Lucene search
K

1394 matches found

OSV
OSV
added 2026/06/11 5:0 a.m.16 views

MAL-2026-5564 Malicious code in @tonsdk/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9a9a70e3d8b322df960cb96b195f74693eb4d2ea284680e4cfb41a33f1848f8 @tonsdk/core impersonates the legitimate @ton/core TON blockchain SDK. On npm install, scripts/postinstall.js executes automatically and performs two...

6.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 5:0 a.m.17 views

Malicious code in @tonsdk/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9a9a70e3d8b322df960cb96b195f74693eb4d2ea284680e4cfb41a33f1848f8 @tonsdk/core impersonates the legitimate @ton/core TON blockchain SDK. On npm install, scripts/postinstall.js executes automatically and performs two...

6.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:29 p.m.17 views

Malicious code in gethandler-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b6925d4c07df297f8cb573df4d85a396794d8793179e7a97f2cfde3aadfcfbc On npm install, postinstall.js unconditionally sends an HTTPS GET to https://webhook.site/18dc4281-d366-438a-9186-76fbcd56ade5 carrying the installer...

6.1AI score
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/06/09 12:0 a.m.8 views

phpVMS 7.0.5 Security Exposure Scanner

This script is a non-destructive security scanner designed to assess phpVMS installations by performing read-only HTTP requests. It fingerprints targets using known phpVMS-related signatures and checks for the presence and accessibility of common importer and administration endpoints...

9.4CVSS5.4AI score0.01173EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.12 views

EulerOS 2.0 SP11 : libssh (EulerOS-SA-2026-2252)

According to the versions of the libssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The API function sshgethexa is vulnerable, when 0-lenght input is provided to this function. This function is used internally in...

8.2CVSS5.9AI score0.00631EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.13 views

EulerOS Virtualization 2.10.0 : libssh (EulerOS-SA-2026-2054)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A malicious SCP server can send unexpected paths that could make the client application override local files outside of working...

8.2CVSS6.8AI score0.58204EPSS
Exploits9References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.13 views

CVE-2026-45727

CloakBrowser is a tool to bypass bot detection tests. Prior to version 0.3.28, the cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker who can reach the cloakser...

8.8CVSS5.5AI score0.00475EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.13 views

CVE-2026-44700

Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing DTLS peer certificate fingerprint validation in the DTLS client active role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in...

8.7CVSS5.4AI score0.00255EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.27 views

PT-2026-46879

Impact So far, kas checks out and processes repositories regarding configuration includes prior to validating signatures of those repositories. This may allow to replace on original repository with one under the control of an attacker under very specific conditions. First of all, the attacker mus...

2.1CVSS5.8AI score0.00021EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.20 views

PT-2026-46846

Impact So far, kas checks out and processes repositories regarding configuration includes prior to validating signatures of those repositories. This may allow to replace on original repository with one under the control of an attacker under very specific conditions. First of all, the attacker mus...

2.1CVSS5.8AI score
Exploits0References6
NVD
NVD
added 2026/06/01 7:16 p.m.12 views

CVE-2026-45727

CloakBrowser is a tool to bypass bot detection tests. Prior to version 0.3.28, the cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker who can reach the cloakser...

8.8CVSS0.00475EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 5:23 p.m.11 views

CVE-2026-45727 CloakBrowser: Unauthenticated path traversal via fingerprint parameter in cloakserve leads to arbitrary directory deletion

CloakBrowser is a tool to bypass bot detection tests. Prior to version 0.3.28, the cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker who can reach the cloakser...

8.8CVSS5.9AI score0.00475EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 5:23 p.m.9 views

CVE-2026-45727

CloakBrowser is a tool to bypass bot detection tests. Prior to version 0.3.28, the cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker who can reach the cloakser...

8.8CVSS5.9AI score0.00475EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/01 5:23 p.m.36 views

CVE-2026-45727

CloakBrowser’s cloakserve component is vulnerable to an unauthenticated path-traversal via the fingerprint parameter. Prior to v0.3.28, the fingerprint value is used as a filesystem path component when creating Chrome profile directories, allowing an attacker who can reach the cloakserve port to ...

8.8CVSS5.9AI score0.00475EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/01 5:23 p.m.62 views

CVE-2026-45727 CloakBrowser: Unauthenticated path traversal via fingerprint parameter in cloakserve leads to arbitrary directory deletion

CloakBrowser is a tool to bypass bot detection tests. Prior to version 0.3.28, the cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker who can reach the cloakser...

8.8CVSS0.00475EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 5:23 p.m.18 views

EUVD-2026-33724

CloakBrowser is a tool to bypass bot detection tests. Prior to version 0.3.28, the cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker who can reach the cloakser...

8.8CVSS5.9AI score0.00475EPSS
Exploits0References1
OSV
OSV
added 2026/06/01 5:23 p.m.5 views

CVE-2026-45727 CloakBrowser: Unauthenticated path traversal via fingerprint parameter in cloakserve leads to arbitrary directory deletion

CloakBrowser is a tool to bypass bot detection tests. Prior to version 0.3.28, the cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker who can reach the cloakser...

8.8CVSS6AI score0.00475EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/01 2:1 a.m.17 views

webkitgtk: A maliciously crafted webpage may be able to fingerprint the user

A flaw was found in WebKitGTK. A maliciously crafted web page can cause an authorization issue due to improper state management and may be able to fingerprint the user...

4.3CVSS5.7AI score0.00276EPSS
Exploits0References5
OSV
OSV
added 2026/05/29 10:18 p.m.5 views

GHSA-9VP8-3HMV-8FGH stigmem-node's federation peer registration lacked explicit out-of-band approval

Impact Federation peer registration accepted peer key material during registration without a separate administrator approval step based on an out-of-band fingerprint check. Impacted deployments are nodes that accept federation peer registration across a network where initial registration could be...

9.1CVSS5.8AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/29 10:18 p.m.23 views

stigmem-node's federation peer registration lacked explicit out-of-band approval

Impact Federation peer registration accepted peer key material during registration without a separate administrator approval step based on an out-of-band fingerprint check. Impacted deployments are nodes that accept federation peer registration across a network where initial registration could be...

5.8AI score
Exploits0References5Affected Software1
Rows per page
Query Builder