Lucene search
K

52 matches found

NVD
NVD
added 3 days ago7 views

CVE-2026-15378

A flaw was found in the guardrails-detectors component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery SSRF by submitting a specially crafted XML Schema Definition XSD string. This can lead to unauthorized access to sensitive information, including...

9.3CVSS0.00424EPSS
Exploits0References2
OSV
OSV
added 2026/06/05 12:53 a.m.13 views

MAL-2026-5261 Malicious code in mountly-tailwind (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

5.7AI score
Exploits0References2
OSV
OSV
added 2026/06/05 12:53 a.m.11 views

MAL-2026-5235 Malicious code in awaitly-analyze (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b77cddba130960f19c0c0b71b952811cc8dabd41e848d5305497cd16757ba2e3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.15 views

Malicious code in @forjacms/sections (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c21dd7e7453f68aa7240f5ec40de3a37683b0a9655d0218a094c528e042766f The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 12:0 a.m.16 views

Malicious code in @redhat-cloud-services/remediations-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/06/01 12:0 a.m.11 views

MAL-2026-5142 Malicious code in @redhat-cloud-services/insights-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/19 12:0 a.m.9 views

MAL-2026-4118 Malicious code in @antv/xflow (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
Snyk
Snyk
added 2026/05/18 9:0 p.m.8 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2026/04/14 11:14 p.m.7 views

GHSA-FHVP-9HCJ-6M33 Oxia has an OIDC token audience validation bypass via SkipClientIDCheck

Summary The OIDC authentication provider unconditionally sets SkipClientIDCheck: true in the go-oidc verifier configuration, disabling the standard audience aud claim validation at the library level. This allows tokens issued for unrelated services by the same OIDC issuer to be accepted by Oxia...

9.3CVSS5.8AI score0.00255EPSS
Exploits0References3
OSV
OSV
added 2026/03/10 6:18 p.m.6 views

DEBIAN-CVE-2026-30928

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, the /api/4/config REST API endpoint returns the entire parsed Glances configuration file glances.conf via self.config.asdict with no filtering of sensitive values. The configuration file contains credentials for all...

7.5CVSS8.4AI score0.01657EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/04 3:8 p.m.36 views

CVE-2025-62879 Rancher Backup Operator pod's logs leak S3 tokens

A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens both accessKey and secretKey into the rancher-backup-operator pod's logs...

6.8CVSS0.0034EPSS
Exploits0References2
OSV
OSV
added 2026/02/19 8:32 p.m.5 views

GHSA-9M9C-VPV5-9G85 Feathers exposes internal headers via unencrypted session cookie

All HTTP request headers are stored in the session cookie, which is signed but not encrypted, exposing internal proxy/gateway headers to clients. The OAuth service stores the complete headers object in the session: javascript //...

8.2CVSS5.5AI score0.00354EPSS
Exploits0References5
OSV
OSV
added 2026/02/11 2:23 p.m.3 views

GHSA-PQQF-7HXM-RJ5R Leaky JWTs in OpenMetadata exposing highly-privileged bot users

Summary Calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services Glue / Redshift / Postgres Details Any read-only user can gain access to a highly privileged account, typically which has the Ingestion Bot Role. This enables destructive changes...

7.6CVSS5.5AI score0.00331EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-25356

Malware in sbrugna...

7.5CVSS6.1AI score0.01017EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2011-4508

Malware in sbrugna...

6.5CVSS6.1AI score0.01272EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2012-4341

Malware in sbrugna...

4.9CVSS6.1AI score0.00983EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-0539

Malicious code in bioql PyPI...

8.1CVSS6.5AI score0.00572EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-2024

Malicious code in bioql PyPI...

7.3CVSS7.3AI score0.00972EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2025/09/22 5:47 a.m.7 views

Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants

A critical token validation failure in Microsoft Entra ID previously Azure Active Directory could have allowed attackers to impersonate any user, including Global Administrators, across any tenant. The vulnerability, tracked as CVE-2025-55241 , has been assigned the maximum CVSS score of 10.0. It...

10CVSS8.7AI score0.07448EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2016-7038

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed. CVE-2016-7038 Note that Nessus relies o...

7.3CVSS7AI score0.00972EPSS
Exploits0References2
Rows per page
Query Builder