219841 matches found
CVE-2026-7686
Eyeo Adblock Plus (Chrome) up to 4.36.2 contains a vulnerability in postMessage handling within premium.preload.js (Legacy Premium Activation). Exploitation allows improper access controls with remote execution; the attack is publicly disclosed. The vendor notes the legacy activation path is depr...
CVE-2026-7686 eyeo Adblock Plus Legacy Premium Activation premium.preload.js postMessage access control
A vulnerability was found in eyeo Adblock Plus up to 4.36.2 on Chrome. Affected by this vulnerability is the function postMessage of the file premium.preload.js of the component Legacy Premium Activation. Performing a manipulation results in improper access controls. Remote exploitation of the...
MAL-2026-3240 Malicious code in timesmcplib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 da06df6b9831a400bbf6f90e6ae20c8633f5ca98f71ca4927cbc0647ec6ccb17 During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...
Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 访问控制错误漏洞
Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform is a power operation and maintenance cloud platform developed by Acrel Corporation. Version 1.3.0 of Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform contains an access control...
PT-2026-36730
Velociraptor versions prior to 0.76.4 contain a resource exhaustion vulnerability in the server's agent control channel. This allows a compromised or rogue Velociraptor client to crash the server via out-of-memory OOM by sending crafted messages through the normal client communication channel...
crmeb_java 访问控制错误漏洞
crmebjava is an open-source e-commerce system developed by CRMEB. Versions of crmebjava 1.3.4 and earlier contained a access control vulnerability. This vulnerability stemmed from unknown code in the Admin Upload component, specifically in the...
Malicious code in timermcplib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 999846a0fc964a7818742a15f547ddd0b154f6ca559902c048c3f478a681c64c During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...
MAL-2026-3239 Malicious code in timermcplib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 999846a0fc964a7818742a15f547ddd0b154f6ca559902c048c3f478a681c64c During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...
Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel
copy-success — CVE-2026-31431 Compensating Control A defensiv...
Exploit for Missing Authentication for Critical Function in Cpanel
CVE-2026-41940 - cPanel & WHM Authentication Bypass Proof of C...
ksmbd: use check_add_overflow() to prevent u16 DACL size overflow
...
crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed
...
Exploit for Insufficient Granularity of Access Control in Microsoft
CVE-20...
MAL-2026-3230 Malicious code in currenttimerpy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ccd5c81889e68b6ae8a0e8ef90b7c3a4dc447b08872ad6ac48ce94804985379d During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...
Malicious code in timermcp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a3fb8935c61e214bb5bdfe858c15d8d00fce16ae5a8ee00d88af7c1aa363e656 During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...
MAL-2026-3231 Malicious code in timermcp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a3fb8935c61e214bb5bdfe858c15d8d00fce16ae5a8ee00d88af7c1aa363e656 During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...
[SECURITY] Fedora 42 Update: openvpn-2.6.20-1.fc42
OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...
SUSE CVE-2026-31709
In the Linux kernel, the following vulnerability has been resolved: smb: client: validate the whole DACL before rewriting it in cifsacl buildsecdesc and idmodetocifsacl derive a DACL pointer from a server-supplied dacloffset and then use the incoming ACL to rebuild the chmod/chown security...
SUSE CVE-2026-31712
In the Linux kernel, the following vulnerability has been resolved: ksmbd: require minimum ACE size in smbcheckpermdacl Both ACE-walk loops in smbcheckpermdacl only guard against an under-sized remaining buffer, not against an ACE whose declared ace-size is smaller than the struct it claims to...
cups: Fix of CVE-2026-34980
CVE-2026-34980: filter control characters from option values in the scheduler to prevent PPD keyword injection via Print-Job...