Lucene search
K

12756 matches found

OSV
OSV
added 2026/06/17 3:11 a.m.8 views

MAL-2026-5939 Malicious code in @mastra/ai-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98257d70b56e46a3dcd690478b15c54fb55c270db969b777c0cb42bec21ace37 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50549

Name of the Vulnerable Software and Affected Versions AWS Bedrock AgentCore Python SDK versions 1.1.3 through 1.6.0 Description Improper neutralization of argument delimiters in the install packages method of the Code Interpreter client allows a remote authenticated user to execute arbitrary...

8.4CVSS6.3AI score0.00302EPSS
Exploits0References9
OSV
OSV
added 2026/06/16 10:17 p.m.9 views

MAL-2026-5931 Malicious code in mci-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ae26c09350fdf9fb630e382c71dd730583ba1822122d232cde49a259597264f On npm install, mci-sdk runs the postinstall hook node./src/exec.js, which imports mci from src/core/index.js and invokes it at module top level. The...

6.6AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 10:17 p.m.12 views

Malicious code in mci-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ae26c09350fdf9fb630e382c71dd730583ba1822122d232cde49a259597264f On npm install, mci-sdk runs the postinstall hook node./src/exec.js, which imports mci from src/core/index.js and invokes it at module top level. The...

6.6AI score
Exploits0References7
OSV
OSV
added 2026/06/16 9:31 p.m.5 views

GHSA-9FR2-P65V-GQXQ Duplicate Advisory: Workspace .env CLOUDSDK_PYTHON could influence Gmail setup gcloud execution

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fq9j-vw4w-fr6v. This link is maintained to preserve external references. Original Description OpenClaw before 2026.5.2 contains an environment variable injection vulnerability allowing workspace .env files to...

7.1CVSS5.9AI score0.00133EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/16 7:51 p.m.20 views

CVE-2026-48776 LangGraph SDK has unsafe URL path construction

LangGraph Python SDK is used to connect to running LangGraph API servers, manage assistants, threads and stream runs from Python applications. Versions 0.3.14 and prior have unsafe URL path construction through unsanitized caller-supplied identifier values used in HTTP request paths for resource...

4.2CVSS0.00216EPSS
Exploits0References2
CVE
CVE
added 2026/06/16 7:51 p.m.28 views

CVE-2026-48776

CVE-2026-48776 affects LangGraph Python SDK (versions up to 0.3.14) and describes unsafe URL path construction from unsanitized caller-supplied identifiers in HTTP request paths. This can cause requests to target a different resource or resource type, enabling unintended access, modification, or ...

9.1CVSS5.2AI score0.00216EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/16 7:51 p.m.3 views

CVE-2026-48776 LangGraph SDK has unsafe URL path construction

LangGraph Python SDK is used to connect to running LangGraph API servers, manage assistants, threads and stream runs from Python applications. Versions 0.3.14 and prior have unsafe URL path construction through unsanitized caller-supplied identifier values used in HTTP request paths for resource...

4.2CVSS5.8AI score0.00216EPSS
Exploits0References4
NVD
NVD
added 2026/06/16 7:16 p.m.14 views

CVE-2026-47934

DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim mus...

5.5CVSS0.00165EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 7:16 p.m.13 views

CVE-2026-47963

DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim mus...

5.5CVSS0.00165EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 7:16 p.m.14 views

CVE-2026-47927

DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim mus...

5.5CVSS0.00165EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/06/16 7:5 p.m.10 views

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim's project hijack the victim's machine learning model upload and run code inside Google's serving infrastructure. Palo Alto Networks Unit 42, which found and reported the bug through Google's bug bounty...

7.7CVSS5.6AI score0.00438EPSS
Exploits1
CVE
CVE
added 2026/06/16 6:4 p.m.24 views

CVE-2026-53842

OpenClaw prior to 2026.5.2 is affected by an environment variable injection in CLOUDSDK_PYTHON that can influence Python runtime selection during Gmail setup gcloud execution. Attackers with repository access can set CLOUDSDK_PYTHON to point to unintended local Python paths, potentially enabling ...

7.1CVSS5.9AI score0.00133EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/16 4:32 p.m.3 views

CVE-2026-47963

DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim mus...

5.5CVSS5.7AI score0.00165EPSS
Exploits0References2
CVE
CVE
added 2026/06/16 4:32 p.m.29 views

CVE-2026-47964

Affected software : DNG SDK (version 1.7.1 2536 and earlier). Vulnerability : Heap-based buffer overflow (CWE-122) in the DNG SDK, potentially allowing arbitrary code execution in the context of the current user. Impact : Arbitrary code execution with high impact (confidentiality/ integrity/ avai...

7.8CVSS6AI score0.00199EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/16 4:32 p.m.2 views

CVE-2026-47927

DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim mus...

5.5CVSS5.7AI score0.00165EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 4:18 p.m.5 views

Security Bulletin: Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2026 - Includes Oracle April 2026 CPU

Summary Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2026 - Includes Oracle April 2026 CPU plus CVE-2026-22016, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-34268, and CVE-2026-22007 Vulnerability Details CVEID:CVE-2026-22016...

7.5CVSS5AI score0.00702EPSS
Exploits0Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 6:12 a.m.18 views

Malicious code in hot-validation-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c76065c270ae195ee042c46a6d0ade5737992948d3f3068f367fc6bfef474ce9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/06/16 6:12 a.m.18 views

MAL-2026-5870 Malicious code in hot-validation-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c76065c270ae195ee042c46a6d0ade5737992948d3f3068f367fc6bfef474ce9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
NVD
NVD
added 2026/06/16 4:17 a.m.19 views

CVE-2026-6964

The Video Conferencing with Zoom plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.6.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to obtain...

5.3CVSS0.00323EPSS
Exploits0References8
Rows per page
Query Builder