Lucene search
K

9549 matches found

OSV
OSV
added 4 days ago3 views

MAL-2026-10190 Malicious code in tinyparrot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec7ebbcc82edaa241764193ea85c0492b99f9ed3be805c57ef0914518cd4b6f9 The postinstall script src/build.js reconstructs the strings 'https', 'POST', and the destination host 'rnjkerbf.org/P' from integer-encoded arrays v...

6.2AI score
Exploits0References2
RedHat Linux
RedHat Linux
added last week12 views

golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions

A flaw was found in golang.org/x/crypto/ssh/agent. When a key was added to a remote agent, security restrictions, known as constraint extensions, were not properly processed during the request. This allowed these restrictions to be silently removed when keys were forwarded, leading to the...

9.1CVSS6AI score0.00525EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 3:22 p.m.14 views

Malicious code in paysafe-payments (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e2b7f287703755dab866acf1047a148e321d06a84353238936eaba58b6e7fda Package impersonates the Paysafe payments SDK metadata claims 'Paysafe Developer Team', 'Paysafe Payments processing library' but its advertised...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/07/07 3:22 p.m.8 views

MAL-2026-6928 Malicious code in paysafe-payments (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e2b7f287703755dab866acf1047a148e321d06a84353238936eaba58b6e7fda Package impersonates the Paysafe payments SDK metadata claims 'Paysafe Developer Team', 'Paysafe Payments processing library' but its advertised...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 3:22 p.m.12 views

Malicious code in paysafe-kyc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c619e500f8070a5525694f42547c0b73e8189965f8816f1a124190f50bed6f5 The paysafe-kyc package impersonates a legitimate Paysafe KYC/payments SDK author string 'Paysafe Developer Team', base URL https://api.paysafe.com,...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/07/07 3:22 p.m.7 views

MAL-2026-6927 Malicious code in paysafe-kyc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c619e500f8070a5525694f42547c0b73e8189965f8816f1a124190f50bed6f5 The paysafe-kyc package impersonates a legitimate Paysafe KYC/payments SDK author string 'Paysafe Developer Team', base URL https://api.paysafe.com,...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 3:21 p.m.11 views

Malicious code in paysafe-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d9cc9039ffa3e8cadc8a24b0ccd83bcc8eca2fe88e25f35b2022cc1957220fb paysafe-api impersonates the Paysafe payments provider package name, description, author 'Paysafe Developer Team', and use of api.paysafe.com /...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/07/07 3:21 p.m.9 views

MAL-2026-6926 Malicious code in paysafe-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d9cc9039ffa3e8cadc8a24b0ccd83bcc8eca2fe88e25f35b2022cc1957220fb paysafe-api impersonates the Paysafe payments provider package name, description, author 'Paysafe Developer Team', and use of api.paysafe.com /...

6.2AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/07 1:15 p.m.10 views

golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions

A flaw was found in golang.org/x/crypto/ssh/agent. When a key was added to a remote agent, security restrictions, known as constraint extensions, were not properly processed during the request. This allowed these restrictions to be silently removed when keys were forwarded, leading to the...

9.1CVSS6AI score0.00525EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/06 5:18 a.m.4 views

golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions

A flaw was found in golang.org/x/crypto/ssh/agent. When a key was added to a remote agent, security restrictions, known as constraint extensions, were not properly processed during the request. This allowed these restrictions to be silently removed when keys were forwarded, leading to the...

9.1CVSS6AI score0.00525EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.6 views

Fedora 44 : prometheus-podman-exporter (2026-3c6643b33a)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3c6643b33a advisory. release 1.21.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

7.5CVSS6.7AI score0.00651EPSS
Exploits1References4
OSV
OSV
added 2026/06/26 9:40 p.m.6 views

MAL-2026-6543 Malicious code in express-initial (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8d292a4664135ed1869f907d62fb6472839ab54a59aedb2f3a88022a0c70095 package.json declares "postinstall": "node index.js", so npm install express-initial automatically runs the package's main script. index.js is heavil...

6AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 8:26 p.m.9 views

Malicious code in textshape-css (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e596e1ea1365aadfa6c75047b664bb41b29b60828595b9271d4c2c217476b60 The package presents itself as a Tailwind CSS typography plugin its name, description, and source tree clone @tailwindcss/typography, but src/index.j...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/25 8:26 p.m.16 views

MAL-2026-6475 Malicious code in textshape-css (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e596e1ea1365aadfa6c75047b664bb41b29b60828595b9271d4c2c217476b60 The package presents itself as a Tailwind CSS typography plugin its name, description, and source tree clone @tailwindcss/typography, but src/index.j...

6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.14 views

PT-2026-51744

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description A disconnect between the tool layer and libcurl occurs when a user invokes curl with a schemeless URL and the --proto-default option set to sftp or scp. The tool layer incorrectly infers the URL...

7.5CVSS6.1AI score0.00574EPSS
Exploits1References36
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.8 views

RHEL 9 : evince (RHSA-2026:27819)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27819 advisory. The evince packages provide a simple multi-page document viewer for Portable Document Format PDF, PostScript PS, Encapsulated PostScript EPS files,...

8.4CVSS6AI score0.00529EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.10 views

Devolutions Remote Desktop Manager <= 2026.2.7 Command Injection (DEVO-2026-0018)(CVE-2026-12161)

The version of Devolutions Remote Desktop Manager installed on the remote host is 2025.2.7 or earlier. It is, therefore, affected by a command injection vulnerability: - Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticat...

8.8CVSS6.1AI score0.00295EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 1:16 a.m.11 views

CVE-2026-12161

Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials via a crafted alterna...

8.8CVSS0.00295EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 11:55 p.m.28 views

CVE-2026-12161

CVE-2026-12161 affects Devolutions Remote Desktop Manager 2026.2.7. The flaw is in the SSH Elevate Shell feature, where improper input validation allows an authenticated user (with permission to create/modify a shared SSH entry) to run arbitrary commands on a remote SSH host using stored elevatio...

8.8CVSS5.7AI score0.00295EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49554

Name of the Vulnerable Software and Affected Versions Starlette versions prior to 1.1.0 Description On Windows, the StaticFiles component is susceptible to Server-Side Request Forgery SSRF. When a request containing a Universal Naming Convention UNC path, such as attacker.comshare, is processed,...

7.5CVSS5.3AI score0.00368EPSS
Exploits0References13
Rows per page
Query Builder