Lucene search
+L

6725 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.12 views

PYSEC-2026-476 PraisonAI Vulnerable Untrusted Remote Template Code Execution

PraisonAI treats remotely fetched template files as trusted executable code without integrity verification, origin validation, or user confirmation, enabling supply chain attacks through malicious templates. --- Description When a user installs a template from a remote source e.g., GitHub,...

9.3CVSS6.3AI score0.00304EPSS
Exploits1References6
OSV
OSV
added 2026/06/29 6:27 a.m.10 views

MAL-2026-6583 Malicious code in pino-debugging (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83f0ecc81a618444e701cf5302ced1fa1e92aadc8df2ae2821d2a94a30683d9d Package name 'pino-debugging' is a single-edit typosquat of the legitimate 'pino-debug'. The shipped index.js requires a dependency named 'loadutils'...

6.2AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/29 4:39 a.m.14 views

CVE-2026-47155

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. The revision pinning controls in vLLM do not consistently apply to all artifacts loaded for a model. This allows a deployment configured with specific revisions to still load dynamic code or other...

6.5CVSS5.8AI score0.00146EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/28 1:8 a.m.8 views

SUSE CVE-2026-53308

In the Linux kernel, the following vulnerability has been resolved: power: supply: max77705: Free allocated workqueue and fix removal order Use devm interface for allocating workqueue to fix two bugs at the same time: 1. Driver leaks the memory on remove, because the workqueue is not destroyed. 2...

5.8AI score0.001EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/26 10:53 p.m.8 views

pnpm Has an Integrity Check Bypass via Missing Lockfile Integrity Field

Summary pnpm's tarball extraction worker skips integrity verification when the integrity field is absent from the lockfile resolution. If an attacker can both modify pnpm-lock.yaml to remove the integrity: field and cause the referenced registry URL to serve altered package content, pnpm install...

8.1CVSS5.8AI score0.00126EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/06/26 8:17 p.m.10 views

CVE-2026-53308

In the Linux kernel, the following vulnerability has been resolved: power: supply: max77705: Free allocated workqueue and fix removal order Use devm interface for allocating workqueue to fix two bugs at the same time: 1. Driver leaks the memory on remove, because the workqueue is not destroyed. 2...

5.5CVSS0.001EPSS
Exploits0References2
OSV
OSV
added 2026/06/26 8:17 p.m.6 views

UBUNTU-CVE-2026-53308

In the Linux kernel, the following vulnerability has been resolved: power: supply: max77705: Free allocated workqueue and fix removal order Use devm interface for allocating workqueue to fix two bugs at the same time: 1. Driver leaks the memory on remove, because the workqueue is not destroyed. 2...

5.5CVSS5.8AI score0.001EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/26 7:41 p.m.10 views

EUVD-2026-39843

In the Linux kernel, the following vulnerability has been resolved: power: supply: max77705: Free allocated workqueue and fix removal order Use devm interface for allocating workqueue to fix two bugs at the same time: 1. Driver leaks the memory on remove, because the workqueue is not destroyed. 2...

5.8AI score0.001EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 7:41 p.m.19 views

CVE-2026-53308

The CVE-2026-53308 issue concerns the Linux kernel max77705 power supply driver. The root cause is improper management of a workqueue and interrupt handlers during device removal, which could lead to use-after-free of memory after the workqueue is destroyed but before the interrupt is freed via t...

5.5CVSS5.8AI score0.001EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/26 7:41 p.m.11 views

CVE-2026-53308

In the Linux kernel, the following vulnerability has been resolved: power: supply: max77705: Free allocated workqueue and fix removal order Use devm interface for allocating workqueue to fix two bugs at the same time: 1. Driver leaks the memory on remove, because the workqueue is not destroyed. 2...

5.5CVSS5.8AI score0.001EPSS
Exploits0
OSV
OSV
added 2026/06/26 7:41 p.m.6 views

CVE-2026-53308 power: supply: max77705: Free allocated workqueue and fix removal order

In the Linux kernel, the following vulnerability has been resolved: power: supply: max77705: Free allocated workqueue and fix removal order Use devm interface for allocating workqueue to fix two bugs at the same time: 1. Driver leaks the memory on remove, because the workqueue is not destroyed. 2...

5.5CVSS5.8AI score0.001EPSS
Exploits0References5
OSV
OSV
added 2026/06/26 4:48 p.m.10 views

PYSEC-2026-236 Malicious code in pyphetools (PyPI)

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08, malicious phantom releases of pyphetools were published to PyPI using stolen credentials. The package executes a bundled JavaScript payload via the Bun runtime on import that harvests and exfiltrates credentials and...

5.8AI score
Exploits0References3
The Hacker News
The Hacker News
added 2026/06/26 11:5 a.m.9 views

Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack

Cybersecurity researchers have flagged yet another evolution of the supply chain attack linked to the Mini Shai-Hulud, Miasma, and Hades malware family that has compromised a new set of npm packages, even as it has propagated to the Go ecosystem. "The latest activity includes malicious npm releas...

6.5AI score
Exploits0
EUVD
EUVD
added 2026/06/26 12:32 a.m.9 views

EUVD-2025-210344

picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when the file is loaded via pickle.load, enabling supply chain attacks o...

8.1CVSS6.1AI score0.003EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 12:32 a.m.12 views

EUVD-2021-34852

Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal fork. Attackers could exploit this by specifying affected version tags in dependency declarations to execute unreviewed and...

7.7CVSS6AI score0.0012EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52947

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak and a use-after-free issue exist in the max77705 power supply driver. The driver fails to destroy the allocated workqueue during the remove process, leading to memory...

5.5CVSS5.8AI score0.001EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.14 views

Disc Soft DAEMON Tools Lite 12.5.0.2421 - 12.5.0.2434 Embedded Malicious Code (CVE-2026-8398)

The version of Disc Soft DAEMON Tools Lite installed on the remote Windows host is between 12.5.0.2421 and 12.5.0.2434 inclusive. It is, therefore, affected by an embedded malicious code vulnerability. - A supply chain attack compromised the official installation packages of DAEMON Tools Lite,...

9.8CVSS6.2AI score0.01456EPSS
Exploits1References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 10:58 p.m.8 views

Malicious code in random-string-64 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fea72321e7eb57feb094bc31de2393ec2a56903156e1257a062e40541785b96 The package advertises itself as a 5-line random-string generator, but index.js the declared main contains a hardcoded AES-256-CBC ciphertext blob th...

6AI score
Exploits0References3
OSV
OSV
added 2026/06/25 10:58 p.m.8 views

MAL-2026-6484 Malicious code in random-string-64 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fea72321e7eb57feb094bc31de2393ec2a56903156e1257a062e40541785b96 The package advertises itself as a 5-line random-string generator, but index.js the declared main contains a hardcoded AES-256-CBC ciphertext blob th...

6AI score
Exploits0References3
OSV
OSV
added 2026/06/25 10:34 p.m.17 views

GO-2026-5416 gitverify has improper tag signature verification in github.com/supply-chain-tools/gitverify

gitverify has improper tag signature verification in github.com/supply-chain-tools/gitverify...

5.8AI score
Exploits0References2
Rows per page
Query Builder