Lucene search
+L

457 matches found

nuclei
nuclei
added yesterday38 views

SPA-Cart eCommerce CMS 1.9.0.3 - Cross-Site Scripting

A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filterbrandid/filterprice leads to cross site scripting. The attack may be launched remotely...

6.1CVSS4.4AI score0.48533EPSS
Exploits4References5
astralinux
astralinux
added 2026/06/23 11:48 a.m.6 views

Astra Linux – Vulnerability in exim4

In Exim versions before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be a vulnerability where an out-of-bounds write could cause the connection instance to crash, or erroneous data processing could lead to data being leaked from uninitialized heap...

9.1CVSS5.9AI score0.00373EPSS
Exploits0References3
osv
osv
added 2026/06/16 7:27 p.m.49 views

MAL-2026-5914 Malicious code in nottuff15 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea629a411d1555cb4dbc80aa218539333aefce15e110ad0a5eaa16e4a58ab5f3 nottuff15 is one entry in a coordinated npm namespace-spam campaign. The tarball ships auto-publish.sh, a bash script that copies the package content...

6.1AI score
Exploits0References4
osv
osv
added 2026/06/11 1:54 p.m.10 views

MAL-2026-5657 Malicious code in @iobeya/spa-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f9a974281dcc6456d815e6cb8b755c3084c7ba2d4026264474e459681a9a25cb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
snyk
snyk
added 2026/05/31 9:0 p.m.11 views

Malicious Package

Overview @cloudplatform-single-spa/agreements is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...

9.8CVSS5.9AI score
Exploits0References2
snyk
snyk
added 2026/05/31 9:0 p.m.10 views

Malicious Package

Overview @cloudplatform-single-spa/ml-inference-router is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.9AI score
Exploits0References2
snyk
snyk
added 2026/05/31 9:0 p.m.9 views

Malicious Package

Overview @cloudplatform-single-spa/paas-kafka is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...

9.8CVSS5.9AI score
Exploits0References2
snyk
snyk
added 2026/05/31 9:0 p.m.13 views

Malicious Package

Overview @cloudplatform-single-spa/evolution is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization an...

9.8CVSS5.9AI score
Exploits0References2
snyk
snyk
added 2026/05/31 9:0 p.m.14 views

Malicious Package

Overview @cloudplatform-single-spa/profile is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.9AI score
Exploits0References2
snyk
snyk
added 2026/05/29 10:54 p.m.12 views

Malicious Package

Overview @cloudplatform-single-spa/datagrid is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
added 2026/05/29 10:54 p.m.13 views

Malicious Package

Overview @cloudplatform-single-spa/enterprise is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
added 2026/05/29 10:54 p.m.12 views

Malicious Package

Overview @cloudplatform-single-spa/svp-interfaces is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organizati...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
added 2026/05/29 10:54 p.m.14 views

Malicious Package

Overview @cloudplatform-single-spa/cnapp-ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
added 2026/05/29 10:54 p.m.18 views

Malicious Package

Overview @cloudplatform-single-spa/svp-s3-storage is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organizati...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
added 2026/05/29 10:54 p.m.16 views

Malicious Package

Overview @cloudplatform-single-spa/svp-baas is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
added 2026/05/29 10:54 p.m.10 views

Malicious Package

Overview @cloudplatform-single-spa/cloud-dns is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization an...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
added 2026/05/29 10:54 p.m.24 views

Malicious Package

Overview @cloudplatform-single-spa/floating-ips is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
added 2026/05/29 10:54 p.m.21 views

Malicious Package

Overview @cloudplatform-single-spa/business-solutions is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
added 2026/05/29 10:54 p.m.12 views

Malicious Package

Overview @cloudplatform-single-spa/base-static-page is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.8AI score
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/28 7:32 p.m.10 views

CVE-2026-32847 DeepCode 1.2.0 Path Traversal via SPA Catch-All Route in main.py

DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in newui/backend/main.py that allows unauthenticated attackers to read arbitrary files by supplying percent-encoded path segments to the GET /fullpath:path endpoint. Attackers can bypass Starlette's...

8.7CVSS5.9AI score0.00376EPSS
Exploits1References2
Rows per page
Query Builder