Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

CNNVD
CNNVDadded 2026/05/28 12:0 a.m.6 views

Casdoor 安全漏洞

Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor prior to 2.362.0 contained a security vulnerability. This vulnerability stemmed from the buildSpCertificateStore function, which directly extracted X.509...

9.1CVSS5.8AI score0.00011EPSS
Exploits0References2
CISA KEV Catalog
CISA KEV Catalogadded 2026/05/27 12:0 a.m.12 views

TanStack Unspecified Vulnerability

TanStack contains an unspecified vulnerability that allowed malicious versions of the product to be published to the npm registry to publish credential-stealing malware under a trusted identity...

9.6CVSS7.4AI score0.17051EPSS
In wildExploits3
HackRead
HackReadadded 2026/05/15 8:55 p.m.4 views

The Next Cybersecurity Challenge May Be Verifying AI Agents

AI agents are reshaping cybersecurity. Learn why verification, trusted identity standards, and runtime controls are now essential...

5.8AI score
Exploits0
Veracode
Veracodeadded 2026/05/12 7:56 p.m.11 views

Embedded Malicious Code

@tanstack/ packages are vulnerable to Embedded Malicious Code. The vulnerability is due to misconfigured GitHub Actions workflows and cache poisoning weaknesses that allowed attackers to extract OIDC tokens and publish malicious package versions under a trusted identity...

9.6CVSS6AI score0.17051EPSS
Exploits3References7Affected Software42
NVD
NVDadded 2026/05/12 1:16 a.m.13 views

CVE-2026-45321

On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/ packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself...

9.6CVSS0.17051EPSS
Exploits3References5
EUVD
EUVDadded 2026/05/11 5:58 p.m.1 views

EUVD-2026-11304

Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation...

9.1CVSS5.8AI score0.0003EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/03/11 12:0 a.m.3 views

PT-2026-24800

Name of the Vulnerable Software and Affected Versions Unity Catalog versions 0.4.0 and earlier Description Unity Catalog is an open, multi-modal Catalog for data and AI. A critical authentication bypass exists in the Unity Catalog token exchange endpoint, /api/1.0/unity-control/auth/tokens. The...

9.1CVSS5.8AI score0.0003EPSS
Exploits0References14
Microsoft Malware Protection
Microsoft Malware Protectionadded 2020/12/21 10:3 p.m.42 views

Advice for incident responders on recovery from systemic identity compromises

As Microsoft alongside our industry partners and the security community continues to investigate the extent of the Solorigate attack, our goal is to provide the latest threat intelligence including IOCs and guidance across our products and solutions to help the community fight back against, harde...

0.4AI score
Exploits0
Rows per page
Query Builder