Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2025/12/03 5:1 p.m.5 views

CVE-2025-13828

SummaryA non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked. ImpactA low-privileged user of the platform can install malicious code to obtain higher privileges...

9CVSS7.2AI score0.00215EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 4:29 a.m.2 views

Malicious code in transform-webdriver-mocha-webdriver-mocha-telesto (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52e5abf93e13670c0204d1213efaf2185a6c74e9b7579971752240918009cebe This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/11/11 4:25 a.m.1 views

EUVD-2025-86540

Malicious code in dewi-soto46-miaww npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-14756

Malicious code in bioql PyPI...

9.3CVSS6.5AI score0.0036EPSS
Exploits0References2
NVD
NVD
added 2025/04/02 10:15 p.m.22 views

CVE-2025-31484

conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a packa...

9.3CVSS0.0036EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/02 12:0 a.m.7 views

PT-2024-9247 · Solana · @Solana/Web3.Js

Name of the Vulnerable Software and Affected Versions: @solana/web3.js versions 1.95.6 through 1.95.7 Description: A publish-access account was compromised for @solana/web3.js, a JavaScript library commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious...

8.3CVSS6.3AI score0.00431EPSS
Exploits0References16
OSV
OSV
added 2021/11/12 10:15 p.m.12 views

CVE-2021-3840

A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index PyPi. MITRE classifies this weakness as...

8.8CVSS8.9AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/11/12 10:15 p.m.2 views

CVE-2021-3840

A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index PyPi. MITRE classifies this weakness as...

8.8CVSS7.7AI score0.01971EPSS
Exploits0References2
exploitpack
exploitpack
added 2018/12/30 12:0 a.m.32 views

Deepin Linux 15 - lastore-daemon Local Privilege Escalation

Deepin Linux 15 - lastore-daemon Local Privilege Escalation !/bin/bash Deepin Linux 15.5 lastore-daemon D-Bus Local Root Exploit The lastore-daemon D-Bus configuration on Deepin Linux 15.5 permits any user in the sudo group to install arbitrary packages without providing a password, resulting in...

0.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/01/24 12:0 a.m.23 views

RHEL 6 : Red Hat Network Satellite spacewalk-backend (RHSA-2012:0436)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2012:0436 advisory. Red Hat Network RHN Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote...

5CVSS5.8AI score0.03016EPSS
Exploits0References5
Rows per page
Query Builder