Lucene search
K

7836 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 5:1 a.m.9 views

Malicious code in nodepathbalance54 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5ade836e7f92049242a01dbc0782900900c4e28eb7e08f9d9ebc611aab80762 nodepathbalance54 exports a single function nodeaxionweb whose implementation is hidden inside a hand-rolled stack-based JavaScript VM in index.js...

6AI score
Exploits0References2
OSV
OSV
added 2026/06/19 5:1 a.m.6 views

MAL-2026-6192 Malicious code in nodepathbalance54 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5ade836e7f92049242a01dbc0782900900c4e28eb7e08f9d9ebc611aab80762 nodepathbalance54 exports a single function nodeaxionweb whose implementation is hidden inside a hand-rolled stack-based JavaScript VM in index.js...

6AI score
Exploits0References2
NVD
NVD
added 2026/06/17 10:53 a.m.9 views

CVE-2026-46816

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: VMSVGA device. The supported version that is affected is 7.2.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

3.2CVSS0.00162EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:53 a.m.9 views

CVE-2026-46815

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: VMSVGA device. The supported version that is affected is 7.2.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

3.2CVSS0.00162EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:53 a.m.11 views

CVE-2026-46768

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: VMSVGA device. The supported version that is affected is 7.2.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

6CVSS0.0015EPSS
Exploits0References1
OSV
OSV
added 2026/06/17 10:40 a.m.4 views

UBUNTU-CVE-2026-35275

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Shared Folders. The supported version that is affected is 7.2.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...

7.5CVSS5.9AI score0.00123EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.15 views

PT-2026-49902

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue exists in the VMSVGA device component of Oracle VM VirtualBox. A high-privileged attacker with access to the infrastructure where the software executes can compromise the system. This may...

6CVSS5.8AI score0.0015EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-50074

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue exists in the VMSVGA device component of Oracle VM VirtualBox. A high-privileged attacker with logon access to the infrastructure where the software executes can compromise the system. Th...

3.2CVSS5.8AI score0.00162EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-49949

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue exists in the VMSVGA device component of Oracle VM VirtualBox. A high privileged attacker with logon access to the infrastructure where the software executes can compromise the system. Th...

6CVSS5.8AI score0.00159EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.11 views

PT-2026-49982

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue in the Core component of Oracle VM VirtualBox allows a high-privileged attacker with logon access to the infrastructure where the software executes to compromise the system. Successful...

3.2CVSS5.8AI score0.00129EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-49981

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue exists in the VMSVGA device component of Oracle VM VirtualBox. A high-privileged attacker with logon access to the infrastructure where the software executes can compromise the system,...

7.5CVSS5.8AI score0.00114EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-49947

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue exists in the VMSVGA device component of Oracle VM VirtualBox. A high-privileged attacker with logon access to the infrastructure where the software executes can compromise the system. Th...

3.2CVSS5.8AI score0.00162EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.25 views

PT-2026-49850

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue exists in the Shared Folders component of Oracle VM VirtualBox. A low-privileged attacker with logon access to the infrastructure where the software executes can compromise the system...

7.5CVSS5.9AI score0.00123EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.15 views

PT-2026-49984

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: VMSVGA device. The supported version that is affected is 7.2.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

6CVSS5.1AI score0.00167EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.25 views

PT-2026-49093

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.5 Description Insecure deserialization occurs in glances/outdated.py because the load cache function uses pickle.load to read a version-check cache file. This file is stored at predictable, world-accessible paths...

7.8CVSS6.5AI score0.00303EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.17 views

PT-2026-49092

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.5 Description The KVM/QEMU monitoring engine in the glances/plugins/vms/engines/virsh.py file fails to sanitize VM domain names retrieved from the virsh list --all output. These names are passed into f-string...

7.8CVSS6.3AI score0.00213EPSS
Exploits0References6
NVD
NVD
added 2026/06/12 3:16 p.m.11 views

CVE-2026-47139

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM supports excluding public network builtins from the wildcard builtin option. With this configuration direct access to http, https, http2, net, dgram, tls, dns, and dns/promises is blocked. However, Node.js also exposes...

8.6CVSS0.00282EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 2:17 p.m.10 views

CVE-2026-47141 vm2: NodeVM observability builtins leak host process and HTTP request data

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The diagnosticschannel, asynchooks, and perfhooks builtins are not blocked by the dangerous builtin denylist. These modules...

6.9CVSS5.3AI score0.00308EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/12 2:15 p.m.28 views

CVE-2026-47139 vm2: NodeVM network builtin exclusions bypass via internal _http_client and _http_server

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM supports excluding public network builtins from the wildcard builtin option. With this configuration direct access to http, https, http2, net, dgram, tls, dns, and dns/promises is blocked. However, Node.js also exposes...

8.6CVSS0.00282EPSS
Exploits0References3
NVD
NVD
added 2026/06/11 6:16 p.m.13 views

CVE-2026-48546

KanaDojo before 0.1.18 contains a sandbox escape vulnerability that allows an attacker to execute arbitrary code by exploiting the explicit passing of the global require function into a Node.js vm.runInNewContext sandbox context in the issue-auto-respond.yml workflow. Attackers can submit a pull...

8.5CVSS0.00487EPSS
Exploits0References3
Rows per page
Query Builder