Lucene search
K

4335 matches found

OSV
OSV
added 2026/05/01 4:52 p.m.12 views

MAL-2026-3216 Malicious code in httpx-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5d3d6ca7ec9867abcf3fb8a0170ca44801107a64fb1ff7f9aa437dd7b1f59845 During installation, package downloads downloads and executes next-stage script that then downloads a Sliver beacon and establishes persistence via a systemd...

5.8AI score
Exploits0References2
GithubExploit
GithubExploit
added 2026/04/30 9:50 a.m.75 views

Exploit for Embedded Malicious Code in Tukaani Xz

Security Review: CVE-2024-3094 XZ Utils Backdoor Автор:...

10CVSS8.9AI score0.85974EPSS
Exploits40
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.7 views

Amazon Linux 2023 : maven3.9, maven3.9-amazon-corretto8, maven3.9-amazon-corretto11 (ALAS2023-2026-1602)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1602 advisory. Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus- utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute...

8.8CVSS6.1AI score0.00663EPSS
Exploits0References4
Amazon
Amazon
added 2026/04/30 12:0 a.m.7 views

Important: maven3.9

Issue Overview: Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code CVE-2025-67030 Affected Packages: maven3.9 Issue Correction: Run dnf...

8.8CVSS5.9AI score0.00663EPSS
Exploits0
OSV
OSV
added 2026/04/29 11:31 p.m.5 views

MAL-2026-3193 Malicious code in rblx-http (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b0078ee9b9f6221ab242c9f2442f86670e320a5058c306590b5e5b458066e414 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

5.8AI score
Exploits0References9
OSV
OSV
added 2026/04/29 9:21 a.m.6 views

CLSA-2026-1777454474 plexus-utils: Fix of CVE-2025-67030

CVE-2025-67030: fix Zip Slip / directory traversal in Expand.extractFile canonical path check...

8.8CVSS5.8AI score0.00663EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/28 10:0 p.m.8 views

Malicious code in core-roblox-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 51e9fdba29b05ebf3bb0fb66dcf05dd021562b52449128a930f28ff073b4e1d7 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

5.7AI score
Exploits0References9
OSV
OSV
added 2026/04/28 10:0 p.m.7 views

MAL-2026-3137 Malicious code in core-roblox-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 51e9fdba29b05ebf3bb0fb66dcf05dd021562b52449128a930f28ff073b4e1d7 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

5.8AI score
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/28 9:43 p.m.7 views

Malicious code in robase-apis (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 953430b69a70b8a69dd00f87a8cf96f9b60eaf4dfdd70fd129ba5d2502612555 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

5.7AI score
Exploits0References9
OSV
OSV
added 2026/04/28 9:43 p.m.6 views

MAL-2026-3138 Malicious code in robase-apis (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 953430b69a70b8a69dd00f87a8cf96f9b60eaf4dfdd70fd129ba5d2502612555 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

5.8AI score
Exploits0References9
vulnersOsv
vulnersOsv
added 2026/04/28 8:18 p.m.2 views

fl-manager-components-datasets-torch (=0.1.0), fl-manager-components-formatters-pillow (=0.1.0) +11 more potentially affected by CVE-2026-24178 via nvflare (>=2.2.0 <=2.7.1)

nvflare PYPI version =2.2.0, =0.1.0, =0.2.0, =3.1.27, =3.1.27, =3.1.29, =3.1.31 Source cves: CVE-2026-24178 Source advisory: SNYK:PYTHON-NVFLARE-16318747...

9.8CVSS5.4AI score0.00573EPSS
Exploits0
Oracle linux
Oracle linux
added 2026/04/28 12:0 a.m.24 views

oci-utils security update

-- 0.14.0-21 - Update the debugging log file path. Orabug: 39250938...

5.3AI score
Exploits0
OSV
OSV
added 2026/04/27 6:37 p.m.7 views

MAL-2026-3104 Malicious code in robase-ui (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9ca93a110c410fd6294e5270289bebb1872f9b81152d837f4990756881646cc0 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

5.8AI score
Exploits0References9
OSV
OSV
added 2026/04/27 7:36 a.m.4 views

ROOT-OS-DEBIAN-13-CVE-2026-34743 CVE-2026-34743 in rootio-xz-utils - Patched by Root

Root has patched CVE-2026-34743 in the rootio-xz-utils package for Root:Debian:13. Multiple fixed versions available...

6.3CVSS5.2AI score0.00351EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.3 views

Unity Linux 20.1070e Security Update: xz (UTSA-2026-014304)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014304 advisory. XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzmaindexdecoder was used to decode an Index that...

6.3CVSS5.7AI score0.00351EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.15 views

Oracle Linux 8 : virt:kvm_utils3 (ELSA-2026-50239)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50239 advisory. - Limit recursion in ri-records CVE-2021-3622 resolves: rhbz1976194 - Bounds check for block exceeding page length CVE-2021-3504 resolves: rhbz1950501...

9.8CVSS7.4AI score0.05552EPSS
Exploits4References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/26 5:25 p.m.8 views

Malicious code in @clearpool/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81591bb660ad3ae2036615d00a3ff6960ccd2f36789a4f0df65a53ea7a557336 package.json declares preinstall and install lifecycle hooks that collect installer-identifying data whoami, hostname, pwd, $npmpackagename,...

5.8AI score
Exploits0References1
NVD
NVD
added 2026/04/26 6:16 a.m.10 views

CVE-2026-7021

A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is possible to initiate the attack remotely. The...

5.1CVSS0.0018EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/26 5:30 a.m.5 views

CVE-2026-7021 SmythOS sre Connector Service utils.ts information disclosure

A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is possible to initiate the attack remotely. The...

5.1CVSS4.8AI score0.0018EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/26 5:30 a.m.36 views

CVE-2026-7021 SmythOS sre Connector Service utils.ts information disclosure

A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is possible to initiate the attack remotely. The...

5.1CVSS0.0018EPSS
Exploits0References4
Rows per page
Query Builder