Lucene search
+L

6717 matches found

nuclei
nuclei
added yesterday22 views

WordPress Product Slider Pro for WooCommerce < 3.5.4 - Supply Chain Backdoor RCE

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4. id: CVE-2026-49777 info: name: WordPress Product Slider Pro f...

10CVSS6.1AI score0.01656EPSS
Exploits3References3
cve
cve
added 2 days ago18 views

CVE-2026-46421

The CVE concerns a supply-chain compromise in the SAP Cloud Application Programming Model’s cap-js/cds-dbs monorepo. On 2026-04-29, compromised versions of @cap-js/[email protected], @cap-js/[email protected], and @cap-js/[email protected] were published; these malicious packages harvested credentials (n...

9.3CVSS6.1AI score0.00384EPSS
Exploits0References4
nvd
nvd
added 2 days ago5 views

CVE-2026-61446

PraisonAI praisonaiagents before 1.6.78 contains a remote code execution vulnerability in the plugin manager, which loads and executes arbitrary Python .py files from project-level and user-home .praisonai/plugins/ directories using importlib specfromfilelocation and execmodule without code...

8.6CVSS0.00221EPSS
Exploits0References2
cvelist
cvelist
added 2 days ago33 views

CVE-2026-61446 PraisonAI before 1.6.78 Remote Code Execution via Plugin Auto-Discovery

PraisonAI praisonaiagents before 1.6.78 contains a remote code execution vulnerability in the plugin manager, which loads and executes arbitrary Python .py files from project-level and user-home .praisonai/plugins/ directories using importlib specfromfilelocation and execmodule without code...

8.6CVSS0.00221EPSS
Exploits0References2
cve
cve
added 2 days ago5 views

CVE-2026-61446

CVE-2026-61446 affects PraisonAI before 1.6.78. The plugin manager loads and executes arbitrary Python files from plugin directories using importlib and exec_module without code signing or sandboxing, enabling a local attacker who can write a malicious .py file to achieve arbitrary code execution...

8.6CVSS6.6AI score0.00221EPSS
Exploits0References2
mssecure
mssecure
added 4 days ago22 views

Defending SaaS-based applications against ShinyHunters OAuth abuse

In this article 1. Attack chain overview 2. Improving visibility into Salesforce OAuth abuse 3. Mitigation and protection guidance 4. Learn more In a series of campaigns observed between mid-2025 and mid-2026, Microsoft identified threat actor activity with overlapping tradecraft commonly...

6.1AI score
Exploits0
ossf
ossf
added 4 days ago10 views

Malicious code in assertcoreutils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e53b085bfe045b4aeabe9ad77e1066ab0883f27304197377681191c3118b780 assertcoreutils impersonates the popular chai assertion library: the README, the chai keyword, the lib/chai/ directory layout, and lib/chai.js are...

6.5AI score
Exploits0References3
osv
osv
added 4 days ago6 views

MAL-2026-10491 Malicious code in assertcoreutils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e53b085bfe045b4aeabe9ad77e1066ab0883f27304197377681191c3118b780 assertcoreutils impersonates the popular chai assertion library: the README, the chai keyword, the lib/chai/ directory layout, and lib/chai.js are...

6.5AI score
Exploits0References3
ossf
ossf
added 4 days ago8 views

Malicious code in @oliviamcdaniel12/safer-buffer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55129478b44191f3a4bb3308036567d5e2eb1a73084511b424917b6b5f7bf50f Package impersonates the popular safer-buffer module. On require, safer.js reads a PID from Porting-Buffer.md and, if that process is not alive, spaw...

6.1AI score
Exploits0References3
osv
osv
added 5 days ago3 views

MAL-2026-10212 Malicious code in vuln-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8bd105bf3b12062f312b41f2a1eead5e8481f8d3749fc78bc79ed8675c11394 On npm install, the package's preinstall script triggers a DNS lookup to a unique subdomain of oast.fun fabekzbnjtufpffkzzmvjvi5eafhny3ok.oast.fun, a...

6.4AI score
Exploits0References4
euvd
euvd
added last week8 views

EUVD-2026-39125

SiYuan: Unauthenticated Admin API Access via Blanket chrome-extension:// Origin Allowlist...

9.2CVSS6.1AI score0.00607EPSS
Exploits0References2
ubuntu
ubuntu
added last week6 views

USN-8492-5: Linux kernel (FIPS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; -...

9.8CVSS6.6AI score0.00686EPSS
Exploits4
snyk
snyk
added 2026/07/04 9:0 p.m.4 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/07/04 9:0 p.m.6 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/07/04 9:0 p.m.5 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
nvd
nvd
added 2026/07/04 2:16 a.m.11 views

CVE-2025-71372

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.getlincoef gadget in pickle reduce methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded, bypassing Picklescan's safety checks and enabling...

8.1CVSS0.00379EPSS
Exploits0References2
nvd
nvd
added 2026/07/04 2:16 a.m.12 views

CVE-2025-71342

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.run.Executive.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes during pickle.load, enabling remote code execution in PyTorch models and supply chain attacks...

8.1CVSS0.00427EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/07/04 1:23 a.m.13 views

CVE-2025-71372

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.getlincoef gadget in pickle reduce methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded, bypassing Picklescan's safety checks and enabling...

8.1CVSS6.3AI score0.00379EPSS
Exploits0References3
cvelist
cvelist
added 2026/07/04 1:23 a.m.40 views

CVE-2025-71372 Picklescan - Arbitrary Code Execution via numpy.f2py.crackfortran.getlincoef Gadget

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.getlincoef gadget in pickle reduce methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded, bypassing Picklescan's safety checks and enabling...

8.1CVSS0.00379EPSS
Exploits0References2
cve
cve
added 2026/07/04 1:23 a.m.23 views

CVE-2025-71372

Summary: CVE-2025-71372 affects Picklescan prior to 0.0.33. The vulnerability arises from failure to detect the numpy.f2py.crackfortran.getlincoef gadget within pickle reduce methods, enabling an attacker to craft malicious pickle files that execute arbitrary Python code when loaded and could poi...

8.1CVSS6.3AI score0.00379EPSS
Exploits0References2
Rows per page
Query Builder