Lucene search
K

251 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 6:13 a.m.16 views

Malicious code in orchestr8-platform (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d9526ae43236ac15964b307175384455975ace26d8157ef3c41ed8db8192562 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...

6AI score
Exploits0References5
OSV
OSV
added 2026/06/06 6:13 a.m.12 views

MAL-2026-5278 Malicious code in spateo-release (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 21400e8510d0663de6c3a4454fe99d9200cb83ae8d1ecdc137c99f3668da4293 Versions 1.1.2 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...

5.5AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 6:13 a.m.13 views

Malicious code in mem8 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c765c6eef25d18c5a10057d62908ac3bc1ece86e39a9807683834fb7f896b52 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...

6AI score
Exploits0References5
OSV
OSV
added 2026/06/01 12:0 a.m.7 views

PUB-A-438759342

In PostWipeData of recoveryui.cpp, there is a possible data persistence issue after a factory reset due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

3.3CVSS5.9AI score0.00072EPSS
Exploits0References1
OSV
OSV
added 2026/05/28 10:16 a.m.7 views

UBUNTU-CVE-2026-46229

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure KFD VRAM allocations set AMDGPUGEMCREATEVRAMWIPEONRELEASE but not AMDGPUGEMCREATEVRAMCLEARED, leaving freshly allocated VRAM with stale data from prior use...

5.5CVSS5.7AI score0.00119EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/28 9:40 a.m.15 views

EUVD-2026-32856

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure KFD VRAM allocations set AMDGPUGEMCREATEVRAMWIPEONRELEASE but not AMDGPUGEMCREATEVRAMCLEARED, leaving freshly allocated VRAM with stale data from prior use...

5.8AI score0.00119EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.20 views

PT-2026-44352

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue in the drm/amdkfd component allows stale data exposure during VRAM allocation. While the GEM ioctl path correctly sets the AMDGPU GEM CREATE VRAM CLEARED flag for userspace...

5.5CVSS5.9AI score0.00119EPSS
Exploits0
OSV
OSV
added 2026/05/22 1:16 a.m.7 views

MAL-2026-4388 Malicious code in @exocore/exocode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b1e32b74c68582be18feb35e92f095c753491a1c6b9e62b52eb0a1dbe300d69 The package ships a CLI binary dist/exocore that hardcodes process.env.ANTHROPICBASEURL to https://exocoreai-exocore-gateway.hf.space/v1 and...

5.8AI score
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of clear-key structures in case of failure. Wipe all sensitive data from the stack for all IOCTLs that convert a clear-key into a protected-or-safe-key...

4.1CVSS6AI score0.00214EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KEYS: Trusted: dcp: Fix for leaking the blob encryption key Trusted keys unseal the key blob upon loading, but keep the sealed payload in the blob field. Thus, every subsequent read export simply converts this field to hexadecima...

5.5CVSS6AI score0.00102EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.12 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/amdgpu: Fixed call trace warnings and hangs when removing the amdgpu device. On GPUs with RAS enabled, hangs are observed during the shutdown process when checking the call trace. v2: Instead of using the shutdown flag, th...

5.5CVSS5.8AI score0.00163EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/09 7:21 p.m.7 views

CVE-2026-42569 phpvms: /importer authorization bypass causing full database wipe

phpVMS is a PHP application to run and simulate an airline. Prior to version 7.0.6, a critical vulnerability in phpVMS allowed unauthenticated access to a legacy import feature. This issue has been patched in version 7.0.6...

9.4CVSS5.8AI score0.01173EPSS
Exploits1References4
CVE
CVE
added 2026/05/09 7:21 p.m.24 views

CVE-2026-42569

phpVMS 7.x prior to 7.0.6 contains a critical, unauthenticated access flaw in the legacy importer feature that allows manipulation or deletion of data via the importer path. The weakness affects phpVMS 7.x up to 7.0.5 and was fixed in 7.0.6 (with later advisory notes referencing 7.0.7 for mitigat...

9.4CVSS5.8AI score0.01173EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/09 7:21 p.m.38 views

CVE-2026-42569 phpvms: /importer authorization bypass causing full database wipe

phpVMS is a PHP application to run and simulate an airline. Prior to version 7.0.6, a critical vulnerability in phpVMS allowed unauthenticated access to a legacy import feature. This issue has been patched in version 7.0.6...

9.4CVSS0.01173EPSS
Exploits1References4
OSV
OSV
added 2026/05/09 7:21 p.m.2 views

CVE-2026-42569 phpvms: /importer authorization bypass causing full database wipe

phpVMS is a PHP application to run and simulate an airline. Prior to version 7.0.6, a critical vulnerability in phpVMS allowed unauthenticated access to a legacy import feature. This issue has been patched in version 7.0.6...

9.4CVSS5.9AI score0.01173EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2026/03/25 12:28 a.m.3 views

SUSE CVE-2026-23999

Fleet is open source device management software. In versions prior to 4.80.1, Fleet generated device lock and wipe PINs using a predictable algorithm based solely on the current Unix timestamp. Because no secret key or additional entropy was used, the resulting PIN could potentially be derived if...

5.5CVSS6AI score0.00124EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/26 3:23 p.m.10 views

Vikunja has Path Traversal in CLI Restore

Summary Path Traversal Zip Slip and Denial of Service DoS vulnerability discovered in the Vikunja CLI's restore functionality. Details The restoreConfig function in vikunja/pkg/modules/dump/restore.go of the https://github.com/go-vikunja/vikunja/tree/main repository fails to sanitize file paths...

7.2CVSS5.8AI score0.00739EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/02/26 3:23 p.m.8 views

EUVD-2026-8753

Vikunja has Path Traversal in CLI Restore...

7.2CVSS5.2AI score0.00739EPSS
Exploits1References4
OSV
OSV
added 2026/02/26 3:23 p.m.6 views

GHSA-42WG-38GX-85RH Vikunja has Path Traversal in CLI Restore

Summary Path Traversal Zip Slip and Denial of Service DoS vulnerability discovered in the Vikunja CLI's restore functionality. Details The restoreConfig function in vikunja/pkg/modules/dump/restore.go of the https://github.com/go-vikunja/vikunja/tree/main repository fails to sanitize file paths...

7.2CVSS5.8AI score0.00739EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.10 views

PT-2026-22114

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.80.1 Description Fleet generates device lock and wipe PINs using a predictable algorithm based on the current Unix timestamp in affected versions. The PIN could potentially be derived if the approximate time the devic...

9.9CVSS6.9AI score0.22162EPSS
Exploits70References136
Rows per page
Query Builder