Lucene search
+L

2512 matches found

OSV
OSV
added 2026/05/23 3:32 p.m.9 views

MAL-2026-4537 Malicious code in cosmosdb-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 925077d4c86616920b1ad20f2342df7473d9504764582235049e78eed9189a76 Package squats the unscoped name cosmosdb-server, targeting users who mistype npx cosmosdb-server instead of the scoped @vercel/cosmosdb-server. The...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 3:22 p.m.17 views

Malicious code in midcorp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc6725ed066ed5aff9452bd82d278fd89c1548768124d8b89cb8e5a5e8c3b05a The package masquerades as a pino-compatible logger package.json keywords fast/logger/stream/json, exports module.exports.pino = middleware, lib...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/22 3:22 p.m.10 views

MAL-2026-4610 Malicious code in midcorp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc6725ed066ed5aff9452bd82d278fd89c1548768124d8b89cb8e5a5e8c3b05a The package masquerades as a pino-compatible logger package.json keywords fast/logger/stream/json, exports module.exports.pino = middleware, lib...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 1:55 p.m.15 views

Malicious code in randomlogs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c085eee0876092131c3f909facc237674fcfb1e02bafbafcb34230c87b3a3819 The package's main module index.js lines 6-10 exports a function mal that opens a TCP socket to 223.229.156.10:5513 and pipes a spawned shell /bin/sh...

5.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 8:34 a.m.14 views

Malicious code in prjct-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72b60bff5e0e18ecdc993dc505651612acba538fd6c5e46c4ea69619c453f8f9 On npm install, scripts/postinstall.js invokes scripts/ensure-bun.sh, which runs curl -fsSL https://bun.sh/install | bash with no version pin and no...

6.3AI score
Exploits0References1
OSV
OSV
added 2026/05/20 8:34 a.m.20 views

MAL-2026-4647 Malicious code in prjct-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72b60bff5e0e18ecdc993dc505651612acba538fd6c5e46c4ea69619c453f8f9 On npm install, scripts/postinstall.js invokes scripts/ensure-bun.sh, which runs curl -fsSL https://bun.sh/install | bash with no version pin and no...

6.3AI score
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in TeXeVe-Bin

LuaTeX prior to version 1.17.0 allowed the execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because the luatex-core.lua file allows access to the io.popen function. This issue also affects TeX Live prior to version 2023 r66984 and MiKT...

8.8CVSS7.1AI score0.00804EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ath11k: mhi: use mhisyncpowerup If amss.bin is missing, ath11k will crash during the ‘rmmod ath11kpci’ command. The reason for this is that we were using mhipowerup, which does not check for any errors. However, mhisyncpowerup do...

5.5CVSS6.2AI score0.00249EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.13 views

Panabit PAP-XM320 操作系统命令注入漏洞

Panabit PAP-XM320 is an enterprise-level Internet behavior management and traffic control gateway device developed by Panabit Corporation. Versions of Panabit PAP-XM320 prior to v7.7 contain a vulnerability related to operating system command injection. This vulnerability arises from the...

8.8CVSS6.1AI score0.01667EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/19 12:0 a.m.43 views

CVE-2026-36828

A command injection vulnerability exists in the /cgi-bin/tools/ajaxcmd endpoint of Panabit PAP-XM320 up to and including v7.7. The CGI component allows authenticated users to execute arbitrary shell commands with root privileges via the action=runcmd parameter...

0.01667EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/17 12:0 p.m.11 views

CVE-2026-8753

A security vulnerability has been detected in kalcaddle Kodbox up to 1.64. This issue affects the function parseVideoInfo of the file /workspace/source-code/plugins/fileThumb/lib/VideoResize.class.php of the component fileThumb Plugin. The manipulation of the argument ffmpegBin leads to command...

6.5CVSS6.3AI score0.01182EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/17 12:0 p.m.21 views

EUVD-2026-30698

A security vulnerability has been detected in kalcaddle Kodbox up to 1.64. This issue affects the function parseVideoInfo of the file /workspace/source-code/plugins/fileThumb/lib/VideoResize.class.php of the component fileThumb Plugin. The manipulation of the argument ffmpegBin leads to command...

6.5CVSS6.3AI score0.01182EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/17 12:0 p.m.47 views

CVE-2026-8753 kalcaddle Kodbox fileThumb Plugin VideoResize.class.php parseVideoInfo command injection

A security vulnerability has been detected in kalcaddle Kodbox up to 1.64. This issue affects the function parseVideoInfo of the file /workspace/source-code/plugins/fileThumb/lib/VideoResize.class.php of the component fileThumb Plugin. The manipulation of the argument ffmpegBin leads to command...

6.5CVSS0.01182EPSS
Exploits0References4
CloudLinux
CloudLinux
added 2026/05/16 3:41 p.m.10 views

libssh2: Fix of 2 CVEs

CVE-2019-3860: bounds-check SFTP packet sizes in sftppacketrequire/v and sftpbin2attr - CVE-2019-3861: bounds-check paddinglength in libssh2transportread...

9.1CVSS7AI score0.05118EPSS
Exploits0
Veracode
Veracode
added 2026/05/16 5:27 a.m.16 views

Command Injection

Arcane is vulnerable to Command Injection. The vulnerability is due to lifecycle label values such as com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update being passed directly to /bin/sh -c without sanitization, allowing authenticated users to inject...

9CVSS5.9AI score0.01643EPSS
Exploits6References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 1:18 p.m.11 views

CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration

Summary The GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.ref . Subsequently, it executes a script bin/console from this untrusted checkout. Thi...

8.2CVSS6.1AI score0.00433EPSS
Exploits0References5Affected Software1
Nextcloud
Nextcloud
added 2026/05/12 9:10 a.m.16 views

View-only guests could see deleted Collectives pages in the trashbin

None...

2.6CVSS5.8AI score0.00189EPSS
Exploits0References2Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/12 7:42 a.m.16 views

Malicious code in @chahuadev/junk-sweeper-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d446150767f92344d8d0a699f5879bd746200fb8beb60554408699868f03d51 The package's postinstall script package.json line 10: "postinstall": "node install.js" unconditionally fetches a platform-native executable from...

5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/11 12:0 a.m.10 views

CVE-2026-36983

D-Link DCS-932L v2.18.01 is vulnerable to Command Injection in the function sub42EF14 of the file /bin/alphapd. The manipulation of the argument LightSensorControl leads to command injection...

5.7AI score0.01235EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.20 views

PT-2026-39570

A vulnerability was identified in D-Link DNS-320 2.06B01. The impacted element is the function cgi speed/cgi dhcpd lease/cgi ddns/cgi set ip/cgi upnp del/cgi dhcpd/cgi upnp add/cgi upnp edit of the file /cgi-bin/network mgr.cgi. The manipulation leads to os command injection. The attack is possib...

5.8CVSS5.6AI score0.04637EPSS
Exploits1References6
Rows per page
Query Builder