Lucene search
K

59 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/03 4:11 p.m.6 views

Malicious code in strapi-plugin-hooks (npm)

strapi-plugin-hooks is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology. ...

6AI score
Exploits0References2
OSV
OSV
added 2026/04/03 4:11 p.m.4 views

MAL-2026-2467 Malicious code in strapi-plugin-hooks (npm)

strapi-plugin-hooks is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology. ...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/03 4:11 p.m.5 views

Malicious code in strapi-plugin-core (npm)

strapi-plugin-core is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology. I...

6AI score
Exploits0References2
OSV
OSV
added 2026/04/03 4:11 p.m.3 views

MAL-2026-2456 Malicious code in strapi-plugin-core (npm)

strapi-plugin-core is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology. I...

6AI score
Exploits0References2
OSV
OSV
added 2026/04/03 4:10 p.m.2 views

MAL-2026-2483 Malicious code in strapi-plugin-server (npm)

strapi-plugin-server is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology...

6AI score
Exploits0References1
OSV
OSV
added 2026/04/03 4:10 p.m.4 views

MAL-2026-2454 Malicious code in strapi-plugin-config (npm)

strapi-plugin-config is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/03 4:9 p.m.9 views

Malicious code in strapi-plugin-cron (npm)

strapi-plugin-cron is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology. I...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/03 11:3 a.m.3 views

Malicious code in strapi-plugin-events (npm)

[email protected] is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score
Exploits0References2
OSV
OSV
added 2026/03/12 9:16 p.m.6 views

UBUNTU-CVE-2026-1527

ImpactWhen an application passes user-controlled input to the upgrade option of client.request, an attacker can inject CRLF sequences \r\n to: Inject arbitrary HTTP headers Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services Redis, Memcached, Elasticsearch The...

4.6CVSS5.9AI score0.00256EPSS
Exploits0References2
AlmaLinux
AlmaLinux
added 2026/01/28 12:0 a.m.5 views

Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption v...

7.5CVSS5.9AI score0.00451EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2026/01/22 11:24 p.m.11 views

CVE-2026-23524

Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. In versions 1.6.3 and below, Reverb passes data from the Redis channel directly into PHP’s unserialize function without restricting which classes can be instantiated, which leaves users vulnerable to...

9.8CVSS5.6AI score0.00878EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/27 12:0 a.m.9 views

CVE-2025-66360

An issue was discovered in Logpoint before 7.7.0. An improperly configured access control policy exposes sensitive Logpoint internal service Redis information to li-admin users. This can lead to privilege escalation...

6.9CVSS0.00258EPSS
Exploits0References1
CNVD
CNVD
added 2025/11/20 12:0 a.m.2 views

Fortinet FortiWeb Trust Management Issue Vulnerability

Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content. A...

5.5CVSS7.1AI score0.00104EPSS
Exploits0References1
NVD
NVD
added 2025/11/18 5:16 p.m.6 views

CVE-2025-59669

A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6.0, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker with shell access to the device to connect to redis service and access its data...

5.5CVSS0.00104EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.5 views

PT-2025-47364

Name of the Vulnerable Software and Affected Versions FortiWeb versions 7.0 through 7.6.0 FortiWeb version 7.4 FortiWeb version 7.2 Description A hard-coded credentials issue exists in FortiWeb that could allow an authenticated attacker with shell access to the device to connect to the redis...

5.3CVSS6.2AI score0.00104EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-8735

Malware in sbrugna...

6.1CVSS6.3AI score0.00289EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-28859

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data ...

6.5CVSS6.4AI score0.01034EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 4:53 a.m.8 views

CVE-2019-19096

The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials' confidentiality...

6.1CVSS6.8AI score0.00289EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/02/17 12:0 a.m.6 views

PT-2020-6875 · Abb · Abb Esoms

Name of the Vulnerable Software and Affected Versions: ABB eSOMS versions 6.0 through 6.0.2 Description: The issue is related to the storage of credentials in a recoverable format by the Redis data structure component used in ABB eSOMS. This can potentially allow an attacker to gain unauthorized...

6.1CVSS6.2AI score0.00289EPSS
Exploits0References6
Rows per page
Query Builder