Lucene search
K

205 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.9 views

AVTECH Room Alert Cleartext Transmission of Sensitive Information (CVE-2024-33471)

An individual with administrative access can change the mail server host within the device. An attacker who has obtained administrative access can update the mail server to an attacker controller IP. When the device attempts to authenticate to the mail server, it will pass the previously configur...

7.2CVSS5.8AI score0.00288EPSS
Exploits0References2
OSV
OSV
added 2026/03/26 6:18 a.m.7 views

MAL-2026-2232 Malicious code in checkmarx.cx-dev-assist (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security b821135a3f6a7e85f6ed37a383363979118ad6c7b73433dd4882e99f24264155 This extension is a compromised version of the offical Checkmarx VSCode extensions available on the Microsoft Marketplace, by the TeamPCP...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/26 6:18 a.m.11 views

Malicious code in checkmarx.cx-dev-assist (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security b821135a3f6a7e85f6ed37a383363979118ad6c7b73433dd4882e99f24264155 This extension is a compromised version of the offical Checkmarx VSCode extensions available on the Microsoft Marketplace, by the TeamPCP...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/03/26 6:18 a.m.7 views

MAL-2026-2231 Malicious code in checkmarx.ast-results (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 3205937565e6fad63cbece12a8463cd52f3e95c10ac99ab7e62a317e9c18717a This extension is a compromised version of the offical Checkmarx VSCode extensions available on the Microsoft Marketplace, by the TeamPCP...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/03/25 9:28 p.m.18 views

GHSA-9HV9-GVWM-95F2 AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php

Summary The standalone live stream control endpoint at plugin/Live/standAloneFiles/control.json.php accepts a user-supplied streamerURL parameter that overrides where the server sends token verification requests. An attacker can redirect token verification to a server they control that always...

9.4CVSS6AI score0.00437EPSS
Exploits1References4
OSV
OSV
added 2026/03/16 12:0 a.m.9 views

MAL-2026-3125 Malicious code in transform-regexp-constructors (npm)

The package 'transform-regexp-constructors' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.5AI score
Exploits0References2
CVE
CVE
added 2026/03/10 8:34 p.m.61 views

CVE-2025-66413

CVE-2025-66413 (Git for Windows) affects the Windows port of Git prior to 2.53.0(2). The issue arises when a user is tricked into cloning from a malicious server, allowing an attacker to obtain the user’s NTLM hash. Because NTLM hashing is weak, the attacker may brute-force the user’s account nam...

7.4CVSS5.8AI score0.00268EPSS
Exploits1References2Affected Software1
Malwarebytes
Malwarebytes
added 2026/03/06 7:35 p.m.15 views

One click on this fake Google Meet update can give attackers control of your PC

A phishing page disguised as a Google Meet update notice is silently handing victims’ Windows computers to an attacker-controlled management server. No password is stolen, no files are downloaded, and there are no obvious red flags. It just takes a single click on a convincing Google Meet fake...

5.7AI score
Exploits0
NVD
NVD
added 2026/01/16 5:15 p.m.7 views

CVE-2026-23523

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation and can lead to arbitrary local command execution on the...

9.6CVSS0.06299EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:37 p.m.3 views

CVE-2023-50769

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.3CVSS6.7AI score0.00485EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/11/18 10:8 p.m.149 views

xss-lab-hack-v1

🎯 Laboratorio XSS - Práctica de Pentesting Un entorno complet...

6.1AI score
Exploits0
EUVD
EUVD
added 2025/10/29 3:31 p.m.6 views

EUVD-2025-36662

Jenkins Themis Plugin is missing a permission check...

4.3CVSS6.2AI score0.00269EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2025/10/14 2:0 p.m.7 views

GitHub CVE-2025-54132: Arbitrary Image Fetch in Mermaid Diagram Tool

Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid which is used to render diagrams allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled serve...

7.5CVSS7.2AI score0.00338EPSS
Exploits0
EUVD
EUVD
added 2025/10/09 10:29 p.m.4 views

EUVD-2025-33396

BBOT's gitclone.py can expose users' GitHub API keys to an attacker-controlled webserver...

4.7CVSS6.4AI score0.00213EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/09 12:0 a.m.10 views

PT-2025-41395

Name of the Vulnerable Software and Affected Versions BBOT affected versions not specified Description The gitlab module in BBOT may allow an attacker to disclose a GitLab API key to a server under their control by using a maliciously formatted git URL. This could potentially lead to unauthorized...

4.7CVSS5.8AI score0.00213EPSS
Exploits0References12
CNNVD
CNNVD
added 2025/10/09 12:0 a.m.9 views

BBOT 安全漏洞

BBOT is a recursive Internet scanner open-sourced by Black Lantern Security. BBOT suffers from a security vulnerability that originates in the gitclone module, where a maliciously formatted git URL could lead to the disclosure of GitHub API keys to an attacker-controlled server...

4.7CVSS6.2AI score0.00213EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/09 12:0 a.m.12 views

BBOT 安全漏洞

BBOT is a recursive Internet scanner open-sourced by Black Lantern Security. BBOT suffers from a security vulnerability that stems from a maliciously formatted git URL that could lead to the disclosure of GitLab API keys to an attacker-controlled server...

4.7CVSS6.3AI score0.00213EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-32227

Malicious code in bioql PyPI...

5.9CVSS6.6AI score0.00274EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-0738

Malicious code in bioql PyPI...

4.3CVSS4.7AI score0.00508EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-28661

Malicious code in bioql PyPI...

7.3CVSS6.6AI score0.01259EPSS
Exploits0References3
Rows per page
Query Builder