Lucene search
K

59 matches found

RedhatCVE
RedhatCVE
added 2026/07/06 2:23 p.m.6 views

CVE-2026-55699

A flaw was found in pnpm, a package manager. When a malicious package with specially crafted manifest bin object keys such as "." or ".." is installed globally, subsequent package management operations like removal, update, or replacement could lead to the deletion of critical directories. This...

6.5CVSS5.9AI score0.00286EPSS
Exploits1References4
NVD
NVD
added 2026/06/25 6:16 p.m.9 views

CVE-2026-55699

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, Manifest bin object keys such as "", ".", and ".." passed pnpm's bin-name guard. When a malicious package was installed globally, later global remove, update, or add-replacement flows could re-derive those names from the installed manifest a...

6.5CVSS0.00286EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.18 views

PT-2026-44375

An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd daemon binary to root:wheel, five co-located binaries multipass, qemu-img, qemu-system-aarch64,...

7.8CVSS6AI score0.00141EPSS
Exploits1References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/12 7:42 a.m.14 views

Malicious code in @chahuadev/junk-sweeper-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d446150767f92344d8d0a699f5879bd746200fb8beb60554408699868f03d51 The package's postinstall script package.json line 10: "postinstall": "node install.js" unconditionally fetches a platform-native executable from...

5.8AI score
Exploits0References1
Cvelist
Cvelist
added 2026/01/15 3:52 p.m.23 views

CVE-2021-47761 MilleGPG5 5.7.2 Luglio 2021 (x64) - Local Privilege Escalation

MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.exe with a malicious executable, which will execute with system privileges when the computer restar...

8.5CVSS0.00095EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/15 3:52 p.m.3 views

EUVD-2026-2779

MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.exe with a malicious executable, which will execute with system privileges when the computer restar...

8.5CVSS6.4AI score0.00095EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/15 3:52 p.m.2 views

CVE-2021-47761 MilleGPG5 5.7.2 Luglio 2021 (x64) - Local Privilege Escalation

MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.exe with a malicious executable, which will execute with system privileges when the computer restar...

8.5CVSS6.5AI score0.00095EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.7 views

MilleGPG5 security vulnerabilities

MilleGPG5 is an application developed by MilleGPG company. Version 5.7.2 of MilleGPG5 contains a security vulnerability. This vulnerability stems from allowing authenticated users to modify the service executable files located in the MariaDB bin directory, potentially leading to local privilege...

8.5CVSS5.8AI score0.00095EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/07 9:39 a.m.6 views

CVE-1999-0509

Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands...

10CVSS7.8AI score0.33392EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/22 1:35 p.m.4 views

CVE-2023-53949

AspEmail 5.6.0.2 contains a binary permission vulnerability that allows local users to escalate privileges through the Persits Software EmailAgent service. Attackers can exploit full write permissions in the BIN directory to replace the service executable and gain elevated system access...

8.5CVSS6.8AI score0.00114EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/19 9:5 p.m.27 views

CVE-2023-53949 AspEmail 5.6.0.2 Local Privilege Escalation via Binary Permission Vulnerability

AspEmail 5.6.0.2 contains a binary permission vulnerability that allows local users to escalate privileges through the Persits Software EmailAgent service. Attackers can exploit full write permissions in the BIN directory to replace the service executable and gain elevated system access...

8.5CVSS0.00114EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-11067

Malware in sbrugna...

7CVSS6.8AI score0.0108EPSS
Exploits5References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2000-0022

Malware in sbrugna...

5CVSS6.4AI score0.01138EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2006-5523

Malware in sbrugna...

5CVSS6.4AI score0.01198EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2001-1563

Malware in sbrugna...

10CVSS6.4AI score0.082EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2000-1207

Malware in sbrugna...

5CVSS6.4AI score0.01299EPSS
Exploits1References2
CVE
CVE
added 2025/08/15 9:32 a.m.22 views

CVE-2025-9026

CVE-2025-9026 affects D-Link DIR-860L (firmware 2.04.B04). The vulnerability is in the Simple Service Discovery Protocol component, specifically the ssdpcgi_main function in htdocs/cgibin, enabling remote OS command injection. Publicly disclosed exploit indicates active risk, with impact on confi...

9.8CVSS7.7AI score0.03916EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2025/05/13 10:45 a.m.47 views

CVE-2025-32917

CVE-2025-32917 affects Checkmk’s jar_signature agent plugin. Affected versions are before 2.4.0b7 (beta), before 2.3.0p32, before 2.2.0p42, and 2.1.0p49 (EOL). The vulnerability allows a user with write access to JAVA_HOME/bin to escalate privileges. The provided documents do not contain explicit...

8.8CVSS7.5AI score0.0026EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/02/20 12:0 a.m.9 views

The vulnerability of the DIR-605L router’s microprogramming software, related to the execution of operations outside the buffer in memory, allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the DIR-605L router’s microprogramming software is related to buffer overflows during the processing of BOA binary files in the bin directory. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause service failures...

10CVSS8.4AI score0.01236EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2021/12/08 8:24 p.m.595 views

Exploit for Missing Authentication for Critical Function in Zohocorp Manageengine_Servicedesk_Plus

CVE-2021-44077 Proof of Concept Exploit for CVE-2021-44077: Pr...

9.8CVSS9.8AI score0.93514EPSS
Exploits6
Rows per page
Query Builder