894 matches found
EUVD-2025-209542
HCL BigFix Service Management SM Discovery is vulnerable to unenforced encryption due to port 80 HTTP being open, allowing unencrypted access. An attacker with access to the network traffic can sniff packets from the connection and uncover the data...
CVE-2026-33472
Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in CheckHostTrustController.getAuthority that allows an attacker to bypass the security fix for CVE-2026-32303. The method hardcodes the URI scheme based on port number, causin...
CVE-2026-2491
Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Socomec DIRIS A-40 power monitoring devices. Authentication is not required to exploit this vulnerability. The specific flaw...
CVE-2026-22782 RustFS RPC signature verification logs shared secret
RustFS is a distributed object storage system built in Rust. From = 1.0.0-alpha.1 to 1.0.0-alpha.79, invalid RPC signatures cause the server to log the shared HMAC secret and expected signature, which exposes the secret to log readers and enables forged RPC calls. In...
MiracleLinux 4 : kernel-2.6.32-71.18.1.el6 (AXSA:2011-80:02)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-80:02 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating...
CVE-2024-39341
Entrust Instant Financial Issuance On Premise Software formerly known as Cardwizard 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier leaves behind a configuration file i.e. WebAPI.cfg.xml after the installation process. This file can be accessed without authentication on HTTP port 80 by guessin...
CVE-2022-0650
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on...
CVE-2020-17409
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. Authentication is not required to exploit this vulnerability. The specific flaw exists...
MAL-2025-164956 Malicious code in rita-80 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fcc607f31bd5cf42110cad6b66327491db2f2ef4ebe17ca5d3578797c7855e1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-154114 Malicious code in cinta-80 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e5c61ecc41ce209f6f2be2e0780498ff360ac97408fc1c374f2d48ec0c3da2d3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in billa-80 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09e4e7f83ba4634888b82b9c3c858c5f5617cdb29308b6c517f111c8333d1d1d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-152442 Malicious code in alvino-80 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d4678c7c982934283da80b87316d30b6e0c2510004c69aef803a923eaad1ca4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-152524 Malicious code in alvira-80 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45ae25b9bc88f839160f304692f2b06162bb31500c0a9c69c836ceb53247e570 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in alvira-80 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45ae25b9bc88f839160f304692f2b06162bb31500c0a9c69c836ceb53247e570 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-156594 Malicious code in intan-80 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 865d04b4b677a6a39047ee5cec1e542211b9ab6259297797c3bf104703289ec6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cinta-80 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e5c61ecc41ce209f6f2be2e0780498ff360ac97408fc1c374f2d48ec0c3da2d3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in aril-80 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a252f6104841e35e7abe961928b7b691dba6e483814713796fa05f189d6eb6c2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hariyono-80 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 618650488eb55ee940f7cf0fe2478240c4105342a1f30316e4e5cf3f2186679e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-156064 Malicious code in icha-80 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 681c08c3e6f28e6be2203a3382c9c5242aceda8eddfe9cad5156fce6c682ac58 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-74238
Malicious code in slightreptilesalmon-80 npm...