Lucene search
K

1071 matches found

OSV
OSV
added 2026/05/20 8:21 a.m.13 views

MAL-2026-4197 Malicious code in pretty-logger-utils (npm)

pretty-logger-utils is a malicious npm package that depends on terminal-logger-utils and triggers the malicious behavior in that package when installed or imported. The terminal-logger-utils payload executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/20 6:43 a.m.19 views

MAL-2026-4198 Malicious code in terminal-logger-utils (npm)

terminal-logger-utils is a malicious npm package that when installed executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper checks the current system, downloads a platform-specific second-stage binary from Hugging Face, and executes it. The second-stage paylo...

5.9AI score
Exploits0References3
NVD
NVD
added 2026/05/15 8:16 p.m.23 views

CVE-2026-45331

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, validateurl in backend/openwebui/retrieval/web/utils.py calls validators.ipv6ip, private=True, but the validators library does NOT implement the private keyword for IPv6 — the call...

8.5CVSS0.00286EPSS
Exploits1References1
OSV
OSV
added 2026/05/14 7:25 p.m.8 views

MAL-2026-3763 Malicious code in exxpress-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfa81f7c144d5feeea9c49254fbeec68f8271460d4a51efd5757a62b251c05f2 The package declares scripts.postinstall pointing at postinstall.js, which runs automatically on npm install. The script performs three...

5.8AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/12 8:22 p.m.9 views

CVE-2026-36962

SQL Injection in MuuCMF T6 v1.9.4.20260115 allows an unauthenticated attacker to compromise the entire database, achieve unauthorized administrative access, and potentially gain remote code execution by writing malicious files to the server's file system via the keyword parameter in the...

7.3CVSS6.5AI score0.00363EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 6:31 p.m.9 views

EUVD-2026-29112

SQL Injection in MuuCMF T6 v1.9.4.20260115 allows an unauthenticated attacker to compromise the entire database, achieve unauthorized administrative access, and potentially gain remote code execution by writing malicious files to the server's file system via the keyword parameter in the...

6.5AI score0.00363EPSS
Exploits0References3
NVD
NVD
added 2026/05/11 6:16 p.m.14 views

CVE-2026-36962

SQL Injection in MuuCMF T6 v1.9.4.20260115 allows an unauthenticated attacker to compromise the entire database, achieve unauthorized administrative access, and potentially gain remote code execution by writing malicious files to the server's file system via the keyword parameter in the...

7.3CVSS0.00363EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/11 12:0 a.m.33 views

CVE-2026-36962

SQL Injection in MuuCMF T6 v1.9.4.20260115 allows an unauthenticated attacker to compromise the entire database, achieve unauthorized administrative access, and potentially gain remote code execution by writing malicious files to the server's file system via the keyword parameter in the...

0.00363EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.13 views

MuuCmf 安全漏洞

MuuCmf is an open-source application development framework created by Dameng100. Version MuuCMF T6 1.9.4.20260115 contains a security vulnerability. This vulnerability stems from the keyword parameter in the /index/controller/Search.php endpoint, which exposes a SQL injection vulnerability. It...

7.3CVSS6.3AI score0.00363EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/10 4:27 p.m.96 views

CyberThreat-Nlp-Intelligence-System

🛡️ CyberGuard AI — Cyber Threat Intelligence System An AI-p...

5.8AI score
Exploits0
CloudLinux
CloudLinux
added 2026/05/02 1:1 a.m.13 views

cups: Fix of CVE-2026-34980

CVE-2026-34980: filter control characters from option values in the scheduler to prevent PPD keyword injection via Print-Job...

7.5CVSS6AI score0.00502EPSS
Exploits1
OSV
OSV
added 2026/05/02 1:1 a.m.5 views

CLSA-2026-1777541087 cups: Fix of CVE-2026-34980

CVE-2026-34980: filter control characters from option values in the scheduler to prevent PPD keyword injection via Print-Job...

7.5CVSS5.8AI score0.00502EPSS
Exploits1References1
OSV
OSV
added 2026/04/29 4:31 p.m.7 views

CLSA-2026-1777480298 cups: Fix of CVE-2026-34980

CVE-2026-34980: filter control characters from option values in the scheduler to prevent PPD keyword injection via Print-Job...

7.5CVSS6AI score0.00502EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/28 4:30 p.m.29 views

CVE-2026-7290 JeecgBoot loadDict Endpoint SqlInjectionUtil.java SqlInjectionUtil sql injection

A vulnerability was determined in JeecgBoot up to 3.9.1. Impacted is the function SqlInjectionUtil of the file jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.java of the component loadDict Endpoint. This manipulation of the argument keyword causes sql...

6.5CVSS0.00204EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.8 views

JeecgBoot 注入漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier contained an injection vulnerability. This vulnerability stemmed from the parameter keyword in the SqlInjectionUtil function of the component.loadDi...

6.5CVSS6.7AI score0.00204EPSS
Exploits0References1
OSV
OSV
added 2026/04/27 6:33 p.m.12 views

JLSEC-2026-271 Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key...

Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is...

7.5CVSS5.6AI score0.00435EPSS
Exploits0References6
OSV
OSV
added 2026/04/24 4:18 p.m.7 views

CLSA-2026-1777042487 Fix CVE(s): CVE-2026-34980

SECURITY UPDATE: filter control characters from option values in the scheduler to prevent PPD keyword injection via Print-Job. - debian/patches/CVE-2026-34980.patch: filter out control characters from IPP option values in scheduler/job.c and filter out special PPD keywords in the CUPSDLOGPPD bran...

7.5CVSS6AI score0.00502EPSS
Exploits1References1
NVD
NVD
added 2026/04/23 8:16 p.m.5 views

CVE-2026-41268

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined wi...

9.8CVSS0.13789EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/23 7:13 p.m.10 views

CVE-2026-41268

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined wi...

7.7CVSS7.5AI score0.13789EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/04/19 9:30 a.m.5 views

EUVD-2026-23688

A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of the file /index/Search/index.html. Executing a manipulation of the argument keyword can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be use...

7.5CVSS6.8AI score0.00274EPSS
Exploits0References5
Rows per page
Query Builder