Lucene search
K

1982 matches found

CNVD
CNVD
added 2026/04/22 12:0 a.m.7 views

Oracle VM VirtualBox Core Component Elevation of Privilege Vulnerability (CNVD-2026-18539)

Oracle VM VirtualBox is a desktop virtualization software developed by Oracle to run multiple operating systems on a single host. An elevation of privilege vulnerability exists in Oracle VM VirtualBox. The vulnerability stems from a failure of the Core component to properly handle privilege...

7.5CVSS7.7AI score0.00197EPSS
Exploits0
CNVD
CNVD
added 2026/04/22 12:0 a.m.9 views

Oracle VM VirtualBox Core Component Elevation of Privilege Vulnerability (CNVD-2026-18425)

Oracle VM VirtualBox is a desktop virtualization software developed by Oracle to run multiple operating systems on a single host. An elevation of privilege vulnerability exists in Oracle VM VirtualBox. The vulnerability stems from a failure of the Core component to properly handle privilege...

7.5CVSS7.7AI score0.00107EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

Oracle VM VirtualBox 安全漏洞

Oracle VM VirtualBox is a desktop virtualization software developed by Oracle to run multiple operating systems on a single host. An elevation of privilege vulnerability exists in Oracle VM VirtualBox. The vulnerability stems from a failure of the Core component to properly handle privilege...

7.5CVSS7.2AI score0.00197EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.8 views

Oracle VM VirtualBox 安全漏洞

Oracle VM VirtualBox is a desktop virtualization software developed by Oracle to run multiple operating systems on a single host. An elevation of privilege vulnerability exists in Oracle VM VirtualBox. The vulnerability stems from a failure of the Core component to properly handle privilege...

7.5CVSS7.2AI score0.00107EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.8 views

n.eko 输入验证错误漏洞

n.eko is a self-hosted virtual browser developed by Miroslav Šedivý, using Docker and WebRTC. Versions 3.0.0 to 3.0.10, as well as 3.1.0 to 3.1.1, have vulnerabilities related to input validation. These vulnerabilities allow any authenticated user to instantly gain complete control over the entir...

8.8CVSS5.8AI score0.00437EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/20 6:34 a.m.7 views

Malicious code in npm-doc-deploy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a8ae6448e13630c5243e98e1794e9b2f57b0e999d4c31687f0db0f1665496f9 The package npm-doc-deploy was found to contain malicious code. Source: ghsa-malware f7938c30cf6da645723648c4c43979c97d7c006933fb24ccab60154f1cc5d084...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/17 2:11 p.m.7 views

Malicious code in @than-xs/libsignal-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c613873d188e4ec1b5e30520478eb5e162c8f2b10cad3dd50e0973d9ca925034 The package @than-xs/libsignal-node was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2026/04/16 7:44 p.m.7 views

CVE-2026-33032: Nginx UI Missing MCP Authentication

Overview On March 30, 2026, a security advisory was published for a critical vulnerability affecting Nginx UI. Nginx UI is an open-source web interface to centralize the management of Nginx configurations and SSL certificates. The critical vulnerability, CVE-2026-33032, was reported in early Marc...

9.8CVSS7.3AI score0.38477EPSS
Exploits15
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/14 11:47 a.m.8 views

Malicious code in ms-affiliate-links (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 341048b16926b4d40796ca96aef3816934a2b84602c26451638154b6d90ab5d8 The package ms-affiliate-links was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
CISA KEV Catalog
CISA KEV Catalog
added 2026/04/14 12:0 a.m.10 views

Microsoft Office Remote Code Execution

Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that includes a malformed object...

9.3CVSS6.4AI score0.43063EPSS
In wildExploits4
RedhatCVE
RedhatCVE
added 2026/04/13 7:23 p.m.4 views

CVE-2026-33784

A Use of Default Password vulnerability in the Juniper Networks Support Insights JSI Virtual Lightweight Collector vLWC allows an unauthenticated, network-based attacker to take full control of the device. vLWC software images ship with an initial password for a high privileged account. A change ...

9.8CVSS5.8AI score0.00456EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/13 3:25 p.m.8 views

Malicious code in stats-api-js-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a84f9d7eef71d2b99a244ec63f5144ad80a0084e6c20fc903a1bbce208ad9777 The package stats-api-js-client was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/13 3:25 p.m.11 views

Malicious code in etsy-advocacy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 954b1d4bfe5cfc54379a9fc61d30f5941755592aea62781a2a17e175d6eb38f3 The package etsy-advocacy was found to contain malicious code. Source: ghsa-malware ecd69e1f886e5959e3de00ca5b1235a1c05bef9098aab53be35030cb7b8e007b...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/13 6:14 a.m.8 views

Malicious code in pubnub-element (npm)

Malicious scripts exfiltrate sensitive info username, path, hostname to a remote webhook via wget in test, preinstall & preupdate. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f1f86ef3c85074c2ca23cfd60296a4875f6bc610547f691543cef5f38e1788a The package...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/04/13 6:14 a.m.3 views

MAL-2026-2635 Malicious code in pubnub-element (npm)

Malicious scripts exfiltrate sensitive info username, path, hostname to a remote webhook via wget in test, preinstall & preupdate. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f1f86ef3c85074c2ca23cfd60296a4875f6bc610547f691543cef5f38e1788a The package...

5.8AI score
Exploits0References2
NVD
NVD
added 2026/04/09 10:16 p.m.11 views

CVE-2026-33784

A Use of Default Password vulnerability in the Juniper Networks Support Insights JSI Virtual Lightweight Collector vLWC allows an unauthenticated, network-based attacker to take full control of the device. vLWC software images ship with an initial password for a high privileged account. A change ...

9.8CVSS0.00456EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:36 p.m.2 views

CVE-2026-33784

A Use of Default Password vulnerability in the Juniper Networks Support Insights JSI Virtual Lightweight Collector vLWC allows an unauthenticated, network-based attacker to take full control of the device. vLWC software images ship with an initial password for a high privileged account. A change ...

9.8CVSS5.9AI score0.00456EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.11 views

CI4MS 访问控制错误漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.4.0 contained a access control vulnerability. This vulnerability stemmed from the reliance on volatile cache checks for routing protection, which could lead to ineffective protection when the...

8.1CVSS5.8AI score0.00421EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/01 9:10 a.m.13 views

Malicious code in base-or-engine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2deff4ab9db147fda78b79b3687e76c9d46381670c58924f03f852518002a649 The package base-or-engine was found to contain malicious code. Source: ghsa-malware d6d4b7d60db50af8f8a9614f9ac0a742cf6472998e11e6233c6190b518332958...

5.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/31 10:58 p.m.5 views

CVE-2026-33032

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP Model Context Protocol integration exposes two HTTP endpoints: /mcp and /mcpmessage. While /mcp requires both IP whitelisting and authentication AuthRequired middleware, the /mcpmessage endpoi...

9.8CVSS5.9AI score0.38477EPSS
Exploits4References1
Rows per page
Query Builder