Lucene search
K

261 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/13 3:36 p.m.6 views

CVE-2026-44479

Vercel’s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0, hen the Vercel CLI runs in non-interactive mode --non-interactive or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the us...

5.5CVSS5.8AI score0.0016EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

vercel 信息泄露漏洞

Vercel is an open-source cloud platform for application development and deployment. Versions of Vercel from 50.16.0 to 52.0.0 have a vulnerability related to information leakage. This vulnerability arises when commands that cannot be executed autonomously are run in non-interactive mode. If...

5.5CVSS5.8AI score0.0016EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/11 3:55 p.m.15 views

Next.js vulnerable to server-side request forgery in applications using WebSocket upgrades

Impact Self-hosted applications using the built-in Node.js server can be vulnerable to server-side request forgery through crafted WebSocket upgrade requests. An attacker can cause the server to proxy requests to arbitrary internal or external destinations, which may expose internal services or...

8.6CVSS5.9AI score0.38696EPSS
Exploits9References5Affected Software1
HackRead
HackRead
added 2026/05/11 10:34 a.m.31 views

Hackers Exploit Vercel GenAI to Mass-Produce Convincing Phishing Sites

Hackers are abusing Vercel GenAI to create convincing phishing sites that mimic major brands, including Microsoft, Adidas, and Nike, making scams harder to detect...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/07 12:5 a.m.6 views

@caliperai/caliper (>=0.2.0 <=0.3.0), @doccov/api (>=0.6.0 <=0.6.4) +12 more potentially affected by CVE-2026-44479 via vercel (>=50.41.0 <=51.8.0)

vercel NPM version =50.41.0, =0.2.0, =0.6.0, =0.3.0-rc.2, =3.10.3, =1.1.1, =1.0.1, =1.0.2, =0.1.19, =0.4.0-rc.3, =1.0.0, =2.0.0 Source cves: CVE-2026-44479 Source advisory: OSV:GHSA-PGF8-2HGJ-GRQG...

5.5CVSS5.7AI score0.0016EPSS
Exploits0
Patchstack
Patchstack
added 2026/05/07 12:5 a.m.9 views

NPM: Vercel: Non-interactive mode includes CLI arguments in suggested command output

NPM: Vercel: Non-interactive mode includes CLI arguments in suggested command output vulnerability discovered by ? in WordPress Npm vercel versions = 50.16.0, = 52.0.0...

5.5CVSS5.8AI score0.0016EPSS
Exploits0References3Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/07 12:5 a.m.6 views

@caliperai/caliper (>=0.2.0 <=0.3.0), @doccov/api (>=0.6.0 <=0.6.4) +12 more potentially affected by CVE-2026-44479 via vercel (>=50.41.0 <=51.8.0)

vercel NPM version =50.41.0, =0.2.0, =0.6.0, =0.3.0-rc.2, =3.10.3, =1.1.1, =1.0.1, =1.0.2, =0.1.19, =0.4.0-rc.3, =1.0.0, =2.0.0 Source cves: CVE-2026-44479 Source advisory: SNYK:JS-VERCEL-16638653...

5.5CVSS5.7AI score0.0016EPSS
Exploits0
OSV
OSV
added 2026/05/07 12:5 a.m.4 views

GHSA-PGF8-2HGJ-GRQG Vercel: Non-interactive mode includes CLI arguments in suggested command output

Summary When the Vercel CLI runs in non-interactive mode --non-interactive or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the user authenticated via --token or -t on the command line, the token value is included...

5.5CVSS5.8AI score0.0016EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/07 12:5 a.m.50 views

Insertion of Sensitive Information into Log File

Overview vercel is a The command-line interface for Vercel Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the suggested follow-up commands in --non-interactive mode or auto-detected AI agent when a command cannot complete autonomously. An...

6.8CVSS5.8AI score0.0016EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/07 12:5 a.m.10 views

Vercel: Non-interactive mode includes CLI arguments in suggested command output

Summary When the Vercel CLI runs in non-interactive mode --non-interactive or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the user authenticated via --token or -t on the command line, the token value is included...

5.5CVSS5.8AI score0.0016EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.26 views

PT-2026-38406

Name of the Vulnerable Software and Affected Versions Vercel CLI versions 50.16.0 through 52.0.0 Description When running in non-interactive mode via the --non-interactive flag or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads containing suggested follow-up...

5.5CVSS5.8AI score0.0016EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2026/04/23 8:40 a.m.13 views

Vercel Finds More Compromised Accounts in Context.ai-Linked Breach

Vercel on Wednesday revealed that it has identified an additional set of customer accounts that were compromised as part of a security incident that enabled unauthorized access to its internal systems. The company said it made the discovery after expanding its investigation to include an extra se...

5.8AI score
Exploits0
HackRead
HackRead
added 2026/04/20 9:21 p.m.9 views

Vercel Breach Linked to Context.ai, ShinyHunters Says It’s Not Involved

Vercel confirms a breach linked to Context.ai as a hacker lists alleged data for $2M. ShinyHunters denies involvement and flags imposters...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/20 1:41 p.m.15 views

⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More

Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to deliver malware. Browser extensions act normally while pulling data and running code. Even update channels are used to push...

10CVSS8AI score0.99897EPSS
Exploits67
The Hacker News
The Hacker News
added 2026/04/20 3:35 a.m.11 views

Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials

Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to "certain" internal Vercel systems. The incident stemmed from the compromise of Context.ai, a third-party artificial intelligence AI tool, that was used by an employee at the...

5.7AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2026/04/20 12:0 a.m.7 views

The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables

An OAuth supply chain compromise at Vercel exposed how trusted third party apps and platform environment variables can bypass traditional defenses and amplify blast radius. This article examines the attack chain, underlying design tradeoffs, and what it reveals about modern PaaS and software supp...

5.8AI score
Exploits0
OSV
OSV
added 2026/04/15 11:21 p.m.6 views

MAL-2026-2905 Malicious code in simple-auth-basic (npm)

simple-auth-basic is a malicious npm package that when imported downloads a C2 dropper from https://coingecko-liard.vercel.app and executes it. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8802844b712eedf88f3862f4e836efd3a767ee4944f6ec3b8c3fbe849fd741b The...

5.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/09 2:5 p.m.10 views

Malicious code in sjs-biginteger (npm)

sjs-biginteger typosquats big.js on npm. Published April 7, 2026 by throwaway account vanes.s.p.orit.a, the package ships legitimate big.js source and hides its payload in a dependency: sjs-lint-build1. On install, the dependency’s postinstall hook fetches the attacker’s SSH public key from a C2...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/04/09 2:5 p.m.5 views

MAL-2026-2527 Malicious code in sjs-biginteger (npm)

sjs-biginteger typosquats big.js on npm. Published April 7, 2026 by throwaway account vanes.s.p.orit.a, the package ships legitimate big.js source and hides its payload in a dependency: sjs-lint-build1. On install, the dependency’s postinstall hook fetches the attacker’s SSH public key from a C2...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/09 2:4 p.m.12 views

Malicious code in sjs-lint-build1 (npm)

sjs-biginteger typosquats big.js on npm. Published April 7, 2026 by throwaway account vanes.s.p.orit.a, the package ships legitimate big.js source and hides its payload in a dependency: sjs-lint-build1. On install, the dependency’s postinstall hook fetches the attacker’s SSH public key from a C2...

5.9AI score
Exploits0References2
Rows per page
Query Builder