Lucene search
K

16561 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.7 views

Malicious code in leo-connector-mongo (npm)

The leo-connector-mongo npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.8 views

Malicious code in serverless-leo (npm)

The serverless-leo npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/06/24 11:4 p.m.7 views

MAL-2026-6426 Malicious code in leo-connector-oracle (npm)

The leo-connector-oracle npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.7 views

Malicious code in solo-nav (npm)

The solo-nav npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

6.3AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.6 views

Malicious code in leo-connector-oracle (npm)

The leo-connector-oracle npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.8 views

Malicious code in leo-aws (npm)

The leo-aws npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

6.3AI score
Exploits0References2
OSV
OSV
added 2026/06/24 11:4 p.m.4 views

MAL-2026-6421 Malicious code in leo-cli (npm)

The leo-cli npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

6.2AI score
Exploits0References3
OSV
OSV
added 2026/06/24 11:4 p.m.6 views

MAL-2026-6433 Malicious code in rstreams-shard-util (npm)

The rstreams-shard-util npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.11 views

Malicious code in leo-logger (npm)

The leo-logger npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/06/24 11:4 p.m.11 views

MAL-2026-6419 Malicious code in leo-cache (npm)

The leo-cache npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

6.4AI score
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 9:55 p.m.20 views

CVE-2026-39894 Cacti: RRDtool metric shift via LC_NUMERIC locale comma decimal formatting

Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...

2.9CVSS0.00104EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/24 5:52 p.m.12 views

CVE-2026-49980

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /remote:path/object. The remote value is parsed from the URL and passed...

9.8CVSS6AI score0.00701EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/24 5:33 p.m.30 views

CVE-2026-48719 Warp branch selector command injection via Git branch names

Warp is an agentic development environment. From 0.2025.08.06.08.12.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection in the prompt branch selector. A user who can publish a branch to a Git repository opened in Warp can cause a crafted branch name to be interpreted by...

8CVSS0.00948EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 5:31 p.m.30 views

CVE-2026-48721 Warp: Env-var prefixes can lead to denylisted command autoexecution

Warp is an agentic development environment. From 0.2025.10.08.08.12.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command execution permission-check bypass in the default unsandboxed CLI agent profile. The CLI profile is non-interactive and relies on a command denylist as a safety...

8.6CVSS0.00145EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 5:25 p.m.25 views

CVE-2026-48703

Summary: CVE-2026-48703 affects Warp’s Agent Code Search tools (Grep and FileGlob). From 0.2025.04.09.08.11.stable_00 through 0.2026.05.06.15.42.stable_01, these tools perform read/search actions but construct shell commands from agent-controlled inputs (search text, paths, glob patterns) and exe...

7.8CVSS6.1AI score0.00177EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 5:25 p.m.4 views

EUVD-2026-39011

Warp is an agentic development environment. From 0.2025.04.09.08.11.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command execution policy bypass in Agent code search tools. The affected Grep and FileGlob actions are authorized as read/search operations, but their implementations...

7.8CVSS6.1AI score0.00177EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 5:17 p.m.2 views

UBUNTU-CVE-2026-54904

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::AtomicReferenceupdate can enter a permanent busy retry loop when the current value is Float::NAN. The issue is caused by the interaction between AtomicReferenceupdate, which retries until compareandsetoldvalue,...

8.2CVSS5.9AI score0.00278EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/06/24 4:29 p.m.8 views

Important: Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage

A Subscription Management tool for finding and reporting Red Hat product usage Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their...

9.8CVSS5.9AI score0.02719EPSS
Exploits18References55
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: media: adv7842: Avoid possible out-of-bounds array accesses in adv7842cplogstatus It is possible for cpread and hdmiread to return -EIO. These values are further used as indexes to access arrays. The issue was fixed by checking t...

7.1CVSS5.9AI score0.00117EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 1:10 p.m.4 views

OESA-2026-2697 ffmpeg security update

FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: An out-of-bounds write...

8.8CVSS6.1AI score0.00477EPSS
Exploits3References2
Rows per page
Query Builder