Lucene search
K

12 matches found

OSV
OSV
added 2026/06/26 2:15 p.m.6 views

MAL-2026-6525 Malicious code in ts-einkle-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f565a21645ed6a288a820dea60e648589a5cca95a91b2c90720f3d2bcadca73b Package is published as ts-einkle-slot but its tarball contents source, README, LICENCE, package.json author/repository/description are copied verbat...

5.8AI score
Exploits0References6
NVD
NVD
added 2026/04/14 2:16 a.m.20 views

CVE-2026-39419

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandbox result validation and spoof tool execution results by exploiting Python frame introspection to read the wrapper's UUID from its bytecode constants, then writing a forged resu...

3.1CVSS0.00222EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 4:47 p.m.2 views

Malicious code in mansioda-nodana-munfuuangu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0473e352e1ba3128d7add54eb35d0cbf3f6d3c2c5a8a048eba210c37931268a9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 7:31 a.m.1 views

Malicious code in artificial_cow_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa57c798c98fd2181ddebb74ca7590fb2f33d37d6748a191186727d0aa9c556a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 12:17 a.m.2 views

Malicious code in mahesa-bakwan39-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3eb2aaaf54e70933ec27dc1f1f3ff88bd7a7c78bc0abe17181fbde2101cbca79 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
Cvelist
Cvelist
added 2024/03/08 1:35 a.m.20 views

CVE-2024-23277

The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard...

5.3AI score0.00715EPSS
Exploits0References2
Prion
Prion
added 2024/03/02 10:15 p.m.16 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: netfs: Only call foliostartfscache one time for each folio If a network filesystem using netfs implements a clamplength function, it can set subrequest lengths smaller than a page size. When we loop through the folios in...

7.2AI score0.00225EPSS
Exploits0References3
NVD
NVD
added 2021/11/03 1:15 a.m.17 views

CVE-2021-29993

Firefox for Android allowed navigations through the intent:// protocol, which could be used to cause crashes and UI spoofs. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 92...

8.1CVSS0.00703EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2021/11/03 12:4 a.m.45 views

CVE-2021-29993

Firefox for Android allowed navigations through the intent:// protocol, which could be used to cause crashes and UI spoofs. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 92...

8.1CVSS7.4AI score0.00703EPSS
Exploits0
Cvelist
Cvelist
added 2021/11/03 12:4 a.m.28 views

CVE-2021-29993

Firefox for Android allowed navigations through the intent:// protocol, which could be used to cause crashes and UI spoofs. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 92...

7.8AI score0.00703EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2020/05/05 7:38 p.m.121 views

Spear-Phishing Attack Spoofs EE To Target Executives

Researchers warn of an ongoing spear-phishing attack mimicking a well-known telecommunications company, EE, to snatch up corporate executives’ credentials and payment details. Highly targeted emails have been sent to a few executives – including one at a leading financial firm – purporting to be...

7.3AI score
Exploits0References11
Openbugbounty
Openbugbounty
added 2017/09/05 2:3 a.m.14 views

spoonsports.eu XSS vulnerability

Vulnerable URL: https://www.spoonsports.eu/catalogsearch/result/?q=%3C%2Fscript%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%2FXSSPOSED%2F%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 04.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...

6.3AI score
Exploits0
Rows per page
Query Builder