Lucene search
K

8379 matches found

RedhatCVE
RedhatCVE
added 6 days ago5 views

CVE-2026-13149

A flaw was found in brace-expansion. An attacker can exploit a vulnerability in the expand function by providing a specially crafted string. This string, containing consecutive non-expanding brace groups, can trigger exponential-time complexity, leading to significant CPU consumption and event-lo...

8.7CVSS5.8AI score0.00361EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 7:54 p.m.9 views

Malicious code in node-fetch-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78aef0d64a7d761d2987d27aea462083425e5692475cd81332b7a3152c754308 On Windows, scripts/postinstall.js XOR-decodes a hardcoded C2 host node22.lunes.host:3258, authenticates with a 5-minute rolling HMAC-SHA256 token,...

5.8AI score
Exploits0References8
vulnersOsv
vulnersOsv
added 2026/06/10 1:38 p.m.10 views

@hulumi/platform-patterns (>=0.0.0-bootstrap.0 <=1.3.2) potentially affected by CVE-2026-48037 via @hulumi/baseline (>=1.3.1 <=1.3.2)

@hulumi/baseline NPM version =1.3.1, =0.0.0-bootstrap.0, =1.3.2 Source cves: CVE-2026-48037 Source advisory: OSV:GHSA-CJ8G-PRCM-MFG5...

5.5AI score0.00052EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/10 1:38 p.m.8 views

@hulumi/platform-patterns (>=0.0.0-bootstrap.0 <=1.3.2) potentially affected by CVE-2026-48035 via @hulumi/baseline (>=1.3.1 <=1.3.2)

@hulumi/baseline NPM version =1.3.1, =0.0.0-bootstrap.0, =1.3.2 Source cves: CVE-2026-48035 Source advisory: OSV:GHSA-2MXR-P26X-MJ73...

5.5AI score0.00041EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:24 p.m.10 views

Malicious code in commons-ui-styles (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b9fb701d18bde61d1dc783f0575a4d83bc0eba2653bd0832d0fc26bc9e85b48 [email protected] is an empty placeholder package index.js exports , description/author blank, version bumped to 99.9.1 — the classic...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/09 5:24 p.m.10 views

MAL-2026-5437 Malicious code in commons-ui-styles (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b9fb701d18bde61d1dc783f0575a4d83bc0eba2653bd0832d0fc26bc9e85b48 [email protected] is an empty placeholder package index.js exports , description/author blank, version bumped to 99.9.1 — the classic...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/09 5:23 p.m.11 views

MAL-2026-5447 Malicious code in localization-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf143361939feffe7099c14acc7cf41a401681481e932e15d6054dde49e88f94 [email protected] is an empty shell package: index.js is module.exports = and package.json has no description or author. Its dependencies...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:18 p.m.13 views

Malicious code in @sourceflow-uk/sourceflow-tracker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5bcccc37c380ce54f5bfc2bc2311fbefb6ebc3400a397cbc4afc2188fb3c11d package.json declares a dependency ltidisafe whose version specifier is the raw URL https://storage.googleapis.com/lscunpentest/packuxfoundry.tgz — a...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/09 5:18 p.m.21 views

MAL-2026-5430 Malicious code in @sourceflow-uk/sourceflow-tracker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5bcccc37c380ce54f5bfc2bc2311fbefb6ebc3400a397cbc4afc2188fb3c11d package.json declares a dependency ltidisafe whose version specifier is the raw URL https://storage.googleapis.com/lscunpentest/packuxfoundry.tgz — a...

5.5AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/06/08 11:2 p.m.8 views

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2346 more potentially affected by CVE-2026-45674 via io.netty:netty-resolver-dns (>=4.2.0.Final <=4.2.14.Final)

io.netty:netty-resolver-dns MAVEN version =4.2.0.Final, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2026-45674 Source advisory: OSV:GHSA-676X-F7GG-47VC...

10CVSS5.7AI score0.00224EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/08 11:2 p.m.8 views

ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-metrics (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +14426 more potentially affected by CVE-2026-45674 via io.netty:netty-resolver-dns (>=4.1.0.Beta7 <=4.1.134.Final)

io.netty:netty-resolver-dns MAVEN version =4.1.0.Beta7, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves: CVE-2026-45674 Sour...

10CVSS5.7AI score0.00224EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/08 11:1 p.m.6 views

ai.h2o:h2o-algos (=0.1.9), ai.h2o:h2o-app (=0.1.9) +2053 more potentially affected by CVE-2026-45536 via io.netty:netty-transport-native-kqueue (>=4.1.11.Final <=4.1.134.Final)

io.netty:netty-transport-native-kqueue MAVEN version =4.1.11.Final, =3.30.1.1, =3.10.0.5, =0.2.3.5, =0.1.0, =0.0.1, =2.4.0, =1.5.0, =3.0.0, =3.0.0, =3.0.1 and more Source cves: CVE-2026-45536 Source advisory: OSV:GHSA-W573-9FFJ-6FF9...

