Lucene search
K

157 matches found

CVE
CVE
added 2 days ago12 views

CVE-2026-59733

CVE-2026-59733 affects the rclone tool before version 1.74.4, specifically when using the command set “serve restic --private-repos.” The issue arises because authorization is enforced using the routed user path segment while the backend object key is built from the raw, uncleaned URL path, allow...

8.8CVSS6.1AI score0.00523EPSS
Exploits0References4
NVD
NVD
added 2 days ago4 views

CVE-2026-14504

An authorization bypass in Nexus Repository 3's component upload API allowed a user with only read/browse privileges on a Swift, Terraform, or Conda hosted repository to upload arbitrary artifacts, bypassing the intended write-permission check...

8.2CVSS0.00264EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/07/01 8:45 p.m.10 views

Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer

Impact A vulnerability in Fleet for Rancher Manager affects multi-tenancy environments where different tenants share the same downstream clusters e.g., different privileged or untrusted teams inside the same organization. On unpatched versions, tenants could bypass restrictions to access any conf...

9.9CVSS5.8AI score0.00585EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/24 9:16 p.m.7 views

CVE-2026-52795

Gogs is an open source self-hosted Git service. In 0.14.3 and earlier, any authenticated user can watch a private repository they have no access to, because the access check in the Watch API handler is inverted. The code checks if repoCtx.ViewerCanRead returns 404 when the user CAN read instead o...

4.3CVSS0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 8:30 p.m.26 views

CVE-2026-52810 Gogs: Write to readonly repositories using receive-pack + service=git-upload-pack confusion

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git smart HTTP authorizes POST …/git-receive-pack using the client-supplied service query string so ?service=git-upload-pack is evaluated as read access while routing still runs git receive-pack, allowing push where only read should...

7.1CVSS0.00427EPSS
Exploits0References4
NVD
NVD
added 2026/06/18 9:16 p.m.17 views

CVE-2026-46699

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.61.0, a vulnerability in the conda-forge automated webservices allowed unintended write access to feedstock repositories through GitHub...

7.6CVSS0.00201EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/06 12:31 a.m.10 views

EUVD-2026-34918

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to...

9.4CVSS6.4AI score0.01145EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.18 views

Malicious code in @ethlete/cdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 388964a1e683fdb11adf39ffe9b97f4114b9bcd9547f941d27adb4fccff22add The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.15 views

Malicious code in autotel-vitest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22d23b9d854410e35b16a7058ed9bc6855b3bf548b1a3ccd79ba983de3b652e1 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.80 views

Malicious code in @vapi-ai/server-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67e1edd9922bb8b3962aad95b2bb1bfa39c3ec47651fe4863035111fc292dcfe The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.1AI score
Exploits0References6
OSV
OSV
added 2026/06/05 12:53 a.m.11 views

MAL-2026-5246 Malicious code in eslint-plugin-awaitly (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4dbd803fb072d271da9c655f60d16fa4e33582d1acb075aa6427449c2a417b72 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.2AI score
Exploits0References4
OSV
OSV
added 2026/06/05 12:53 a.m.11 views

MAL-2026-5265 Malicious code in node-env-resolver-nextjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 556430b576f70c519fdab92137b48779f60f127f48ff5bdef0bcef838e24131b The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.2AI score
Exploits0References3
The Hacker News
The Hacker News
added 2026/05/25 2:13 p.m.28 views

⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos

Monday recap. Same mess, new week. A sketchy dev tool got people pwned, old bugs came back from the dead, and security products somehow needed protecting from themselves. A bunch of companies spent the week checking old boxes and forgotten servers they should've patched years ago. Good times...

7.1CVSS7AI score0.0138EPSS
Exploits6
HackRead
HackRead
added 2026/05/22 1:51 p.m.20 views

5,561 GitHub Repositories Hit by Megalodon Supply Chain Attack in Six Hours

SafeDep uncovered the Megalodon attack targeting 5,561 GitHub repositories with malicious CI workflows and cloud credential theft...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 12:0 a.m.16 views

Malicious code in @antv/g-plugin-a11y (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 12:0 a.m.15 views

Malicious code in @antv/f-charts (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/05/19 12:0 a.m.9 views

MAL-2026-4060 Malicious code in @antv/li-analysis-assets (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
OSV
OSV
added 2026/05/19 12:0 a.m.11 views

MAL-2026-3854 Malicious code in @antv/ava-react (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
OSV
OSV
added 2026/05/19 12:0 a.m.6 views

MAL-2026-3920 Malicious code in @antv/g-layout-blocklike (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 12:0 a.m.17 views

Malicious code in @antv/gi-mock-data (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References4
Rows per page
Query Builder