Lucene search
K

908720 matches found

OSV
OSV
added 2 hours ago2 views

GHSA-4X34-CHG5-MWJJ chmod: recursive mode returns exit code 0 even when some files fail (last-file-wins)

In Chmoder::chmod the recursive branch overwrites the running result instead of accumulating it, so the exit code reflects only the last file processed: if self.recursive r = self.walkdirwithcontextfile, true; // overwrites r else r = self.chmodfilefile.andr; PoC: GNU returns 1 when a file fails;...

5.5CVSS0.00142EPSS
Exploits0References6
OSV
OSV
added 3 hours ago2 views

MAL-2026-6821 Malicious code in express-guardrail (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 40e91ddac990897c8c43891c5abf64696a0e9d9d4b168e7a6e5f4a827e4f040d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 3 hours ago2 views

MAL-2026-6824 Malicious code in grid-settings-align (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 696960009dccd5c40b2e14ee388bfdc16e5d789837ac525fa001dfecf46a63bf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 3 hours ago2 views

MAL-2026-6823 Malicious code in graphpilot (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ba930987b1e5df4c920a45712e2ab677a198b3133e2552ea45cb4c482a4138b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Exploits0References1
OSV
OSV
added 3 hours ago2 views

MAL-2026-6822 Malicious code in fastnodemailer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 767201ea4bfd4f0c6950f9d6fadf4f9e38c9e72e56abd975ac1b49864ffc04a6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Exploits0References1
OSV
OSV
added 3 hours ago2 views

MAL-2026-6818 Malicious code in env-axios (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5d885afbe55405d7c329ba1537aae51888c8aa9145f34ab7fdca23ca0abc0a11 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 3 hours ago2 views

MAL-2026-6815 Malicious code in elevate-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6574bfcc569cf15bf54acc374665dae91fda15e45c8e75b7fda9a6e83c3bdba4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Exploits0References1
OSV
OSV
added 3 hours ago2 views

MAL-2026-6820 Malicious code in express-dotenv (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 32d2aa353711781fe6c36cdd812494ae741f85925d1bebdb2a21532dee6800cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 3 hours ago2 views

MAL-2026-6813 Malicious code in custom-log-viewer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6c9faa938597e0a32ee3af2079e27bf57cb7cbe8953841b03fe33d51a154899d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 3 hours ago2 views

MAL-2026-6819 Malicious code in es-lint-builders (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ec094e38f1632c5f92fcea7af0221e0a96849d11448351018aedddfd72e61ed3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 3 hours ago2 views

MAL-2026-6807 Malicious code in bootstrap-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d3b42bbdadaf453f0ae5f3be0f2455ec5c57217e988927fd501ff6320a361ee9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 3 hours ago2 views

MAL-2026-6817 Malicious code in emojiprint-prettier (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4e1f2c1157f93778d4e687d45025624a3a140c5aa3185ea71a8f396a98a77e83 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 3 hours ago2 views

MAL-2026-6816 Malicious code in emojiprint-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6cbf02130e84c5829369887b3e109fbf7ad94e2fbf4b4b2ca82c28f0059a7ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 3 hours ago2 views

MAL-2026-6814 Malicious code in devkit-scripts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 581ed217608ccad453288981a19091bbc57aac7b6dda9aa2b682485cc68c5008 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 3 hours ago2 views

MAL-2026-6808 Malicious code in chain-await-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 77e7f01c553ac23e33093f616c3643869064c384e748db9a383cdcf854a07976 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 3 hours ago2 views

MAL-2026-6812 Malicious code in cookie-ease (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e657448e95c84051d3c103da0e4bd744f5bc6cbbeedad66099d1ecf4681a65d5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 3 hours ago2 views

MAL-2026-6811 Malicious code in chalks-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 869473c144b82d7a8d2b10aee4e19061c20e777604902932a3c14632aea446b3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 3 hours ago2 views

MAL-2026-6809 Malicious code in chalk-logger-prettier (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 575cc2964157bd7bee9bc0c7b318af484ea57a2d89a904cd8fe8bf978809f06f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 3 hours ago2 views

MAL-2026-6810 Malicious code in chalk-prettier (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a36409ecc80ae4c159621da4530caf78fa06d5003dd2a55e18da3ae92b434cfa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Exploits0References1
OSV
OSV
added 3 hours ago2 views

MAL-2026-6805 Malicious code in bn-eslint.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 785a92c33fd3d68edb85175bcebc327153c670bfd484b1dac7214ef630a5751e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 3 hours ago2 views

MAL-2026-6804 Malicious code in bigint.os (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2b9150908680087aff7c23e7b04f23a31a7ed89d76047327d7a34d068fd0369e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Exploits0References1
OSV
OSV
added 3 hours ago2 views

