSV
added 6 days ago3 views

CVE-2026-15276 pdeljanov Symphonia Metadata denial of service

A flaw has been found in pdeljanov Symphonia up to 0.6.0. This vulnerability affects unknown code of the component Metadata Handler. This manipulation causes denial of service. The attack needs to be launched locally. The exploit has been published and may be used. The pull request to fix this...

4.8CVSS5.5AI score0.0012EPSS
Exploits0References9
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-15274 lo48576 fbxcel Node Header parser.rs denial of service

A vulnerability was detected in lo48576 fbxcel up to 0.9.0. This affects an unknown part of the file src/pullparser/v7400/parser.rs of the component Node Header Handler. The manipulation results in denial of service. The attack must be initiated from a local position. The exploit is now public an...

4.8CVSS0.0012EPSS
Exploits0References7
CVE
CVE
added 6 days ago13 views

CVE-2026-15274

Summary of CVE-2026-15274 (lo48576 fbxcel) : Affects the product line lo48576 fbxcel up to version 0.9.0. The issue targets an unknown part of the Node Header Handler, specifically the file src/pull_parser/v7400/parser.rs, where manipulation leads to a Denial of Service. Access is required from a...

4.8CVSS5.5AI score0.0012EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-15274

A vulnerability was detected in lo48576 fbxcel up to 0.9.0. This affects an unknown part of the file src/pullparser/v7400/parser.rs of the component Node Header Handler. The manipulation results in denial of service. The attack must be initiated from a local position. The exploit is now public an...

4.8CVSS5.5AI score0.0012EPSS
Exploits0References7Affected Software1
OSV
OSV
added 6 days ago2 views

CVE-2026-15193 AidanPark openclaw-android Android WebView Bridge JsBridge.kt os command injection

A vulnerability was determined in AidanPark openclaw-android up to 0.4.0. The affected element is an unknown function of the file android/app/src/main/java/com/openclaw/android/JsBridge.kt of the component Android WebView Bridge. This manipulation causes os command injection. The attack can only ...

4.8CVSS5.7AI score0.00683EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 6 days ago5 views

CVE-2026-14362

A flaw was found in HashiCorp memberlist. An attacker with network access to the gossip port could exploit a vulnerability in the push/pull state handling. This could lead to memory exhaustion on a receiving node, causing the process to terminate. This flaw results in a Denial of Service DoS...

7.5CVSS5.9AI score0.00251EPSS
Exploits0References4
NVD
NVD
added last week7 views

CVE-2026-14362

HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push/pull state handling that may allow an attacker with network access to the gossip port to exhaust memory on a receiving node and cause the process to terminate. This vulnerability CVE-2026-14362 is fix...

4.9CVSS0.00251EPSS
Exploits0References1
CVE
CVE
added last week10 views

CVE-2026-14362

The CVE-2026-14362 entry applies to HashiCorp’s memberlist prior to version 0.6.0. The vulnerability resides in the push/pull gossip state handling, allowing an attacker with network access to the gossip port to exhaust memory on a receiving node, leading to process termination. Impact is a denia...

4.9CVSS6AI score0.00251EPSS
Exploits0References1
OSV
OSV
added last week3 views

CVE-2026-14362 Denial of service via crafted push/pull gossip message in memberlist

HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push/pull state handling that may allow an attacker with network access to the gossip port to exhaust memory on a receiving node and cause the process to terminate. This vulnerability CVE-2026-14362 is fix...

4.9CVSS6.1AI score0.00251EPSS
Exploits0References4
NVD
NVD
added last week9 views

CVE-2026-54344

ToolJet is an open-source low-code platform for building internal tools. Prior to 3.20.180, ToolJet's render preview deployment workflow interpolates github.event.comment.body directly into a bash conditional in a run step, allowing any GitHub user who can comment on an open pull request with a...

4.7CVSS0.00171EPSS
Exploits0References1
OSV
OSV
added last week1 views

CVE-2026-54344 ToolJet GitHub Actions comment body shell injection exposes deployment secrets

ToolJet is an open-source low-code platform for building internal tools. Prior to 3.20.180, ToolJet's render preview deployment workflow interpolates github.event.comment.body directly into a bash conditional in a run step, allowing any GitHub user who can comment on an open pull request with a...

4.7CVSS6.2AI score0.00171EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/07/06 1:58 p.m.7 views

CVE-2026-50015

A flaw was found in pnpm. An attacker can exploit this by contributing a malicious patch file through a pull request. During the pnpm install process, the patch application pipeline fails to validate file paths extracted from these patch files. This allows the attacker to write or delete arbitrar...

7.3CVSS6.5AI score0.0027EPSS
Exploits1References4
Rows per page
Query Builder