Lucene search
K

124 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago5 views

Malicious code in google-caja-bower (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e34339f1be6afb8a41b6dbe2f7d7c480d5a438a67ff119b235d1d98ffa2b2e4a [email protected] declares scripts.preinstall = 'node index.js', so index.js runs automatically on npm install. index.js walks the...

6.1AI score
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.4 views

CVE-2026-57288

Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native ADSI authentication path, allowing unauthenticated attackers to inject LDAP wildcard characters to enumerate directory entries and to authenticate as a...

3.7CVSS5.9AI score0.00224EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 1:20 p.m.10 views

EUVD-2026-38768

Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native ADSI authentication path, allowing unauthenticated attackers to inject LDAP wildcard characters to enumerate directory entries and to authenticate as a...

3.7CVSS5.9AI score0.00224EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 3:16 a.m.10 views

CVE-2026-11748

A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters, allowing an unauthenticated attacker to manipulate t...

6.9CVSS0.00386EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 2:37 a.m.34 views

CVE-2026-11748

A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters, allowing an unauthenticated attacker to manipulate t...

6.9CVSS0.00386EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 2:37 a.m.3 views

CVE-2026-11748

A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters, allowing an unauthenticated attacker to manipulate t...

6.9CVSS5.8AI score0.00386EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 2:37 a.m.10 views

EUVD-2026-38208

A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters, allowing an unauthenticated attacker to manipulate t...

6.9CVSS5.8AI score0.00386EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 2:37 a.m.13 views

CVE-2026-11748

The CVE affects centraldogma-server-auth-shiro

6.9CVSS5.8AI score0.00386EPSS
Exploits0References1
CERT
CERT
added 2026/06/22 12:0 a.m.8 views

Multiple file parsing vulnerabilities in FastStone Image Viewer 8.3.0.0

Overview Two vulnerabilities have been identified in FastStone Image Viewer 8.3 that may allow remote code execution or control-flow corruption when processing specially crafted image files. The affected components include the JPEG 2000 JP2 parser and the PSD file parser. An attacker can exploit...

7.5CVSS7.2AI score0.00571EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/06/12 1:11 p.m.96 views

Web-Attack-Detection-Lab

!Kali Linuxhttps://img.shields.io/badge/KaliLinux-557C94?sty...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/12 1:11 p.m.79 views

-Web-Attack-Detection-Lab

!Kali Linuxhttps://img.shields.io/badge/KaliLinux-557C94?sty...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/28 8:16 p.m.9 views

UBUNTU-CVE-2026-49128

Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...

8.7CVSS5.9AI score0.00501EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/05/28 7:2 p.m.10 views

CVE-2026-49128 Music Player Daemon < 0.24.11 Path Traversal via LocalStorage URI Handling

Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...

8.7CVSS5.9AI score0.00501EPSS
Exploits0References7
OSV
OSV
added 2026/05/26 1:0 a.m.18 views

MAL-2026-4726 Malicious code in weavedb-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2da95bd75489853f6b09a9aef5a5ee03ee6715b41dac446d29f273c750027a3 package.json declares "preinstall": "./dist/runtime.node", which directly executes a 976KB Linux ELF binary at every npm install. The .node extension...

5.9AI score
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

PaperCut MF 安全漏洞

PaperCut MF is a multi-functional printer control software developed by the Australian company PaperCut. Version 25.0.4 of PaperCut MF contains a security vulnerability. This vulnerability stems from insufficient path validation and cleanup measures, which may allow authenticated administrators t...

4.9CVSS5.8AI score0.00376EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/04/23 5:15 a.m.125 views

hangover-ctf-wolfpack-deals

🎰 The Hangover CTF — Machine 1: Wolfpack Deals "What happe...

8.8CVSS7.1AI score0.43988EPSS
Exploits27
RedhatCVE
RedhatCVE
added 2026/04/16 9:59 a.m.7 views

CVE-2026-40193

A flaw was found in maddy, a composable mail server. This LDAP Lightweight Directory Access Protocol injection vulnerability allows a remote attacker to inject arbitrary LDAP filter expressions into username fields during authentication. By exploiting this, an attacker can achieve identity...

8.2CVSS5.9AI score0.00419EPSS
Exploits1References2
OSV
OSV
added 2026/04/03 11:3 a.m.9 views

MAL-2026-2449 Malicious code in mgc (npm)

Package fetches platform-specific stage-2 payloads from a GitHub Gist. The stage-2 payloads are full Remote Access Trojans RATs for Linux Python and Windows PowerShell that beacon to a C2 server, exfiltrate system information, enumerate directories, execute arbitrary commands, and support binary...

6.1AI score
Exploits0References2
GithubExploit
GithubExploit
added 2026/03/31 4:46 p.m.141 views

web-vuln-scanner

web-vuln-scanner A modular...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/31 4:59 a.m.7 views

CVE-2026-29909

MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials...

5.3CVSS5.9AI score0.0041EPSS
Exploits1References1
Rows per page
Query Builder