MAL-2026-6806 Malicious code in bn-math (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware abaee8f5214f1143815e70bd6c329b82b418cdf6232715eb3b64d32547407a50 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 3 hours ago2 views

MAL-2026-6803 Malicious code in big256-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 18f547bc04e09d0a4a99ac1e49992abd3dc35c02ad1bd963e8d0d07fd0e11464 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 3 hours ago2 views

MAL-2026-6802 Malicious code in big-numerator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e0dccb01f7340af44c63ea12b77f16ef33e431f6c7dbd6252b52f0de9d13680b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Exploits0References1
OSV
OSV
added 3 hours ago2 views

MAL-2026-6800 Malicious code in big-numer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d33c6d4bf0076dbf6ad1f01662441a53e90d5df9d6c7fd1f14359161f5a0fe08 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 3 hours ago2 views

MAL-2026-6801 Malicious code in big-numerate (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ce8db0e9acf515c5cbd257b94ec544bc6b268e27ca8147bfe1b9ec4316e8d4ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 3 hours ago2 views

MAL-2026-6798 Malicious code in argonflux (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ac7feeef8f690a4bff32cb47e1725046d4c0ae9a1abdf45ac4b434f59d314320 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Exploits0References1
OSV
OSV
added 3 hours ago2 views

MAL-2026-6799 Malicious code in awesome-cli-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8126f65c2eaf406ae6c6510e03e8bbef8f243974be621b7e38a0c52d9e521a18 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 3 hours ago2 views

MAL-2026-6826 Malicious code in rollup-plugin-polyfill-handler (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eb53d850b987c8153dfa2ccba3634b4d653dbd66c8ed73198270232aa7562066 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 3 hours ago2 views

MAL-2026-6825 Malicious code in react-next-dom (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2a7b3360c09fca3400981d3d0d4c5e8a72c8193e0841c5d2eceb193a08fc440e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 3 hours ago2 views

MAL-2026-6797 Malicious code in mongoose-lean-hooks (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 51f21ca8cb459221a26134e631f974e5a26cb292386a957c75da31b538119c61 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Exploits0References1
OSV
OSV
added 3 hours ago2 views

RLSA-2026:35833 Important: container-tools:rhel8 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption JWE object CVE-2026-34986...

8.7CVSS6.8AI score0.00651EPSS
Exploits0References6
OSV
OSV
added 4 hours ago2 views

GHSA-4C7Q-4928-8445 chmod: --preserve-root bypassed by any path that resolves to root (e.g. /../)

Chmoder::chmod only compares the literal argument against Path::new"/", so the --preserve-root guard is bypassed by any path that resolves to root — a symlink to / or simply /../. if self.recursive && self.preserveroot && file == Path::new"/" return ErrChmodError::PreserveRoot"/".tostring.into; P...

7.3CVSS6AI score0.00175EPSS
Exploits0References6
OSV
OSV
added 4 hours ago2 views

GHSA-H9F9-H6GM-WC85 flyto-core has Unauthenticated Command Execution via HTTP MCP `execute_module`

Unauthenticated Command Execution via HTTP MCP executemodule Summary The HTTP MCP endpoint POST /mcp in flyto-core accepts unauthenticated JSON-RPC tools/call requests and dispatches them to arbitrary registered modules, including sandbox.executeshell, which passes attacker-controlled input...

8.4CVSS
Exploits0References2
OSV
OSV
added 4 hours ago2 views

GHSA-794R-5RP2-FPG8 flyto-core has SSRF guard bypass via IPv6 transition addresses (IPv4-mapped / 6to4 / NAT64) in validate_url_ssrf

Summary flyto-core's SSRF protection validateurlssrf / isprivateip in src/core/utils.py blocks private and metadata destinations by resolving the host and testing the resulting IP for membership in a hardcoded PRIVATEIPRANGES list. That list contains only the native RFC 1918 / loopback / link-loc...

7.1CVSS
Exploits0References2
OSV
OSV
added 4 hours ago2 views

GHSA-7JVP-HJ45-2F2M Scriban: Template Writes to Arbitrary CLR Properties via `TypedObjectAccessor` (Mass Assignment + `private` / `init` / `internal` Setter Bypass)

Description When a host pushes a CLR object into a Scriban TemplateContext via the standard, documented pattern — var so = new ScriptObject; so"user" = currentUser; // direct CLR reference context.PushGlobalso; — TypedObjectAccessor exposes every public-getter property for both reading and writin...

