Lucene search
K

6 matches found

Github Security Blog
Github Security Blog
added 2026/06/16 8:15 p.m.18 views

LobeHub: Unauthenticated SSRF in `/webapi/proxy`

Unauthenticated SSRF in /webapi/proxy allows anyone to proxy requests and inject cookies on lobehub.com Summary The /webapi/proxy endpoint on app.lobehub.com accepts a URL in the POST body and fetches it server-side without any authentication. This is the same proxy code that was vulnerable in...

9CVSS8.4AI score0.52683EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2026/06/11 6:49 a.m.10 views

MAL-2026-5615 Malicious code in sysau (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b9246e768a775d54485e7208d0ed4fc575af09bc78c3fde95c5cb24ebc2350d Package advertises itself as a 'System binary configuration tool' but ships pointer.py spawned by index.js which hardcodes...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 7:1 a.m.15 views

Malicious code in ranno (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1366783d9cb87471f1b5cfeb806508ee83b2a58ded724f8ea45d8391f4f68bc The package's advertised API ex calls gn in ranno/gn.py, which POSTs the caller's prompt — and, when a data= argument is supplied, the absolute file...

6.5AI score
Exploits0References1
OSV
OSV
added 2026/05/22 11:16 a.m.13 views

MAL-2026-4533 Malicious code in codebuff-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bdf777f03e4dc44a9956401136a42f099638025ef7d2197dec630525ad26727d The package name codebuff-cli impersonates the legitimate codebuff npm package; the README is copy-pasted from the official CodebuffAI project it eve...

5.9AI score
Exploits0References26
EUVD
EUVD
added 2025/10/03 8:7 p.m.24 views

EUVD-2022-6640

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00999EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/07/03 9:1 p.m.3 views

CVE-2025-49005 Next.js cache poisoning due to omission of Vary header

Next.js is a React framework for building full-stack web applications. In Next.js App Router from 15.3.0 to before 15.3.3 and Vercel CLI from 41.4.1 to 42.2.0, a cache poisoning vulnerability was found. The issue allowed page requests for HTML content to return a React Server Component RSC payloa...

3.7CVSS6.8AI score0.00403EPSS
Exploits1References5
Rows per page
Query Builder