1982 matches found
Oracle VM VirtualBox Core Component Elevation of Privilege Vulnerability (CNVD-2026-18539)
Oracle VM VirtualBox is a desktop virtualization software developed by Oracle to run multiple operating systems on a single host. An elevation of privilege vulnerability exists in Oracle VM VirtualBox. The vulnerability stems from a failure of the Core component to properly handle privilege...
Oracle VM VirtualBox Core Component Elevation of Privilege Vulnerability (CNVD-2026-18425)
Oracle VM VirtualBox is a desktop virtualization software developed by Oracle to run multiple operating systems on a single host. An elevation of privilege vulnerability exists in Oracle VM VirtualBox. The vulnerability stems from a failure of the Core component to properly handle privilege...
Oracle VM VirtualBox 安全漏洞
Oracle VM VirtualBox is a desktop virtualization software developed by Oracle to run multiple operating systems on a single host. An elevation of privilege vulnerability exists in Oracle VM VirtualBox. The vulnerability stems from a failure of the Core component to properly handle privilege...
Oracle VM VirtualBox 安全漏洞
Oracle VM VirtualBox is a desktop virtualization software developed by Oracle to run multiple operating systems on a single host. An elevation of privilege vulnerability exists in Oracle VM VirtualBox. The vulnerability stems from a failure of the Core component to properly handle privilege...
n.eko 输入验证错误漏洞
n.eko is a self-hosted virtual browser developed by Miroslav Šedivý, using Docker and WebRTC. Versions 3.0.0 to 3.0.10, as well as 3.1.0 to 3.1.1, have vulnerabilities related to input validation. These vulnerabilities allow any authenticated user to instantly gain complete control over the entir...
Malicious code in npm-doc-deploy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a8ae6448e13630c5243e98e1794e9b2f57b0e999d4c31687f0db0f1665496f9 The package npm-doc-deploy was found to contain malicious code. Source: ghsa-malware f7938c30cf6da645723648c4c43979c97d7c006933fb24ccab60154f1cc5d084...
Malicious code in @than-xs/libsignal-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c613873d188e4ec1b5e30520478eb5e162c8f2b10cad3dd50e0973d9ca925034 The package @than-xs/libsignal-node was found to contain malicious code. Source: ghsa-malware...
CVE-2026-33032: Nginx UI Missing MCP Authentication
Overview On March 30, 2026, a security advisory was published for a critical vulnerability affecting Nginx UI. Nginx UI is an open-source web interface to centralize the management of Nginx configurations and SSL certificates. The critical vulnerability, CVE-2026-33032, was reported in early Marc...
Malicious code in ms-affiliate-links (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 341048b16926b4d40796ca96aef3816934a2b84602c26451638154b6d90ab5d8 The package ms-affiliate-links was found to contain malicious code. Source: ghsa-malware...
Microsoft Office Remote Code Execution
Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that includes a malformed object...
CVE-2026-33784
A Use of Default Password vulnerability in the Juniper Networks Support Insights JSI Virtual Lightweight Collector vLWC allows an unauthenticated, network-based attacker to take full control of the device. vLWC software images ship with an initial password for a high privileged account. A change ...
Malicious code in stats-api-js-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a84f9d7eef71d2b99a244ec63f5144ad80a0084e6c20fc903a1bbce208ad9777 The package stats-api-js-client was found to contain malicious code. Source: ghsa-malware...
Malicious code in etsy-advocacy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 954b1d4bfe5cfc54379a9fc61d30f5941755592aea62781a2a17e175d6eb38f3 The package etsy-advocacy was found to contain malicious code. Source: ghsa-malware ecd69e1f886e5959e3de00ca5b1235a1c05bef9098aab53be35030cb7b8e007b...
Malicious code in pubnub-element (npm)
Malicious scripts exfiltrate sensitive info username, path, hostname to a remote webhook via wget in test, preinstall & preupdate. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f1f86ef3c85074c2ca23cfd60296a4875f6bc610547f691543cef5f38e1788a The package...
MAL-2026-2635 Malicious code in pubnub-element (npm)
Malicious scripts exfiltrate sensitive info username, path, hostname to a remote webhook via wget in test, preinstall & preupdate. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f1f86ef3c85074c2ca23cfd60296a4875f6bc610547f691543cef5f38e1788a The package...
CVE-2026-33784
A Use of Default Password vulnerability in the Juniper Networks Support Insights JSI Virtual Lightweight Collector vLWC allows an unauthenticated, network-based attacker to take full control of the device. vLWC software images ship with an initial password for a high privileged account. A change ...
CVE-2026-33784
A Use of Default Password vulnerability in the Juniper Networks Support Insights JSI Virtual Lightweight Collector vLWC allows an unauthenticated, network-based attacker to take full control of the device. vLWC software images ship with an initial password for a high privileged account. A change ...
CI4MS 访问控制错误漏洞
CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.4.0 contained a access control vulnerability. This vulnerability stemmed from the reliance on volatile cache checks for routing protection, which could lead to ineffective protection when the...
Malicious code in base-or-engine (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2deff4ab9db147fda78b79b3687e76c9d46381670c58924f03f852518002a649 The package base-or-engine was found to contain malicious code. Source: ghsa-malware d6d4b7d60db50af8f8a9614f9ac0a742cf6472998e11e6233c6190b518332958...
CVE-2026-33032
Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP Model Context Protocol integration exposes two HTTP endpoints: /mcp and /mcpmessage. While /mcp requires both IP whitelisting and authentication AuthRequired middleware, the /mcpmessage endpoi...