Lucene search
K

685 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/19 5:37 p.m.8 views

Malicious code in libavcodec-extra (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 00a68b4208fb4614b815e8a867c2155a8667b424e6457e3b72da362edbad9615 During installation or import, the package exfiltrates basic information in a dependency confusion attempt. The user identifies themselves as a HackerOne user...

5.9AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/16 4:23 p.m.5 views

Glances exposes the REST API without authentication

Summary Glances web server runs without authentication by default when started with glances -w, exposing REST API with sensitive system information including process command-lines containing credentials passwords, API keys, tokens to any network client. Details Root Cause: Authentication is...

8.7CVSS5.8AI score0.0155EPSS
Exploits1References5Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/16 9:58 a.m.5 views

Malicious code in vitest-config (npm)

Malicious package due to preinstall script execution, system info gathering, Discord webhook usage for data exfiltration, and error suppression. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d6cfc9315582e56556f40906f86a19927ad32b3826548896d1eaf23e0705243 The...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/13 5:37 a.m.4 views

Malicious code in tourney-sdk-react (npm)

The package exfiltrates system data to remote server --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c5364bf5b440c1fcec66cbe29b7243db3661868744f68aebeb5f8b99619d950 The package tourney-sdk-react was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/12 4:23 p.m.3 views

Malicious Package

Overview transform-react-jsx is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/03/12 4:23 p.m.2 views

Malicious Package

Overview transform-regexp-constructors is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious...

9.8CVSS5.9AI score
Exploits0References3
NVD
NVD
added 2026/03/12 4:16 p.m.5 views

CVE-2019-25540

Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various parameters. Attackers can craft malicious requests with SQL payloads to extract sensitive database information includi...

8.8CVSS0.00359EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/12 3:37 p.m.2 views

CVE-2019-25540

Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various parameters. Attackers can craft malicious requests with SQL payloads to extract sensitive database information includi...

8.8CVSS5.9AI score0.00359EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/12 3:37 p.m.3 views

CVE-2019-25540 Netartmedia PHP Mall 4.1 Multiple SQL Injection

Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various parameters. Attackers can craft malicious requests with SQL payloads to extract sensitive database information includi...

8.8CVSS5.9AI score0.00359EPSS
Exploits1References2
OSV
OSV
added 2026/03/11 11:30 p.m.3 views

MAL-2026-1350 Malicious code in falador (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1d66c45b27d4ff7595d8a13a91515450c248dc50a6531199f0254bbd9d6440bb During installation or import, the package exfiltrates basic information in a dependency confusion attempt. The user identifies themselves as a HackerOne user...

5.9AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/11 7:8 a.m.6 views

CVE-2026-24313

SAP Solution Tools Plug-In ST-PI contains a function module that does not perform the necessary authorization checks for authenticated users, allowing system information to be disclosed. This vulnerability has a low impact on confidentiality and does not affect integrity or availability...

5CVSS5.8AI score0.00209EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.5 views

PT-2026-24157

SAP Solution Tools Plug-In ST-PI contains a function module that does not perform the necessary authorization checks for authenticated users, allowing system information to be disclosed. This vulnerability has a low impact on confidentiality and does not affect integrity or availability...

5CVSS5.8AI score0.00209EPSS
Exploits0References2
NVD
NVD
added 2026/03/07 4:15 p.m.4 views

CVE-2026-29787

mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.21.0, the /api/health/detailed endpoint returns detailed system information including OS version, Python version, CPU count, memory totals, disk usage, and the full database filesystem path. When...

5.3CVSS0.00369EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/06 3:4 p.m.29 views

CVE-2026-2752

Navtor NavBox allows information disclosure via the /api/ais-data endpoint. A remote, unauthenticated attacker can send crafted requests to trigger an unhandled exception, causing the server to return verbose .NET stack traces. These error messages expose internal class names, method calls, and...

5.3CVSS0.00261EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/03 1:37 p.m.4 views

CVE-2026-2584

A critical SQL Injection SQLi vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker AV:N/PR:N can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity AC:L and the absence o...

9.3CVSS5.9AI score0.00414EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 5:29 p.m.8 views

Security Bulletin: IBM MQ Appliance is affected by an authority vulnerability (CVE-2026-1713)

Summary IBM MQ Appliance has addressed an authority vulnerability. Vulnerability Details CVEID:CVE-2026-1713 DESCRIPTION: IBM MQ is affected by an authority vulnerability allowing users access to SYSTEM.AUTH.DATA.QUEUE. CWE:CWE-305: Authentication Bypass by Primary Weakness CVSS Source: IBM CVSS...

5.5CVSS5.5AI score0.00114EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/02/25 5:25 p.m.5 views

CVE-2026-20133

A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this...

7.5CVSS0.10245EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/25 4:13 p.m.25 views

CVE-2026-20133

A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this...

6.5CVSS0.10245EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/25 5:19 a.m.7 views

Malicious code in projectrtert (npm)

Package collects and exfiltrates sensitive system data to Oastify URLs. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7b127b8509d4b1ad251567a872811e8a8f4441791c7edadb916c6214be26768 The package projectrtert was found to contain malicious code. Source:...

5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.7 views

PT-2026-21957

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager affected versions not specified Description Insufficient file system access restrictions could allow an unauthenticated remote attacker to view sensitive information on the underlying operating system. Exploitatio...

7.8CVSS8.2AI score0.10245EPSS
Exploits0References49
Rows per page
Query Builder