Lucene search
K

401289 matches found

NVD
NVD
added 5 hours ago4 views

CVE-2026-14534

Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules posixsubprocess, site, and atexit in the UNSAFEIMPORTS denylist fickle.py. Because these modules are absent from the denylist, fickling's checksafety function returns LIKELYSAFE with zero...

8.8CVSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 6 hours ago7 views

Malicious code in vps-maintenance-paperclip-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0de46c3e339f828f4c86612ee8bf74a29edc636511e2eaa765d8a75699849da3 package.json declares a postinstall lifecycle script that runs an inline node -e payload opening a TCP socket to 185.112.147.174:7007 and piping it...

6.1AI score
Exploits0References1
OSV
OSV
added 6 hours ago4 views

MAL-2026-6757 Malicious code in vps-maintenance-paperclip-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0de46c3e339f828f4c86612ee8bf74a29edc636511e2eaa765d8a75699849da3 package.json declares a postinstall lifecycle script that runs an inline node -e payload opening a TCP socket to 185.112.147.174:7007 and piping it...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 6 hours ago6 views

Malicious code in paperclip2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6fbcfc445b1a599943dac3ca0691633629c6804037b38fcf6113062f6add848 package.json declares a postinstall lifecycle script that runs node -e code opening a TCP connection to 185.112.147.174:7007 and piping the socket to...

6.5AI score
Exploits0References1
OSV
OSV
added 6 hours ago4 views

MAL-2026-6755 Malicious code in paperclip2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6fbcfc445b1a599943dac3ca0691633629c6804037b38fcf6113062f6add848 package.json declares a postinstall lifecycle script that runs node -e code opening a TCP connection to 185.112.147.174:7007 and piping the socket to...

6.5AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 hours ago4 views

CVE-2026-14534

Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules posixsubprocess, site, and atexit in the UNSAFEIMPORTS denylist fickle.py. Because these modules are absent from the denylist, fickling's checksafety function returns LIKELYSAFE with zero...

8.8CVSS5.8AI score
Exploits0References5
CVE
CVE
added 6 hours ago7 views

CVE-2026-14534

The CVE-2026-14534 issue affects the Python package fickling, up to version 0.1.10. The root cause is that the UNSAFE_IMPORTS denylist omits three standard library modules — _posixsubprocess, site, and atexit — causing check_safety() to return LIKELY_SAFE and allowing pickle payloads to deseriali...

8.8CVSS5.8AI score
Exploits0References4
Cvelist
Cvelist
added 6 hours ago8 views

CVE-2026-14534 Fickling check_safety() bypass via unlisted standard library modules (_posixsubprocess, site, atexit)

Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules posixsubprocess, site, and atexit in the UNSAFEIMPORTS denylist fickle.py. Because these modules are absent from the denylist, fickling's checksafety function returns LIKELYSAFE with zero...

8.8CVSS
Exploits0References4
EUVD
EUVD
added 6 hours ago5 views

EUVD-2026-41675

Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules posixsubprocess, site, and atexit in the UNSAFEIMPORTS denylist fickle.py. Because these modules are absent from the denylist, fickling's checksafety function returns LIKELYSAFE with zero...

8.8CVSS5.8AI score
Exploits0References4
Nuclei
Nuclei
added 17 hours ago75 views

WordPress WP-Advanced-Search <= 3.3.9 - SQL Injection

The WordPress WP-Advanced-Search plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

9.8CVSS6AI score0.02991EPSS
Exploits4References3
Nuclei
Nuclei
added 17 hours ago31 views

WordPress Welcart e-Commerce <2.8.5 - Arbitrary File Access

WordPress Welcart e-Commerce plugin before 2.8.5 is susceptible to arbitrary file access. The plugin does not validate user input before using it to output the content of a file, which can allow an attacker to read arbitrary files on the server, obtain sensitive information, modify data, and/or...

7.5CVSS7.2AI score0.02941EPSS
Exploits2References3
Nuclei
Nuclei
added 17 hours ago37 views

WordPress e-search <=1.0 - Cross-Site Scripting

WordPress e-search 1.0 and before contains a reflected cross-site scripting vulnerability via titleaz.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.6AI score0.0465EPSS
Exploits2References4
Nuclei
Nuclei
added 17 hours ago30 views

Lawo AG vsm LTC Time Sync (vTimeSync) - Path Traversal

The web server of Lawo AG vsm LTC Time Sync vTimeSync is affected by a "..." triple dot path traversal vulnerability. By sending a specially crafted HTTP request, an unauthenticated remote attacker could download arbitrary files from the operating system. As a limitation, the exploitation is only...

7.5CVSS7.4AI score0.04325EPSS
Exploits1References5
Nuclei
Nuclei
added 17 hours ago38 views

Diary Management System 1.0 - Cross-Site Scripting

Diary Management System 1.0 contains a cross-site scripting vulnerability via the Name parameter in search-result.php. id: CVE-2022-29004 info: name: Diary Management System 1.0 - Cross-Site Scripting author: TenBird severity: medium description: | Diary Management System 1.0 contains a cross-sit...

6.1CVSS6.3AI score0.03453EPSS
Exploits1References5
Nuclei
Nuclei
added 17 hours ago31 views

Citrix ShareFile StorageZones Controller - Unauthenticated Remote Code Execution

A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. id: CVE-2023-24489 info: name: Citrix ShareFile StorageZones...

9.8CVSS7.2AI score0.95076EPSS
Exploits2References5
Nuclei
Nuclei
added 17 hours ago78 views

SecurEnvoy Two Factor Authentication - LDAP Injection

Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the...

9.8CVSS6AI score0.03304EPSS
Exploits2References3
Nuclei
Nuclei
added 17 hours ago35 views

bloofoxCMS v0.5.2.1 - SQL Injection

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit. id: CVE-2023-34752 info: name: bloofoxCMS v0.5.2.1 - SQL Injection author: theamanrawat severity: critical description: | bloofox v0.5.2.1 was...

9.8CVSS7.2AI score0.05459EPSS
Exploits1References5
Nuclei
Nuclei
added 17 hours ago48 views

Microweber <1.2.11 - Stored Cross-Site Scripting

Microweber before 1.2.1 contains multiple stored cross-site scripting vulnerabilities in Shop's Other Settings, Autorespond E-mail Settings, and Payment Methods. id: CVE-2022-0954 info: name: Microweber 1.2.11 - Stored Cross-Site Scripting author: amit-jd severity: medium description: | Microwebe...

6.8CVSS6.4AI score0.03197EPSS
Exploits1References5
Nuclei
Nuclei
added 17 hours ago550 views

Oracle E-Business Suite 12.2.3 -12.2.11 - Remote Code Execution

Oracle E-Business Suite 12.2.3 through 12.2.11 is susceptible to remote code execution via the Oracle Web Applications Desktop Integrator product, Upload component. An attacker with HTTP network access can execute malware, obtain sensitive information, modify data, and/or gain full control over a...

9.8CVSS8AI score0.98342EPSS
Exploits7References6
Nuclei
Nuclei
added 17 hours ago280 views

Oracle E-Business Suite <=12.2 - Authentication Bypass

Oracle E-Business Suite component: Manage Proxies 12.1 and 12.2 are susceptible to an easily exploitable vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise it by self-registering for an account. Successful attacks of this vulnerability can result in...

7.5CVSS7.1AI score0.70589EPSS
Exploits1References5
Rows per page
Query Builder