Lucene search
K

1917 matches found

EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43116

OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workflow. The application stores an attacker‑supplied filename progfile directly into the Programs.File database field and later uses this value as the destination path for an...

9.9CVSS6.2AI score0.00616EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/29 7:10 p.m.26 views

CVE-2026-54888 Uncontrolled recursion over deeply nested Markdown crashes the BEAM in mdex

Uncontrolled Recursion vulnerability in leandrocp mdex allows denial of service via deeply nested Markdown input. mdex converts between an Elixir %MDEx.Document struct and Comrak's internal AST using two mutually recursive Rust functions, exdocumenttocomrakast and comrakasttoexdocument, in the NI...

6.9CVSS0.00168EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 6:52 p.m.4 views

EEF-CVE-2026-53428 Unbounded memory allocation in highlight_lines range expansion in mdex

Summary Memory Allocation with Excessive Size Value vulnerability in leandrocp mdex allows an unauthenticated attacker to cause a denial of service through unbounded memory allocation. comrak\nif::lumis\adapter::LumisAdapter::parse\highlight\lines in native/comrak\nif/src/lumis\adapter.rs eagerly...

6.9CVSS5.9AI score0.00142EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 1:1 a.m.14 views

Malicious code in weavedb-console (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9cb1233d729c7aefcbe9024196bb4af52f78854aa5ed7f46afb4fa9cd59918c1 package.json declares "preinstall": "./src/compiler/native", which auto-executes a 976 KB stripped Linux ELF binary on every npm install. The binary ...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 1:1 a.m.14 views

Malicious code in weavedb-sdk-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40b4b0c5f79c0370a77c3b559b70389ffee591aa22c76ca15c4077fe95b5078e package.json declares "preinstall": "./bin/install-deps", pointing at a 976KB packed Linux x86-64 ELF binary shipped in the tarball sha256...

6.3AI score
Exploits0References3
OSV
OSV
added 2026/05/26 1:1 a.m.12 views

MAL-2026-4482 Malicious code in arnext (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d689a27b5cc929562b684a7181549d3770de331a9f57120881d8060294b6e5f package.json declares "preinstall": "./vendor/setup", which runs a 976,568-byte Linux ELF binary on every npm install. The package's stated purpose i...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/05/26 1:0 a.m.10 views

MAL-2026-4713 Malicious code in wdb-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ddd306d024c4dd394d19c1adb610389f239fa619d25fff4f75b857a678da0ee package.json declares "preinstall": "./vendor/setup", which on every npm install invokes a 976568-byte Linux x86 ELF binary shipped inside the packag...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/05/22 1:29 p.m.14 views

MAL-2026-4763 Malicious code in pulumi-vcd (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08bbc8be2cfa9a85473b0287e3c327b16c3f9e15886869bd9e2188a323448fd9 Package pulumivcd is published with metadata mimicking an official Pulumi SDK Homepage https://www.pulumi.com, tfgen-style auto-generated bindings bu...

6AI score
Exploits0References2
OSV
OSV
added 2026/05/20 12:16 p.m.7 views

MAL-2026-4428 Malicious code in @rspack-debug/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c05c92aa1796614da12b282390f160fef2a5c63aba9a3257af956c19df341ce5 Package @rspack-debug/[email protected] impersonates the popular @rspack/core bundler. The README, description 'Fast Rust-based bundler for the web with a...

5.9AI score
Exploits0References1
CNVD
CNVD
added 2026/04/10 12:0 a.m.5 views

OpenClaw has an unspecified vulnerability (CNVD-2026-17487)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to execute native code after an operator approves misleading command text...

8CVSS5.9AI score0.00272EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.7 views

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to execute native code after an operator approves misleading command text...

8CVSS5.9AI score0.00272EPSS
Exploits0References2
OSV
OSV
added 2026/03/30 4:16 p.m.6 views

ALPINE-CVE-2026-21712

A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...

5.7CVSS6.2AI score0.00325EPSS
Exploits0References1
OSV
OSV
added 2026/03/30 4:16 p.m.5 views

UBUNTU-CVE-2026-21712

A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...

5.7CVSS5.8AI score0.00325EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/30 3:13 p.m.32 views

CVE-2026-21712

A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...

5.7CVSS0.00325EPSS
Exploits0References2
CVE
CVE
added 2026/03/30 3:13 p.m.22 views

CVE-2026-21712

CVE-2026-21712 affects the Node.js package nodejs24 for versions less than 24.14.1-1 . The issue is a flaw in Node.js URL processing that triggers an assertion failure in native code when url.format() is called with a malformed internationalized domain name (IDN) containing invalid characters, cr...

5.7CVSS6.2AI score0.00325EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/03/04 6:16 p.m.527 views

Exploit for Integer Overflow or Wraparound in Apple Ipados

Coruna: Full-Chain Safari/WebKit Exploit Kit Research & Ana...

8.8CVSS7.6AI score0.51517EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2026/02/25 10:16 a.m.6 views

CVE-2025-40539

A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services...

9.1CVSS6AI score0.00445EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/25 10:16 a.m.9 views

CVE-2025-40541

An Insecure Direct Object Reference IDOR vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because...

9.1CVSS5.7AI score0.0057EPSS
Exploits0References1
NVD
NVD
added 2026/02/24 8:16 a.m.13 views

CVE-2025-40541

An Insecure Direct Object Reference IDOR vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because...

9.1CVSS0.0057EPSS
Exploits0References2
OSV
OSV
added 2026/02/24 8:16 a.m.10 views

CVE-2025-40541

An Insecure Direct Object Reference IDOR vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because...

7.2CVSS6AI score0.0057EPSS
Exploits0References2
Rows per page
Query Builder