Lucene search
K

28098 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago8 views

Malicious code in express-router-engine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49091d8e8923e3e709cebd14f01ee1617267bf3f9b6be99052603715b7cf9f70 The sole shipped file index.js is a heavily obfuscated RC4 + base64 string-array, 337-entry rotated array, control-flow flattening IIFE that executes...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in cursed-ecto-d3ab00 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49348969de68b56d680a46f67f817053621fa41a5220d8cd0bc1da720e77a5a1 The package has no legitimate functionality index.js is an empty module and exists solely to run an install-time attack payload. All four lifecycle...

6AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in tailwind-animate-v4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd43366b04ea80c2244079c09602623af157ce00cba9ae1837005b97ffe44bdb The package presents itself as a Tailwind CSS animation plugin and reproduces the legitimate tailwindcss-animate source including its original author...

6.2AI score
Exploits0References5
Circl
Circl
added 4 days ago8 views

CVE-2026-4275

creationtimestamp| type| source ---|---|--- 2026-07-09 14:57:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq7vgdjneg26 2026-07-10 00:00:27+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mqatqsu5rv2o...

8.8CVSS5.9AI score0.00187EPSS
Exploits0References2
Circl
Circl
added 4 days ago10 views

CVE-2026-4256

creationtimestamp| type| source ---|---|--- 2026-07-09 14:52:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq7v5f3nus2i...

8.2CVSS5.9AI score0.00213EPSS
Exploits0References1
CVE
CVE
added 4 days ago17 views

CVE-2025-58151

CVE-2025-58151 affects varstored, a Xen/Xapi component that handles UEFI variables and maps guest memory to OVMF. The vulnerability arises from TOCTOU due to insufficient compiler barriers in the shared buffer, with exploitation depending on compiler-generated code, and the attacker potentially c...

9.4CVSS6.2AI score0.0012EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago30 views

CVE-2025-58151 varstored: TOCTOU issues with mapped guest memory

varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the shared buffer. The...

9.4CVSS0.0012EPSS
Exploits0References1
Circl
Circl
added 4 days ago7 views

CVE-2026-15170

creationtimestamp| type| source ---|---|--- 2026-07-09 14:35:14+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mq7u64nhfe25...

5.5CVSS5.9AI score0.00133EPSS
Exploits1References1
Circl
Circl
added 4 days ago8 views

CVE-2026-58303

creationtimestamp| type| source ---|---|--- 2026-07-09 12:47:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq7o4uy5hk2t...

6.1CVSS5.9AI score0.00116EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago8 views

Malicious code in playwrightr (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e165b925f82629524e611c81597c32a171df7cec246dc73f268d8192ccbe2c5 setup.py registers a CustomInstallCommand that runs automatically on pip install under Windows. It uses WinHTTP via ctypes to fetch a binary from...

6.1AI score
Exploits0References5
RedHat Linux
RedHat Linux
added 4 days ago3 views

ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses

A flaw was found in Net::IMAP, a Ruby library implementing the Internet Message Access Protocol IMAP client functionality. A hostile server can exploit a quadratic time complexity issue in the Net::IMAP::ResponseReader when processing large responses containing numerous string literals. This can...

7.5CVSS5.8AI score0.0041EPSS
Exploits0References11
Circl
Circl
added 4 days ago8 views

CVE-2026-12590

creationtimestamp| type| source ---|---|--- 2026-07-09 10:29:15+00:00| seen| https://bsky.app/profile/ulisesgascon.com/post/3mq7gg7lj5s2d 2026-07-10 05:29:48+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqbg5qdepx2e...

5.9CVSS6.1AI score0.0025EPSS
Exploits0References2
Circl
Circl
added 4 days ago9 views

CVE-2026-14245

creationtimestamp| type| source ---|---|--- 2026-07-09 09:00:27+00:00| seen| https://infosec.exchange/users/offseq/statuses/116889198686002131 2026-07-09 09:00:30+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mq7bhkabxp24 2026-07-09 22:30:57+00:00| seen|...

9.8CVSS5.9AI score0.00586EPSS
Exploits0References4
NVD
NVD
added 4 days ago8 views

CVE-2026-14342

The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to time-based SQL Injection via the 'contactids' parameter in all versions up to, and including, 1.24.2 due to insufficient escaping on the user supplied parameter and lack of...

4.9CVSS0.00266EPSS
Exploits0References5
Circl
Circl
added 4 days ago11 views

CVE-2026-11869

creationtimestamp| type| source ---|---|--- 2026-07-09 08:01:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq766nzxj42g...

5.3CVSS5.9AI score0.00193EPSS
Exploits0References1
Circl
Circl
added 4 days ago8 views

CVE-2026-11571

creationtimestamp| type| source ---|---|--- 2026-07-09 07:59:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq762jnkum25 2026-07-09 17:47:41+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqa6wauter26...

7.5CVSS5.9AI score0.00256EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-14342 Mail Mint <= 1.24.2 - Authenticated (Administrator+) SQL Injection via 'contact_ids' Parameter

The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to time-based SQL Injection via the 'contactids' parameter in all versions up to, and including, 1.24.2 due to insufficient escaping on the user supplied parameter and lack of...

4.9CVSS0.00266EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42545

The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to time-based SQL Injection via the 'contactids' parameter in all versions up to, and including, 1.24.2 due to insufficient escaping on the user supplied parameter and lack of...

4.9CVSS6AI score0.00266EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 4 days ago8 views

CVE-2026-14245

The miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to, and including, 5.5.1. This is due to the umresetpasswordprocesshook function performing no server-side...

9.8CVSS6AI score0.00586EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-14342

The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to time-based SQL Injection via the 'contactids' parameter in all versions up to, and including, 1.24.2 due to insufficient escaping on the user supplied parameter and lack of...

4.9CVSS6AI score0.00266EPSS
Exploits0References6
Rows per page
Query Builder