Lucene search
K

372 matches found

EUVD
EUVD
added 2026/06/19 8:3 a.m.9 views

EUVD-2026-37998

AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. The endpoint accepts item identifiers through the s1 and s2 query parameters and, prior to the fix, attempted to retrieve and compare item contents without first verifying that both referenced items existed ...

5.3CVSS5.8AI score0.00341EPSS
Exploits0References1
OSV
OSV
added 2026/05/19 12:0 a.m.7 views

MAL-2026-4078 Malicious code in @antv/s2-react (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
OSV
OSV
added 2026/05/19 12:0 a.m.7 views

MAL-2026-4079 Malicious code in @antv/s2-react-components (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/05/19 12:0 a.m.8 views

MAL-2026-4081 Malicious code in @antv/s2-vue (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
OSV
OSV
added 2026/05/19 12:0 a.m.11 views

MAL-2026-4080 Malicious code in @antv/s2-ssr (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
Snyk
Snyk
added 2026/05/18 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.18 views

@antv/g-canvas (>=2.0.0 <=2.0.52), @antv/g-canvaskit (>=1.0.0 <=1.0.51) +11 more potentially affected by unknown CVE via @antv/g-plugin-dom-interaction (>=2.0.0 <=2.1.9)

@antv/g-plugin-dom-interaction NPM version =2.0.0, =2.0.0, =1.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.56 - @antv/g6 =5.0.46 - @antv/g6-extension-3d =0.1.20 - @antv/s2 =2.4.12-alpha.1 Source cves: unknown CVE Source advisory:...

5.5AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.17 views

@antv/gpt-vis-ssr (>=0.3.4 <=0.3.8), @tiangong-ai/vis-server (>=0.0.1 <=0.0.5) potentially affected by unknown CVE via @antv/s2-ssr (>=0.0.2 <=0.1.1)

@antv/s2-ssr NPM version =0.0.2, =0.3.4, =0.0.1, =0.0.5 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVS2SSR-16754942...

5.5AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.6 views

qbi-charts (=1.0.17), shuyi-charts (>=1.1.1 <=1.1.27) potentially affected by unknown CVE via @antv/s2-vue (=2.2.0)

@antv/s2-vue NPM version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/s2-vue and may be impacted: - qbi-charts =1.0.17 - shuyi-charts =1.1.1, =1.1.27 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVS2VUE-16754366...

5.5AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.7 views

@binarysee/widgets (=1.0.5), @binlove/widgets (=1.0.5) potentially affected by unknown CVE via @antv/s2-react (=2.0.0-next.28)

@antv/s2-react NPM version =2.0.0-next.28 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/s2-react and may be impacted: - @binarysee/widgets =1.0.5 - @binlove/widgets =1.0.5 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVS2REACT-16754376...

5.5AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.9 views

@antv/g-canvas (>=2.0.0 <=2.0.52), @antv/g-canvaskit (>=1.0.0 <=1.0.51) +9 more potentially affected by unknown CVE via @antv/g-plugin-html-renderer (>=2.0.0 <=2.3.1)

@antv/g-plugin-html-renderer NPM version =2.0.0, =2.0.0, =1.0.0, =1.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.56 - @antv/g6 =5.0.46 - @antv/g6-extension-3d =0.1.20 - @antv/s2 =2.4.12-alpha.1 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGPLUGINHTMLRENDERER-16754947...

5.5AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.13 views

@antv/gpt-vis-ssr (>=0.3.4 <=0.3.8), @tiangong-ai/vis-server (>=0.0.1 <=0.0.5) potentially affected by unknown CVE via @antv/s2-ssr (>=0.0.2 <=0.1.1)

@antv/s2-ssr NPM version =0.0.2, =0.3.4, =0.0.1, =0.0.5 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVS2SSR-16755111...

5.5AI score
Exploits0
NVD
NVD
added 2026/04/09 10:16 p.m.12 views

CVE-2026-21916

A UNIX Symbolic Link Symlink Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system. When after a user has performed a specific 'file lin...

7.3CVSS0.00129EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:30 p.m.4 views

CVE-2026-33779

An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web of Juniper Networks Junos OS on SRX Series allows a PITM to intercept the communication of the device and get access to confidential information and potentially modify it. When an SRX device is provisioned to connect t...

8.3CVSS5.9AI score0.00121EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:28 p.m.4 views

CVE-2026-21916

A UNIX Symbolic Link Symlink Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system. When after a user has performed a specific 'file lin...

7.3CVSS5.9AI score0.00129EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.6 views

PT-2026-31754

Junos OS and Junos OS Evolved: When an unsigned Python op script configuration is present, a local low privileged user can compromise the system CVE: CVE-2026-33793 PT ID: PT-2026-31754 Vendor: Juniper networks Product: Junos OS CVSS: 7.8 Credits: n/a Description: An Execution with Unnecessary...

8.5CVSS5.9AI score0.00159EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:15 p.m.7 views

CVE-2026-4575

A flaw has been found in code-projects Exam Form Submission 1.0. This issue affects some unknown processing of the file /admin/updates2.php. This manipulation of the argument sname causes cross site scripting. The attack can be initiated remotely. The exploit has been published and may be used...

4.8CVSS4.2AI score0.00206EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/23 6:30 a.m.5 views

EUVD-2026-14367

A flaw has been found in code-projects Exam Form Submission 1.0. This issue affects some unknown processing of the file /admin/updates2.php. This manipulation of the argument sname causes cross site scripting. The attack can be initiated remotely. The exploit has been published and may be used...

4.8CVSS4.2AI score0.00206EPSS
Exploits0References6
NVD
NVD
added 2026/03/23 6:16 a.m.6 views

CVE-2026-4575

A flaw has been found in code-projects Exam Form Submission 1.0. This issue affects some unknown processing of the file /admin/updates2.php. This manipulation of the argument sname causes cross site scripting. The attack can be initiated remotely. The exploit has been published and may be used...

4.8CVSS0.00206EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/23 5:36 a.m.4 views

CVE-2026-4575 code-projects Exam Form Submission update_s2.php cross site scripting

A flaw has been found in code-projects Exam Form Submission 1.0. This issue affects some unknown processing of the file /admin/updates2.php. This manipulation of the argument sname causes cross site scripting. The attack can be initiated remotely. The exploit has been published and may be used...

4.8CVSS4.2AI score0.00206EPSS
Exploits0References5
Rows per page
Query Builder