Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

SUSE CVE
SUSE CVEadded 2023/02/15 4:44 a.m.4 views

SUSE CVE-2017-9780

In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the...

7.8CVSS6.6AI score0.00355EPSS
Exploits0References5
The Hacker News
The Hacker Newsadded 2022/06/24 9:52 a.m.56 views

Multiple Backdoored Python Libraries Caught Stealing AWS Secrets and Keys

Researchers have discovered a number of malicious Python packages in the official third-party software repository that are engineered to exfiltrate AWS credentials and environment variables to a publicly exposed endpoint. The list of packages includes loglib-modules, pyg-modules, pygrata,...

0.2AI score
Exploits0
Cvelist
Cvelistadded 2021/12/09 5:5 p.m.25 views

CVE-2021-22568 Dart - Publishing to third-party package repositories may expose pub.dev credentials

When using the dart pub publish command to publish a package to a third-party package server, the request would be authenticated with an oauth2 accesstoken that is valid for publishing on pub.dev. Using these obtained credentials, an attacker can impersonate the user on pub.dev. We recommend...

8.8CVSS8.9AI score0.00915EPSS
Exploits0References3
The Hacker News
The Hacker Newsadded 2021/07/30 8:18 a.m.103 views

Several Malicious Typosquatted Python Libraries Found On PyPI Repository

As many as eight Python packages that were downloaded more than 30,000 times have been removed from the PyPI portal for containing malicious code, once again highlighting how software package repositories are evolving into a popular target for supply chain attacks. "Lack of moderation and automat...

8.1AI score
Exploits0
Tenable Nessus
Tenable Nessusadded 2017/09/18 12:0 a.m.41 views

GLSA-201709-09 : Subversion: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201709-09 Subversion: Arbitrary code execution Specially crafted ssh://... URLs may allow the owner of the repository to execute arbitrary commands on clients machine if those commands are already installed on the clients system...

9.8CVSS7.6AI score0.18892EPSS
Exploits3References3
UbuntuCve
UbuntuCveadded 2017/06/21 3:29 p.m.24 views

CVE-2017-9780

In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the...

7.8CVSS7AI score0.00355EPSS
Exploits0References3
OSV
OSVadded 2017/06/21 3:29 p.m.24 views

CVE-2017-9780

In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the...

7.8CVSS7.5AI score
Exploits0References4
Rows per page
Query Builder