4CVSS5.7AI score0.00136EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/08 7:2 p.m.8 views

ai.spice:spiceai (=0.6.0), cn.isqing.icloud:icloud-common-utils (>=4.0.3-M1 <=4.0.3.1) +636 more potentially affected by CVE-2026-44893 via io.netty:netty-codec-haproxy (>=4.2.0.Final <=4.2.14.Final)

io.netty:netty-codec-haproxy MAVEN version =4.2.0.Final, =4.0.3-M1, =1.21.9, =3.4.7, =25.4.1, =26.2.1, =7.9.0, =5.1.0, =5.1.0, =6.80, =6.84 and more Source cves: CVE-2026-44893 Source advisory: OSV:GHSA-CC37-9Q2J-3HFV...

7.5CVSS5.7AI score0.00594EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/08 7:0 p.m.7 views

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +4461 more potentially affected by CVE-2026-44249 via io.netty:netty-handler (>=4.2.0.Final <=4.2.14.Final)

io.netty:netty-handler MAVEN version =4.2.0.Final, =0.1.0, =0.1.0, =4.7.4, =4.7.4, =4.7.3, =4.7.3, =4.7.3, =4.7.3, =4.7.3, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2026-44249 Source advisory: OSV:GHSA-3QP7-7MW8-WX86...

8.1CVSS5.7AI score0.00552EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/08 6:21 p.m.6 views

res (>=0.2.0 <=0.3.0), scroller-motion (>=0.0.1-beta.2 <=0.0.1-beta.3) potentially affected by CVE-2026-42890 via actual (>=0.2.0 <=0.4.0)

actual NPM version =0.2.0, =0.2.0, =0.0.1-beta.2, =0.0.1-beta.3 Source cves: CVE-2026-42890 Source advisory: OSV:GHSA-7RVM-XJPP-63R9...

4.8CVSS5.5AI score0.00126EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/08 5:52 p.m.7 views

apheris-auth (=0.23.0), apheris-cli (>=0.51.0 <=0.52.0) +1 more potentially affected by CVE-2026-41479 via authlib (=1.7.0)

authlib PYPI version =1.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on authlib and may be impacted: - apheris-auth =0.23.0 - apheris-cli =0.51.0, =1.3.0, =1.3.0b4 Source cves: CVE-2026-41479 Source advisory: OSV:GHSA-W8P2-R796-3VMQ...

5.4CVSS5.5AI score0.0016EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/06/07 4:44 p.m.7 views

dbgate-serve (>=7.1.3-alpha.3 <=7.1.13), dbmodel (>=7.1.3-alpha.3 <=7.1.13) potentially affected by CVE-2026-48017 via dbgate-api (>=7.1.10 <=7.1.8)

dbgate-api NPM version =7.1.10, =7.1.3-alpha.3, =7.1.3-alpha.3, =7.1.13 Source cves: CVE-2026-48017 Source advisory: SNYK:JS-DBGATEAPI-17223766...

8.8CVSS5.7AI score0.0051EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/06/05 8:27 p.m.6 views

bsign-ui (>=0.0.3 <=0.0.5), gc-nimbus-ui (>=3.0.0 <=3.0.12) potentially affected by CVE-2026-47759 via tinymce (>=8.0.2 <=8.2.2)

tinymce NPM version =8.0.2, =0.0.3, =3.0.0, =3.0.12 Source cves: CVE-2026-47759 Source advisory: OSV:GHSA-Q742-QVGC-GC2F...

8.7CVSS5.4AI score0.00238EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/05 6:11 p.m.6 views

ait-dsn (=2.0.0), ait-gui (>=2.4.0 <=2.4.1) potentially affected by CVE-2026-47731 via ait-core (>=2.3.5 <=2.5.2)

ait-core PYPI version =2.3.5, =2.4.0, =2.4.1 Source cves: CVE-2026-47731 Source advisory: OSV:GHSA-P462-PRXW-MJX4...

5.5AI score0.00163EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/05 4:45 p.m.25 views

vantage6-algorithm-store (>=4.3.0 <=4.15.1rc1), vantage6-node (>=0.0.0 <=4.15.1rc1) +1 more potentially affected by CVE-2026-54445 via vantage6 (>=0.0.0 <=4.9.1)

vantage6 PYPI version =0.0.0, =4.3.0, =0.0.0, =0.0.0, =4.15.1rc1 Source cves: CVE-2026-54445 Source advisory: OSV:GHSA-FGMC-2HQJ-86V4...

6.9CVSS5.7AI score0.00292EPSS
Exploits0
Rows per page
Query Builder