Lucene search
+L

1861 matches found

Vulnrichment
Vulnrichment
added 2026/06/12 2:17 p.m.11 views

CVE-2026-47141 vm2: NodeVM observability builtins leak host process and HTTP request data

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The diagnosticschannel, asynchooks, and perfhooks builtins are not blocked by the dangerous builtin denylist. These modules...

6.9CVSS5.3AI score0.00308EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 2:17 p.m.13 views

EUVD-2026-36449

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The diagnosticschannel, asynchooks, and perfhooks builtins are not blocked by the dangerous builtin denylist. These modules...

6.9CVSS5.2AI score0.00308EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 2:17 p.m.42 views

CVE-2026-47141

CVE-2026-47141 affects vm2 NodeVM where diagnostics_channel, async_hooks, and perf_hooks observability builtins were exposed to sandboxed code before patching in vm2 3.11.4. These process‑wide modules can leak host data (e.g., HTTP headers, AsyncResource state, performance entries) into the sandb...

6.9CVSS5.2AI score0.00308EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 2:17 p.m.3 views

CVE-2026-47141 vm2: NodeVM observability builtins leak host process and HTTP request data

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The diagnosticschannel, asynchooks, and perfhooks builtins are not blocked by the dangerous builtin denylist. These modules...

6.9CVSS6AI score0.00308EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 1:54 p.m.16 views

Malicious code in pui-diagnostics (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f05c21e14c3c230fc88a2e0513e8dcd1ba8eda06a21ee1371dd5277b4280740a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
Snyk
Snyk
added 2026/06/11 1:54 p.m.13 views

Malicious Package

Overview pui-diagnostics is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
OSV
OSV
added 2026/06/11 1:54 p.m.9 views

MAL-2026-5670 Malicious code in pui-diagnostics (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f05c21e14c3c230fc88a2e0513e8dcd1ba8eda06a21ee1371dd5277b4280740a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/10 10:7 a.m.14 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is affected by an identity spoofing vulnerability

Summary The security issue described in CVE-2026-8644 has been identified in WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affecte...

9.1CVSS5.3AI score0.0033EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/10 10:4 a.m.13 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed WebSphere Application Server traditional is affected by remote code execution

Summary The security issue described in CVE-2026-9319 has been identified in WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affecte...

9CVSS5.3AI score0.00458EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/10 10:0 a.m.17 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server traditional is affected by remote code execution.

Summary The security issue described in CVE-2026-9330 and CVE-2026-9311 as been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the...

9CVSS5.4AI score0.00508EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2026/06/07 12:0 p.m.46 views

proc-macro-error2 is unmaintained

The author of proc-macro-error2 has confirmed that the crate is no longer maintained and recommends that users migrate away from it. proc-macro-error2 was originally created as a maintained fork of proc-macro-error see RUSTSEC-2024-0370. Both the original crate and this fork are now unmaintained...

5.5AI score
Exploits0
OSV
OSV
added 2026/06/07 12:0 p.m.82 views

RUSTSEC-2026-0173 proc-macro-error2 is unmaintained

The author of proc-macro-error2 has confirmed that the crate is no longer maintained and recommends that users migrate away from it. proc-macro-error2 was originally created as a maintained fork of proc-macro-error see RUSTSEC-2024-0370. Both the original crate and this fork are now unmaintained...

5.5AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.10 views

CVE-2026-0827

During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated...

7.1CVSS5.6AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.12 views

CVE-2026-25787

Affected devices do not properly validate and sanitize Technology Object TO name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the...

9.3CVSS7.8AI score0.0037EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.8 views

CVE-2026-50211

Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers...

9.8CVSS5.5AI score0.0029EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.11 views

CVE-2026-9844

Use of default credentials vulnerability in Roche Diagnostics navify Digital Pathology RabbitMQ Management interface modules allows Default Usernames and Passwords. This issue affects navify Digital Pathology: from 2.0.0 before 2.4.1...

8.8CVSS5.4AI score0.00239EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.15 views

PT-2026-46988

Name of the Vulnerable Software and Affected Versions Omni affected versions not specified Description An authenticated Operator can perform a same-host path traversal by exploiting the managementServer.CreateSchematic internal/backend/grpc/schematics.go function. The issue occurs because the...

2.7CVSS5.9AI score0.00043EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/04 12:4 p.m.12 views

EUVD-2026-34247

This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted...

8.7CVSS6.5AI score0.00388EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 12:4 p.m.10 views

CVE-2026-45431

This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted...

8.7CVSS6.5AI score0.00388EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 9:16 a.m.14 views

CVE-2026-50211

Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers...

9.8CVSS0.0029EPSS
Exploits0References1
Rows per page
Query Builder