Lucene search
K

13373 matches found

Snyk
Snyk
added 2025/10/14 9:30 p.m.2 views

Arbitrary Command Injection

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Arbitrary Command Injection via the nodevm execution environment when integrated modules such as Puppeteer or Playwright are used with attacker-controlled browser binary paths and parameters. An authenticat...

9.9CVSS7.9AI score0.50789EPSS
Exploits2References2
GithubExploit
GithubExploit
added 2025/10/14 8:15 p.m.176 views

Exploit for CVE-2025-9196

CVE-2025-9196-PoC This repository contains security research...

5.3CVSS6.7AI score0.00951EPSS
Exploits1
Snyk
Snyk
added 2025/10/14 4:45 a.m.6 views

Malicious Package

Overview optional-native-module-xyz is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/10/14 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-61921

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the...

7.5CVSS5.4AI score0.00448EPSS
Exploits1References4
Amazon
Amazon
added 2025/10/14 12:0 a.m.3 views

Medium: amazon-ecr-credential-helper

Issue Overview: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. CVE-2025-22874 Proxy-Authorization and Proxy-Authenticate headers...

7.5CVSS6.8AI score0.0056EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2025/10/13 11:23 p.m.5 views

SUSE CVE-2025-61921

Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response. Carefully crafted...

7.5CVSS6.8AI score0.00448EPSS
Exploits1References3
SUSE Linux
SUSE Linux
added 2025/10/13 7:4 a.m.9 views

Security update for haproxy

This update for haproxy fixes the following issues: CVE-2025-11230: Fixed issue in the mjson JSON decoder, that could have let to excessive resource consumption when processing numbers with large exponents bsc1250983. Patch Instructions: To install this SUSE update use the SUSE recommended...

6.9CVSS7AI score0.00469EPSS
Exploits0References4
Snyk
Snyk
added 2025/10/13 3:20 a.m.0 views

Malicious Package

Overview webpack-load-css-branch is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/10/13 3:20 a.m.0 views

Malicious Package

Overview internallibv190 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/10/13 3:19 a.m.3 views

Malicious Package

Overview simple-app-theme is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/10/13 3:19 a.m.2 views

Malicious Package

Overview scr-database is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/10/13 3:1 a.m.2 views

Malicious Package

Overview mad-1.2.6.2.2.8 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/10/13 3:1 a.m.1 views

Malicious Package

Overview mad-1.2.2.2.2.8 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/10/13 3:1 a.m.1 views

Malicious Package

Overview mad-1.2.4.2.2.8 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2025/10/13 1:15 a.m.3 views

CVE-2025-11653

A vulnerability was determined in UTT HiPER 2620G up to 3.1.4. Impacted is the function strcpy of the file /goform/fNTP. This manipulation of the argument NTPServerIP causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilize...

8.7CVSS6.1AI score0.00677EPSS
Exploits1References4
Snyk
Snyk
added 2025/10/12 11:52 p.m.3 views

Malicious Package

Overview react-ui-toast is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/10/10 8:26 p.m.7 views

Authlib is vulnerable to Denial of Service via Oversized JOSE Segments

Summary Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes. During verification, Authlib decodes and parses the full input before it is rejected, driving...

7.5CVSS7.2AI score0.00582EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2025/10/10 8:15 p.m.5 views

CVE-2025-61921

Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response. Carefully crafted...

7.5CVSS0.00448EPSS
Exploits1References5
OSV
OSV
added 2025/10/10 8:15 p.m.4 views

DEBIAN-CVE-2025-61921

Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response. Carefully crafted...

7.5CVSS7.3AI score0.00448EPSS
Exploits1References1
OSV
OSV
added 2025/10/10 8:15 p.m.7 views

UBUNTU-CVE-2025-61921

Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response. Carefully crafted...

7.5CVSS7.3AI score0.00448EPSS
Exploits1References3
Rows per page
Query Builder