Lucene search
+L

30 matches found

EUVD
EUVD
added 3 hours ago9 views

EUVD-2026-41921

vLLM has Remote DoS via Invalid Recovered Token Reinjection...

7.5CVSS5.2AI score0.00343EPSS
Exploits1References4
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago12 views

Malicious code in fast-dotenv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da3250a4b69ccce49128d2e75ffb9e577746de4fb3afe0e0d242fbe5d094d02d The package presents itself as a.env loader but on load/config spawns a background thread that, after a 72–96 hour activation delay jittered by...

6.2AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/10 3:31 p.m.8 views

Malicious code in type-elint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f29d6bfc122cb5792d95cfade56e62789f83366b30fc0d58a88a84113d89962c Package impersonates the pino logger README is pino documentation, package name is a lookalike. The main export is a middleware factory that spawns...

6.5AI score
Exploits0References2
OSV
OSV
added 2026/06/16 2:14 a.m.12 views

MAL-2026-5857 Malicious code in event-metrics-q3x7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b805c0ac88b45f49b1698fb9ea33e00767380544221d574a0da0e0f526d07f8 On install, package.json runs a postinstall hook node run.js that triggers beacon scripts beacon20.js, beaconlinux.js shipped in the tarball. The...

5.8AI score
Exploits0References10
OSV
OSV
added 2026/06/16 1:34 a.m.5 views

MAL-2026-5858 Malicious code in metrics-pipeline-d8k2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01ad2ee3d3807102a3f02c01af0d3fec46d91e9764eb77a8bcedf9c6be7fc3b0 Package declares "postinstall": "node run.js" in package.json, causing automatic execution of bundled beacon scripts on npm install. beacon29.js load...

5.8AI score
Exploits0References22
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 2:32 p.m.26 views

Malicious code in sea-bound-siren (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd5f2d5cc691968b1bb69f12ea7476c618f6432b42976869906df06312b912c0 On npm install, postinstall.js executes a shell pipeline that collects the output of id, os.hostname, the full process environment env | sort, the...

5.4AI score
Exploits0References24
EUVD
EUVD
added 2026/05/06 8:54 p.m.7 views

EUVD-2026-28222

OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span attributes. In high-cardinality scenarios, a process using Zipkin export for client or producer spa...

5.3CVSS5.8AI score0.00311EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/06 8:54 p.m.8 views

CVE-2026-41310 OpenTelemetry .NET Zipkin exporter has unbounded remote endpoint cache leading to memory growth

OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span attributes. In high-cardinality scenarios, a process using Zipkin export for client or producer spa...

5.3CVSS5.8AI score0.00311EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/06 8:54 p.m.5 views

CVE-2026-41310

OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span attributes. In high-cardinality scenarios, a process using Zipkin export for client or producer spa...

5.3CVSS5.8AI score0.00311EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/28 11:23 p.m.18 views

OpenTelemetry's Zipkin remote endpoint cache could grow without bounds and increase memory pressure

Summary The Zipkin exporter remote endpoint cache accepted unbounded key growth derived from span attributes. In high-cardinality scenarios, this could increase process memory usage over time and degrade availability. Details - Introduce a bounded, thread-safe LRU cache for remote endpoints. -...

5.3CVSS5.4AI score0.00311EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/03/29 3:30 p.m.4 views

EUVD-2026-17009

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing authenticated operators with only operator.write permission to access admin-only browser profile management routes through browser.request. Attackers can create or modify browser profiles and persist...

7.1CVSS5.9AI score0.00288EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/29 12:44 p.m.1 views

CVE-2026-32972 OpenClaw < 2026.3.11 - Authorization Bypass in Browser Profile Management via browser.request

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing authenticated operators with only operator.write permission to access admin-only browser profile management routes through browser.request. Attackers can create or modify browser profiles and persist...

7.1CVSS5.9AI score0.00288EPSS
Exploits0References2
OSV
OSV
added 2026/03/29 12:44 p.m.3 views

CVE-2026-32972 OpenClaw < 2026.3.11 - Authorization Bypass in Browser Profile Management via browser.request

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing authenticated operators with only operator.write permission to access admin-only browser profile management routes through browser.request. Attackers can create or modify browser profiles and persist...

7.1CVSS6AI score0.00288EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/27 1:39 p.m.3 views

CVE-2025-50055

Cross-site scripting XSS vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service ACS endpoint servers to inject arbitrary web script or HTML via the RelayState parameter...

5.6AI score0.00204EPSS
Exploits0References1
Veracode
Veracode
added 2023/05/10 2:0 a.m.21 views

Improper Input Validation

github.com/mutagen-io/mutagen is vulnerable to Improper Input Validation. The vulnerability exists because the mutagen command line and logging operations of the library do not properly sanitize control characters in the text, which allows an attacker to send malicious control characters through...

8.8CVSS6.9AI score0.0074EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2023/05/08 6:15 p.m.46 views

CVE-2023-30844

Mutagen provides real-time file synchronization and flexible network forwarding for developers. Prior to versions 0.16.6 and 0.17.1 in mutagen and prior to version 0.17.1 in mutagen-compose, Mutagen list and monitor commands are susceptible to control characters that could be provided by remote...

8.8CVSS5.5AI score0.0074EPSS
Exploits0References3
Prion
Prion
added 2023/05/08 6:15 p.m.27 views

Design/Logic Flaw

Mutagen provides real-time file synchronization and flexible network forwarding for developers. Prior to versions 0.16.6 and 0.17.1 in mutagen and prior to version 0.17.1 in mutagen-compose, Mutagen list and monitor commands are susceptible to control characters that could be provided by remote...

6.5CVSS8.9AI score0.02198EPSS
Exploits0References3Affected Software2
Vulnrichment
Vulnrichment
added 2023/05/08 5:54 p.m.8 views

CVE-2023-30844 Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints

Mutagen provides real-time file synchronization and flexible network forwarding for developers. Prior to versions 0.16.6 and 0.17.1 in mutagen and prior to version 0.17.1 in mutagen-compose, Mutagen list and monitor commands are susceptible to control characters that could be provided by remote...

3CVSS9AI score0.0074EPSS
Exploits0References3
OSV
OSV
added 2023/05/08 5:54 p.m.23 views

CVE-2023-30844 Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints

Mutagen provides real-time file synchronization and flexible network forwarding for developers. Prior to versions 0.16.6 and 0.17.1 in mutagen and prior to version 0.17.1 in mutagen-compose, Mutagen list and monitor commands are susceptible to control characters that could be provided by remote...

3CVSS9AI score0.0074EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/05/05 2:25 a.m.42 views

Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints

Impact Mutagen command line operations, as well as the log output from mutagen daemon run, are susceptible to control characters that could be provided by remote endpoints. This can cause terminal corruption, either intentional or unintentional, if these characters are present in error messages,...

8.8CVSS6.7AI score0.0074EPSS
Exploits0References5Affected Software2
Rows per page
Query Builder