Lucene search
K

6400 matches found

Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-49876

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Centralized Third Party Jars. The supported version that is affected is 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence...

9.3CVSS5.2AI score0.00338EPSS
Exploits0References2
OSV
OSV
added 2026/06/15 11:45 p.m.11 views

MAL-2026-5842 Malicious code in browserslist-db-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1e7eebaf0ec5e5d89501d240e0e11dfd758c9a9c6bcaf74a29a2dcabf1a1f502 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/06/12 7:48 p.m.14 views

MAL-2026-5715 Malicious code in workflow-postgres-setup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 19848a1b4a7188ada5866c459ec2b966b9aa6ba1d23e3c25b1f54939e6a6b963 The package advertises itself as a Postgres/workflow setup helper but ships no library code — the declared main entry index.js is absent from the...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/06/12 3:24 p.m.30 views

MAL-2026-5697 Malicious code in web-model-bridge (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d2c385c177531c421e5a49f41d931890a48c16c921b23cc20f2bf4cd8fae893 On npm install, postinstall.js sends an HTTPS POST to https://ddactic-lab.online/sc/beacon carrying the package name/version, Node version, OS,...

5.5AI score
Exploits0References2
OSV
OSV
added 2026/06/11 5:17 a.m.16 views

MAL-2026-5565 Malicious code in ai-sdk-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 501daa3c8b2c9c2609dc60fd90ae59710a603ae56fa5dcc867d24913889c5413 [email protected] is a typosquat impersonating the Vercel AI SDK ecosystem homepage ai-sdk.guide, author 'AI SDK Guide '. On npm install,...

5.9AI score
Exploits0References24
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.7 views

Fedora 43 : rust (2026-d7436d12ae)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d7436d12ae advisory. Update to Rust 1.96.0: New Range types Assert matching patterns Changes to WebAssembly targets Stabilized APIs Cargo CVE-2026-5222 and CVE-2026-5223...

6.5CVSS5.6AI score0.00328EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/10 8:22 p.m.30 views

CVE-2026-42462 Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3, an attacker can make use of JSON-LD features to restructure a JSON-LD document that would change how Fedify interprets it without changing its...

7CVSS0.00171EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 6:22 p.m.14 views

Malicious code in @orion-design-system/components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector edd5d007da2de0a07fc1a0d999cccbf71a748627c82c9b2000d161eb248a5a0f package.json declares a preinstall hook that runs an inline node -e script reading os.hostname and os.userInfo.username and transmitting them via HTT...

5.4AI score
Exploits0References4
OSV
OSV
added 2026/06/09 8:34 p.m.17 views

MAL-2026-5477 Malicious code in mcp-server-figma (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 474223e0d5456564c1ae112031e3b8f276850a79f59cc93ed3a04805de291f20 Package squats the unscoped name mcp-server-figma, which AI coding agents and developers commonly invoke via npx mcp-server-figma expecting the...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:34 p.m.13 views

Malicious code in mcp-server-figma (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 474223e0d5456564c1ae112031e3b8f276850a79f59cc93ed3a04805de291f20 Package squats the unscoped name mcp-server-figma, which AI coding agents and developers commonly invoke via npx mcp-server-figma expecting the...

5.5AI score
Exploits0References2
OSV
OSV
added 2026/06/09 8:34 p.m.9 views

MAL-2026-5480 Malicious code in mcp-server-notion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0423928197ec83ac273fa4a1b66d9e75398b956e7d5027014ff6326c552a46c2 Package occupies the unscoped name mcp-server-notion to catch misrouted installs of the scoped MCP Notion server. package.json declares "postinstall"...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:33 p.m.16 views

Malicious code in mcp-server-supabase (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85ea87cccc1a60ceb3cf3efe3d5e9839ae5e2a53beaa024a66827f2cdc2504c8 Package squats the unscoped name mcp-server-supabase to intercept npx mcp-server-supabase invocations intended for the official scoped Supabase Model...

5.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:29 p.m.15 views

Malicious code in gethandler-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b6925d4c07df297f8cb573df4d85a396794d8793179e7a97f2cfde3aadfcfbc On npm install, postinstall.js unconditionally sends an HTTPS GET to https://webhook.site/18dc4281-d366-438a-9186-76fbcd56ade5 carrying the installer...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:28 p.m.14 views

Malicious code in getui-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf281a31a53827497d9a24ff0602f277b568f495a00c14603c3e9bf11a30327a On npm install, postinstall.js issues an HTTPS GET to https://webhook.site/18dc4281-d366-438a-9186-76fbcd56ade5 with query parameters containing the...

5.4AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 7:24 p.m.9 views

CVE-2026-47906 Dreamweaver Desktop | Dependency on Vulnerable Third-Party Component (CWE-1395)

Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a maliciou...

8.6CVSS6.2AI score0.00177EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 7:24 p.m.12 views

EUVD-2026-35803

Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a maliciou...

8.6CVSS6.2AI score0.00177EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 7:24 p.m.41 views

CVE-2026-47906 Dreamweaver Desktop | Dependency on Vulnerable Third-Party Component (CWE-1395)

Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a maliciou...

8.6CVSS0.00177EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:44 p.m.20 views

Malicious code in grateful-checkout (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2a9600ad3ee3fddd9f06425260c94edf660263800080787155a63d3e5212d12 On npm install, the postinstall hook in src/canary.js performs a DNS lookup and an HTTPS GET to a serveo tunnel host...

5.5AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.12 views

CVE-2026-11502

A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This manipulation of...

3.1CVSS4.7AI score0.0025EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 12:21 a.m.8 views

CVE-2026-44754 Missing caller identification check-in for ODP Data Replication APIs

The Remote Function Call RFC modules of the Operational Data Provisioning Data Replication API ODP-RFC are missing caller identification of permitted SAP-internal applications and are being used by customer or third-party applications in ways that are not aligned with its intended usage. Which...

6.6CVSS5.5AI score0.00219EPSS
Exploits0References2
Rows per page
Query Builder