8.7CVSS
Exploits0References2
OSV
OSV
added 4 hours ago3 views

GHSA-JHHC-3HCP-QHM5 WeasyPrint has CSS Injection via Presentational Hints

Summary A CSS injection issue exists in WeasyPrint when HTML presentational hints are enabled. Unescaped attribute values are embedded into CSS, allowing injection of arbitrary CSS declarations. This affects applications processing untrusted HTML input. Details File: weasyprint/css/init.py The...

6.5CVSS
Exploits0References2
OSV
OSV
added 4 hours ago2 views

GHSA-3FCV-JVFP-M4Q9 Cilium vulnerable to sensitive information disclosure and cluster disruption via local Envoy admin socket access

Impact When Cilium L7 functionality is enabled on a cluster, the Envoy instance supporting this functionality creates a world-accessible socket on cluster nodes. A local attacker would be able to access Envoy admin endpoints. Depending on deployment configuration, this can expose sensitive...

9.2CVSS0.00017EPSS
Exploits0References3
OSV
OSV
added 5 hours ago3 views

GHSA-XJ53-J257-HXVG OpenRemote read-only asset users can write predicted datapoints

Summary The predicted datapoint write endpoint allows users with only read:assets privileges to write predicted datapoints. The endpoint: text PUT /api/realm/asset/predicted/assetId/attributeName accepts write requests from users lacking write:assets. The implementation appears to check READASSET...

4.3CVSS
Exploits0References3
OSV
OSV
added 5 hours ago2 views

GHSA-565M-G33J-JQ96 Formie Hidden field defaults vulnerable to Server-Side Template Injection

Summary Formie Hidden fields could evaluate request-derived values as Twig during front-end form rendering. When a Hidden field used a dynamic default value such as HTTP User Agent, Referer URL, Current URL, Query Parameter, or Cookie Value, the value was copied from the incoming request and late...

9.8CVSS
Exploits0References2
OSV
OSV
added 5 hours ago3 views

DEBIAN-CVE-2026-13705

Bulletin has no description...

5.9AI score
Exploits0References1
OSV
OSV
added 5 hours ago3 views

DEBIAN-CVE-2026-13708

Bulletin has no description...

7.5CVSS
Exploits0References1
OSV
OSV
added 5 hours ago2 views

GHSA-55F6-PF8R-C2F4 Open Babel has out-of-bounds write in MOPAC translationVectors[] (UNIT CELL TRANSLATION)

Summary A memory-safety vulnerability in Open Babel's MOPAC output parser allowed an out-of-bounds write into the translationVectors array when reading the "UNIT CELL TRANSLATION" block of a crafted input file. Details The MOPAC output reader stored translation vectors from the UNIT CELL...

7.8CVSS0.00816EPSS
Exploits1References6
OSV
OSV
added 5 hours ago2 views

BIT-TOMCAT-2026-55957 Apache Tomcat: Authentication bypass with JNDIRealm and GSSAPI authenticated bind

Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from 11.0.0 through 11.0.4, from 10.1.0 through...

7.3CVSS0.00431EPSS
Exploits0References3
OSV
OSV
added 5 hours ago2 views

BIT-TOMCAT-2026-55956 Apache Tomcat: Security constraints for default servlet ignored method

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.0...

6.5CVSS5.9AI score0.00383EPSS
Exploits0References3
OSV
OSV
added 5 hours ago2 views

BIT-TOMCAT-2026-55955 Apache Tomcat: EncryptInterceptor not protected against replay attacks

Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.13 through 9.0.18, from 8.5.38 through 8.5.100, from...

6.5CVSS5.9AI score0.00261EPSS
Exploits0References3
OSV
OSV
added 5 hours ago2 views

BIT-TOMCAT-2026-55276 Apache Tomcat: Logged effective web.xml is incomplete

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.0...

9.1CVSS6AI score0.00368EPSS
Exploits0References3
OSV
OSV
added 5 hours ago2 views

BIT-TOMCAT-2026-53434 Apache Tomcat: Invalid CRL configuration doesn't trigger failure for FFM Connector

Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.83 through 9.0.118. Users are recommended to upgrade to version 11.0.23,...

9.1CVSS6AI score0.00368EPSS
Exploits0References3
OSV
OSV
added 5 hours ago2 views

BIT-TOMCAT-2026-53404 Apache Tomcat: Bad ornext processing in RewriteValve

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.0...

7.3CVSS5.9AI score0.00413EPSS
Exploits0References3
OSV
OSV
added 5 hours ago2 views

BIT-TOMCAT-2026-50229 Apache Tomcat: XSS in number guess example

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.0 through 9.0.118, from 8.5.0 through 8.5.100, from 7.0.0...

6.1CVSS5.9AI score0.00357EPSS
Exploits0References3
Total number of security vulnerabilities908720