Lucene search
K

16 matches found

NVD
NVD
added 2026/06/25 10:16 p.m.9 views

CVE-2021-47986

Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal fork. Attackers could exploit this by specifying affected version tags in dependency declarations to execute unreviewed and...

7.7CVSS0.0012EPSS
Exploits0References2
CVE
CVE
added 2026/04/28 6:9 p.m.10 views

CVE-2026-41387

OpenClaw before 2026.3.22 contains an incomplete host environment variable sanitization vulnerability in host-env-security-policy.json and host-env-security.ts that allows package-manager environment overrides. Attackers can exploit approved exec requests to redirect package resolution or runtime...

8.5CVSS5.4AI score0.00241EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.8 views

PT-2026-33361

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0 Description An issue exists in the MCP adapter due to unsafe serialization of stdio commands, allowing an authenticated attacker to achieve command execution on the underlying operating system. The flaw is locat...

9.9CVSS6.2AI score0.01987EPSS
Exploits1References29
Tenable Nessus
Tenable Nessus
added 2026/03/31 12:0 a.m.13 views

Node.js Module axios 0.30.4 / 1.14.1 Supply Chain Vulnerability

The version of the axios Node.js module installed on the remote host is 0.30.4 or 1.14.1. It is, therefore, affected by a supply chain vulnerability where a supply chain attack targeting the widely used HTTP client Axios has introduced a malicious dependency into specific npm releases, including...

6.1AI score
Exploits0References1
OSV
OSV
added 2025/11/14 2:45 p.m.11 views

HSEC-2025-0005 cabal-install dependency confusion

cabal-install dependency confusion For cabal-install 3.4.0.0 and where multiple repositories are configured, the resolver picks the highest available version across all repositories. Where a package is only defined in a private repository, this behaviour leads to a dependency confusionblog supply...

6.9AI score
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-18656

Malicious code in bioql PyPI...

6.1CVSS6.9AI score0.00168EPSS
Exploits0References1
Schneier on Security
Schneier on Security
added 2025/07/21 11:4 a.m.5 views

Another Supply Chain Vulnerability

ProPublica is reporting: Microsoft is using engineers in China to help maintain the Defense Department's computer systems--with minimal supervision by U.S. personnel--leaving some of the nation's most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigatio...

7.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/07/13 12:0 a.m.2 views

PT-2025-30608 · Hackage · Cabal-Install

cabal-install dependency confusion For cabal-install 3.4.0.0 and where multiple repositories are configured, the resolver picks the highest available version across all repositories. Where a package is only defined in a private repository, this behaviour leads to a dependency confusionblog supply...

7AI score
Exploits0References5
NVD
NVD
added 2025/01/21 9:15 p.m.8 views

CVE-2025-21564

Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain component: Agile Integration Services. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM...

8.1CVSS0.00481EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/01/24 9:1 a.m.41 views

The Unknown Risks of The Software Supply Chain: A Deep-Dive

In a world where more & more organizations are adopting open-source components as foundational blocks in their application's infrastructure, it's difficult to consider traditional SCAs as complete protection mechanisms against open-source threats. Using open-source libraries saves tons of coding...

9.8CVSS7.4AI score0.12661EPSS
Exploits0
NCSC
NCSC
added 2023/10/19 12:0 a.m.4 views

Vulnerability fixed in Oracle Supply Chain

Oracle has fixed a vulnerability in Agile PLM. A malicious party could exploit the vulnerability to gain sensitive information or full access to all data accessible to Oracle Agile PLM accessible data. Oracle has fixed the vulnerability in the following product: - Oracle Agile PLM...

7.5CVSS7.2AI score0.01116EPSS
Exploits0
Wiz blog
Wiz blog
added 2022/12/01 3:0 p.m.18 views

Hell’s Keychain: Supply-chain vulnerability in IBM Cloud Databases for PostgreSQL allows potential unauthorized database access

How IBM Cloud caught us exploring its infrastructure and how a hardcoded secret eventually led to build artifact access and manipulation...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/06/20 6:11 a.m.22 views

Securing the software supply chain, with Kim Lewandowski: Lock and Code S03E13

At the start of the global coronavirus pandemic, nearly everyone was forced to learn about the "supply chain." Immediate stockpiling by an alarmed and from a smaller share, opportunistic public led to an almost overnight disappearance of hand sanitizer, bottled water, toilet paper, and face masks...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2021/12/18 4:53 p.m.52 views

RubyGems: Dependency repository hijacking aka Repo Jacking from GitHub repo rubygems/bundler-site & rubygems/bundler.github.io + bundler.io docs

Dependency repository hijacking aka repo jacking is an obscure supply chain vulnerability, conceptually similar to subdomain takeover. When the linked repository owner changes their username, it becomes immediately available to be re-registered by anyone. This means that any project that linked...

7.9AI score
Exploits0
ThreatPost
ThreatPost
added 2021/06/15 8:51 p.m.91 views

Millions of Connected Cameras Open to Eavesdropping

Millions of connected security and home cameras contain a critical software vulnerability that can allow remote attackers to tap into video feeds, according to a warning from the Cybersecurity and Infrastructure Security Agency CISA. The bug CVE-2021-32934, with a CVSS v3 base score of 9.1 has be...

9.1CVSS8.4AI score0.00578EPSS
Exploits0References10
CVE
CVE
added 2018/08/29 7:0 p.m.45 views

CVE-2018-6598

The CVE-2018-6598 entry concerns Orbic Wonder devices (Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys). A local-privilege-level issue exists where any app co-located on the device can send an intent to trigger a factory reset through com.android.server.MasterClearReceiver, without use...

7.1CVSS6.6AI score0.00256EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder