Lucene search
K

1852 matches found

Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.16 views

PT-2026-46194

This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted...

8.7CVSS6.5AI score0.00388EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.21 views

PT-2026-46163

Name of the Vulnerable Software and Affected Versions Acer Connect M6E 5G Portable WiFi Router affected versions not specified Description Engineering diagnostics and factory-level diagnostic software are exposed on retail builds. This allows malicious applications to obtain write privileges to...

9.8CVSS5.5AI score0.0029EPSS
Exploits0References4
NVD
NVD
added 2026/06/02 2:17 p.m.18 views

CVE-2026-9844

Use of default credentials vulnerability in Roche Diagnostics navify Digital Pathology RabbitMQ Management interface modules allows Default Usernames and Passwords. This issue affects navify Digital Pathology: from 2.0.0 before 2.4.1...

8.8CVSS0.00239EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

Roche Diagnostics navify Digital Pathology 安全漏洞

Roche Diagnostics navify Digital Pathology is an enterprise-level digital pathology software platform developed by Roche Diagnostics for the management and collaboration of pathological images. Versions 2.0.0 to 2.4.1 of Roche Diagnostics navify Digital Pathology contained security vulnerabilitie...

8.8CVSS5.3AI score0.00239EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/29 6:20 p.m.9 views

Incomplete List of Disallowed Inputs

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the NodeVM builtin allowlist in lib/builtin.js. An attacker can read host-process state by supplying a sandb...

8.2CVSS5.9AI score0.00308EPSS
Exploits0References2
OSV
OSV
added 2026/05/29 6:20 p.m.13 views

GHSA-9G8X-92Q2-P28F NodeVM observability builtins leak host process and HTTP request data

Summary NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The following builtins are not blocked by the dangerous builtin denylist: text diagnosticschannel asynchooks perfhooks These modules are process-wide, not sandbox-local. Sandboxed code c...

8.2CVSS5.8AI score0.00308EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/29 6:20 p.m.19 views

NodeVM observability builtins leak host process and HTTP request data

Summary NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The following builtins are not blocked by the dangerous builtin denylist: text diagnosticschannel asynchooks perfhooks These modules are process-wide, not sandbox-local. Sandboxed code c...

6.9CVSS5.8AI score0.00308EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/05/29 3:20 p.m.4 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the getdiagnostics process. An attacker can execute arbitrary code with the server's operating system privileges by placing a malicious .csproj file that references an attacker-controlled DLL in a location...

8.5CVSS6.2AI score0.00143EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/29 12:54 p.m.12 views

CVE-2026-45555 Roslyn CodeLens MCP Server: Untrusted Roslyn Analyzer Execution via get_diagnostics Leads to Arbitrary Code Execution

Roslyn CodeLens MCP Server is a Roslyn-based MCP server providing semantic code intelligence for .NET codebases. From 0.0.9 to 1.17.0, the getdiagnostics MCP tool loads and executes all DiagnosticAnalyzer assemblies referenced by the target solution without any allowlist, signature check, or user...

7.8CVSS6.4AI score0.00143EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 12:54 p.m.27 views

CVE-2026-45555

Summary : The Roslyn CodeLens MCP Server (MCP) processes Diagnostics via get_diagnostics, loading all DiagnosticAnalyzer assemblies in the target solution without any allowlist, signature check, or user confirmation. From versions 0.0.9–1.17.0, this enables arbitrary code execution in the MCP ser...

7.8CVSS6.4AI score0.00143EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.17 views

PT-2026-45023

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.4 Description NodeVM exposes process-wide observability builtins when they are permitted via require.builtin. Specifically, the diagnostics channel, async hooks, and perf hooks modules are not included in the dangero...

6.9CVSS5.3AI score0.00308EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.14 views

Roslyn CodeLens MCP Server 安全漏洞

Roslyn CodeLens MCP Server is a Roslyn-based .NET code library tool for deep semantic analysis, developed by Marcel Roozekrans. Versions of Roslyn CodeLens MCP Server from 0.0.9 to 1.17.0 contain security vulnerabilities. These vulnerabilities stem from the getdiagnostics tool, which loads and...

7.8CVSS6.1AI score0.00143EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 11:35 a.m.13 views

Malicious code in clawpro-diagnostics-metrics-cls (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d176cad00849132cb8df7ca53ac064e1980cea09bfe9b25836a78b4719b08ea The package's dist/index.js contains hardcoded HTTP POST calls targeting http://metadata.tencentyun.com along with reads of process.platform and...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/25 11:35 a.m.15 views

MAL-2026-4527 Malicious code in clawpro-diagnostics-metrics-cls (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d176cad00849132cb8df7ca53ac064e1980cea09bfe9b25836a78b4719b08ea The package's dist/index.js contains hardcoded HTTP POST calls targeting http://metadata.tencentyun.com along with reads of process.platform and...

5.8AI score
Exploits0References1
Fedora
Fedora
added 2026/05/21 11:21 p.m.14 views

[SECURITY] Fedora 44 Update: cockpit-362-1.fc44

The Cockpit Web Console enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more...

8CVSS7AI score0.01016EPSS
Exploits0
Snyk
Snyk
added 2026/05/20 7:7 p.m.5 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the diagnostics endpoint. An attacker can obtain sensitive secret-backed plugin configuration data by accessing this endpoint. Remediation Upgrade...

6.1CVSS5.8AI score
Exploits0References3
Snyk
Snyk
added 2026/05/20 7:7 p.m.9 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the diagnostics endpoint. An attacker can obtain sensitive secret-backed plugin configuration data by accessing this endpoint. Remediation There is no fixed version for...

6.1CVSS5.8AI score
Exploits0References3
OSV
OSV
added 2026/05/20 7:7 p.m.10 views

GO-2026-5010 Kong Ingress Controller for Kubernetes (KIC): Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint in github.com/kong/kubernetes-ingress-controller

Kong Ingress Controller for Kubernetes KIC: Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint in github.com/kong/kubernetes-ingress-controller...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.23 views

PT-2026-42386

Kong Ingress Controller for Kubernetes KIC: Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint in github.com/kong/kubernetes-ingress-controller...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/19 7:28 p.m.10 views

GHSA-3278-C88V-XRH4 Kong Ingress Controller for Kubernetes (KIC): Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint

Summary A vulnerability in the Kong Ingress Controller KIC allows for the unauthorized exposure of sensitive plugin credentials through the diagnostics interface. Even when configured to redact sensitive information using --dump-sensitive-config=false, KIC fails to sanitize the Plugins field in...

4.9CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder