Lucene search
+L

2885 matches found

OSV
OSV
added 2026/06/19 9:5 p.m.11 views

MAL-2026-6230 Malicious code in django-auth-middleware-plus (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cf58978ba5eec5220b4b4d85966efff31d31d164ff103f98dfd627381e061ec On import, djangoauthmiddlewareplus/init.py spawns a daemon thread that POSTs a JSON payload containing the host's hostname, username, cwd, environme...

5.9AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 5:57 p.m.67 views

Security Bulletin: MySQL 0-day exploit (CVE-2016-6662)

Question Security Bulletin: MySQL 0-day exploit CVE-2016-6662 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All Versions","Edition":"","Line of...

10CVSS8.4AI score0.6773EPSS
Exploits16Affected Software1
EUVD
EUVD
added 2026/06/18 4:11 p.m.12 views

EUVD-2026-37908

Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern...

6.9CVSS5.2AI score0.0028EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/16 11:41 p.m.6 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the GetIssueTemplates, GetIssueConfig, and ValidateIssueConfig API endpoints, which lack proper authorization checks. An attacker can access sensitive configuration files from the Code default branch of a privat...

5.3CVSS5.9AI score0.00283EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.143 views

Buffalo WSR-2533DHPL2 - Path Traversal

Buffalo WSR-2533DHPL2 firmware version = 1.02 and WSR-2533DHP3 firmware version = 1.24 are susceptible to a path traversal vulnerability that could allow unauthenticated remote attackers to bypass authentication in their web interfaces. id: CVE-2021-20090 info: name: Buffalo WSR-2533DHPL2 - Path...

9.8CVSS8.3AI score0.99983EPSS
Exploits5References5
Vulnrichment
Vulnrichment
added 2026/06/15 12:0 p.m.9 views

CVE-2016-20079 WordPress Dharma Booking 2.28.3 Local File Inclusion via proccess.php

WordPress Dharma Booking 2.28.3 and earlier contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the gateway parameter. Attackers can supply file paths with directory traversal sequences or null byte injection to the gatewa...

6.9CVSS5.4AI score0.00778EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 10:5 a.m.14 views

EUVD-2026-36712

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse engineer the DLL and recover the hard-coded cryptographic key. This...

6.8CVSS5.3AI score0.0012EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/15 10:5 a.m.43 views

CVE-2026-34029 Hard-coded cryptographic key in Wertheim SafeController Software allows decryption of sensitive configuration data

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse engineer the DLL and recover the hard-coded cryptographic key. This...

6.8CVSS0.0012EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.21 views

PT-2026-49200

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse engineer the DLL and recover the hard-coded cryptographic key. This...

6.8CVSS5.2AI score0.0012EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/13 6:0 a.m.9 views

CVE-2026-9062 Agile Store Locator < 1.6.9 - Admin+ Arbitrary File Read via Path Traversal

The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-privileged users such as administrators to read arbitrary .php files from the server, including configuration files that contain database credentials and authentication keys...

5.5AI score0.00248EPSS
Exploits0References1
CVE
CVE
added 2026/06/13 6:0 a.m.28 views

CVE-2026-9062

The CVE-2026-9062 entry concerns the Store Locator WordPress plugin (affected versions prior to 1.6.9). The vulnerability arises from insufficient validation of a parameter used in a file path, enabling high-privilege users (e.g., administrators) to read arbitrary PHP files from the server, inclu...

3.4CVSS5.5AI score0.00248EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.20 views

PT-2026-49080

Name of the Vulnerable Software and Affected Versions Store Locator WordPress plugin versions prior to 1.6.9 Description Insufficient validation of a parameter used in a file path allows high-privileged users, such as administrators, to read arbitrary .php files from the server. This can lead to...

3.4CVSS5.5AI score0.00248EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2026/06/12 12:0 a.m.74 views

📄 FortiSandbox 4.4.7 Authentication Bypass / Command Injection

This Metasploit auxiliary scanner module is designed to collect system and environment information from vulnerable FortiSandbox instances by leveraging two disclosed vulnerabilities: an authentication bypass and a command injection flaw. The module supports multiple collection modes, including...

9.8CVSS5.9AI score0.84158EPSS
Exploits8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 4:48 a.m.16 views

Malicious code in @sentry-internal-sdk/profiling-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7951165844874f57819b0d63b8c8511e4e9217bf0f9231ec02f06cb6e059c47 Package name @sentry-internal-sdk/profiling-node impersonates the legitimate @sentry/profiling-node Sentry publishes under the @sentry org; no...

5.5AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.15 views

PT-2026-48155

An issue was discovered in Malwarebytes 4.x and 5.x and Nebula 2020-10-21 and later. A large number of Firefox preference files can cause the parser to ignore other browser configuration files, leading to a denial of service...

5.5AI score0.00118EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.11 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
NVD
NVD
added 2026/06/05 10:16 p.m.11 views

CVE-2026-11416

MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a filename taken directly from remote cloud API metadata without basename...

8.1CVSS0.00469EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/05 9:42 p.m.35 views

CVE-2026-11416 MoviePilot Path Traversal via Cloud Storage Download Handlers

MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a filename taken directly from remote cloud API metadata without basename...

8.1CVSS0.00469EPSS
Exploits0References3
Rows per page
Query Builder