Lucene search
K

15201 matches found

Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.12 views

Remote Desktop Client Remote Code Execution Vulnerability

Concurrent execution using shared resource with improper synchronization 'race condition' in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

7.5CVSS7.4AI score0.00473EPSS
Exploits0
OSV
OSV
added 2026/06/09 7:55 a.m.10 views

MAL-2026-5357 Malicious code in farming-tools-12 (npm)

Crypto/SSH/wallet stealer, blockchain-helper-0 campaign sibling c960+, same aicrypto-xzggg publisher and "Core utilities for blockchain development" description as swap-sdk-87/defi-tools-39. postinstall auto-execs, src/index.js harvests /.ssh keys + Sol/Eth/BTC/Tron/Sui/Aptos wallets + .env +...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/09 7:55 a.m.11 views

MAL-2026-5359 Malicious code in swap-sdk-87 (npm)

Crypto/SSH/wallet stealer, blockchain-helper-0 campaign sibling c960+. postinstall auto-execs, src/index.js harvests /.ssh keys + Sol/Eth/BTC/Tron/Sui/Aptos wallets + .env + seeds, self-labels "CRYPTO STEALER", exfils to SAME Telegram bot 8227918239 chat 6433587894 not rotated. Inflated version...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/09 7:53 a.m.10 views

MAL-2026-5351 Malicious code in @demica/shared (npm)

Note: This report is updated by a verification record Dep-confusion squat of internal @demica/shared at sentinel high version 99.99.100 + auto-exec postinstall canary.js beaconing to RAW IP 157.230.17.236:80/dc. Sentinel-high-version + auto-exec beacon = MALICIOUS per operator policy c913;...

5.4AI score
Exploits0References2
OSV
OSV
added 2026/06/09 7:52 a.m.9 views

MAL-2026-5350 Malicious code in @demica/resources (npm)

Note: This report is updated by a verification record Dep-confusion squat of internal @demica/resources at sentinel high version 99.99.100 + auto-exec postinstall canary.js beaconing to RAW IP 157.230.17.236:80/dc. Sentinel-high-version + auto-exec beacon = MALICIOUS per operator policy c913;...

5.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 3:26 a.m.13 views

Malicious code in solana-core-4 (npm)

Crypto/SSH/wallet stealer, blockchain-helper-0/web3-tools-9 campaign sibling c960/c961. postinstall scripts/postinstall.js auto-execs, src/index.js harvests /.ssh/idrsa+wallet keys/seeds+env, self-labels "CRYPTO STEALER", exfils to IDENTICAL Telegram bot 8227918239 chat 6433587894 not rotated...

5.5AI score
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.14 views

Microsoft Windows 安全漏洞

Microsoft Windows is an operating system used on personal devices by the American company Microsoft. There are security vulnerabilities in Microsoft Windows, which stem from SecureBoot bypasses. These vulnerabilities could allow attackers with administrative privileges or those capable of modifyi...

7.8CVSS5.9AI score0.00097EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.12 views

Microsoft Active Directory Domain Services 缓冲区错误漏洞

Microsoft Active Directory Domain Services is a key service provided by Microsoft Corporation in the United States. It is used to manage and organize resources, users, computers, and other security objects within a network. There are security vulnerabilities associated with Microsoft Active...

8.8CVSS5.8AI score0.01124EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.11 views

PT-2026-47945

Name of the Vulnerable Software and Affected Versions Microsoft Office affected versions not specified Description A type confusion issue occurs when a resource is accessed using an incompatible type. This allows an unauthorized attacker to execute code locally within Microsoft Outlook and Word...

8.4CVSS7.3AI score0.00438EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.13 views

PT-2026-47912

Name of the Vulnerable Software and Affected Versions Windows Deployment Services affected versions not specified Description A use after free issue in Windows Deployment Services allows an unauthorized remote attacker to execute arbitrary code over a network, potentially affecting the entire...

8.1CVSS6AI score0.00589EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-48009

Name of the Vulnerable Software and Affected Versions Microsoft Office affected versions not specified Description A heap-based buffer overflow allows an unauthorized attacker to execute arbitrary code locally and remotely, affecting the system. A heap-based buffer overflow occurs when an...

7.8CVSS6.5AI score0.00372EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.9 views

PT-2026-47917

Name of the Vulnerable Software and Affected Versions Remote Desktop Client affected versions not specified Description A heap-based buffer overflow allows an unauthorized attacker to execute arbitrary code over a network, which can affect the system. A heap-based buffer overflow occurs when an...

7.6CVSS6.5AI score0.00461EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/08 6:26 p.m.8 views

CVE-2026-10544

Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbitrary commands on the systems managed by the affected PAM provider. This issue affects : Devolutions...

5.9AI score0.00196EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.14 views

PT-2026-47520

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue exists in the ServiceWorker component. This allows a remote attacker who has already compromised the renderer process to execute arbitrary code within a sandbox ...

9.6CVSS6.7AI score0.01654EPSS
Exploits4References86
RedhatCVE
RedhatCVE
added 2026/06/07 8:59 a.m.17 views

CVE-2026-7566

The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP...

6.6CVSS5.9AI score0.0045EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/07 4:50 a.m.11 views

SUSE CVE-2026-10926

Use after free in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to execute arbitrary code via malicious network traffic. Chromium security severity: High...

8.8CVSS6AI score0.00187EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.15 views

PT-2026-47129

Name of the Vulnerable Software and Affected Versions LearnPress – Backup & Migration Tool versions prior to 4.1.5 Description The plugin is susceptible to PHP Object Injection due to the deserialization of untrusted input. This allows authenticated attackers with administrator-level access or...

6.6CVSS5.8AI score0.0045EPSS
Exploits0References12
EUVD
EUVD
added 2026/06/05 8:29 p.m.15 views

EUVD-2026-32923

TinyMCE Cross-Site Scripting XSS vulnerability through mce:protected comments...

8.7CVSS5.4AI score0.00238EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.11 views

CVE-2026-10688

A vulnerability was determined in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The impacted element is the function executeblendercode of the file /src/blendermcp/server.py. This manipulation of the argument code causes code injection. The attack is possible to be carried...

6.5CVSS5.8AI score0.00178EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.14 views

CVE-2026-34371

LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the executecode sandbox when persisting code-generated artifacts. On deployments using the default local file strategy, a malicious artifact filename containing traversal sequences f...

6.3CVSS5.6AI score0.00258EPSS
Exploits1References1
Rows per page
Query Builder