Lucene search
K

11760 matches found

Nuclei
Nuclei
added 14 hours ago69 views

SolarView 6.00 - Remote Command Execution

SolarView Compact 6.00 is vulnerable to a command injection via networktest.php. id: CVE-2022-40881 info: name: SolarView 6.00 - Remote Command Execution author: For3stCo1d severity: critical description: | SolarView Compact 6.00 is vulnerable to a command injection via networktest.php. impact: |...

9.8CVSS7AI score0.29451EPSS
Exploits2References5
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in tipsen-poc-again (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0977477bc81c656f52fb981657983580b411dda6d2c6766ba4d6a35fe4ae970 package.json declares its sole runtime dependency safe-chain-test as an HTTPS tarball URL pointing at a trycloudflare.com quick-tunnel host...

6.3AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in another-poc-by-tipsen (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1bd73ac39644da27df81fcbc6540647d0f13d77419a07997a8ca0a2baa6164e package.json declares a dependency safe-chain-test sourced from a tarball URL on an anonymous Cloudflare tunnel host...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-316 cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes

Summary utils.getsharedsecret always returns -1 - allows anyone to connect to cobbler XML-RPC as user '' password -1 and make any changes. Details utils.py getsharedsecret: def getsharedsecret - Unionstr, int: """ The 'web.ss' file is regenerated each time cobblerd restarts and is used to agree o...

9.8CVSS7.3AI score0.03948EPSS
Exploits6References7
OSV
OSV
added 2026/06/25 2:16 a.m.9 views

MAL-2026-6413 Malicious code in poc-publish-test-su-doughnym (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e75d35af77b8871936717cc37537673789177cdd056f7f4d2c21c32b2be5f65 Package contains no observed installer-side harmful behavior. No exfiltration, no install-time fetch-and-execute, no silent-relay, no credential...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 2:11 p.m.10 views

Malicious code in ttal2ttml (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29387ac35a2248ad2e4b287b8c082f8d1a8d03b4937fc84a5b81fb85697e19d4 package.json declares a preinstall lifecycle script that runs node -e "tryrequire'childprocess'.execSync'curl -sf...

5.8AI score
Exploits0References5
GithubExploit
GithubExploit
added 2026/06/20 3:43 a.m.123 views

ghidra-12.1.2-rce-ace-calc-poc

Ghidra 12.1.2 Conditional ACE/RCE Calc PoCs This repository p...

6.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.14 views

PT-2026-50604

Name of the Vulnerable Software and Affected Versions Capsule version 0.13.2 Description A typo in the webhook rules of the software causes a failure in the defense mechanism for the namespaces/finalize subresource. The configuration uses the singular namespace/finalize instead of the plural...

5.7CVSS5.9AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 10:30 p.m.14 views

Malicious code in backoffice-charges-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 047eb92a0e8bb401b2c205765616c9b4b715ee7cfd33d2e6ef9dc8d645b77f04 On every npm install, the preinstall lifecycle script node index.js /dev/null 2&1 silently HTTPS-POSTs a JSON payload to https://avamnrwqo7.rbmock.de...

5.8AI score
Exploits0References4
GithubExploit
GithubExploit
added 2026/06/15 7:52 p.m.66 views

VulnAnalyzer

🔍 VulnAnalyzer 2.1 A comprehensive automated vulnerability...

6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:16 p.m.16 views

Malicious code in @oplus/obus-web-sdk-plugin-recovery (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a7435b09e6ec064fe7ff0738becd8dd3445f1a73e97427a8fb9285460bd4f723 @oplus/[email protected] publishes to a likely-private internal scope at an artificially high version to win resolution against a...

5.4AI score
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/09 2:31 p.m.67 views

poc-lab-pro

poc-lab-pro Recent CVE PoC & reproduction scripts. Focused on...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.12 views

CVE-2026-44547

ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then silently stripped from src/api/routes/public/public-user.php by an unrelated PR before any 7.2.x tag was cut. Every shipped 7.2.x release...

9.6CVSS5.5AI score0.00209EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/02 7:3 a.m.90 views

hermes-sidecar-poc

Hermes PoC — Pod + Nacos + Math microservice Dubbo Triple S...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/28 5:38 a.m.132 views

CIFSwitch

CIFSwitch CVE-2026-46243 Writeuphttps://heyitsas.im/post...

7.8CVSS5.8AI score0.00353EPSS
Exploits4
GithubExploit
GithubExploit
added 2026/05/27 8:5 a.m.91 views

PHANTOM_old

PHANTOM Autonomous Penetration Testing Framework Recon -...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.15 views

PT-2026-44400

Name of the Vulnerable Software and Affected Versions Notepad++ versions prior to 8.9.6.1 Description An issue exists in the processing of the commandLineInterpreter parameter within the config.xml configuration file. The software fails to neutralize special elements, which allows an attacker to...

7.8CVSS6.3AI score0.01314EPSS
Exploits5References31
OSV
OSV
added 2026/05/25 1:57 p.m.12 views

MAL-2026-4688 Malicious code in tempo-shared-modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc05637e4f67c7a00ac3b790680f46174243df9c2740a161a029d4b266a79839 On npm install, the preinstall script poc.js collects host identity hostname, username, OS/platform, network configuration ipconfig / ip a /...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/05/25 1:49 a.m.8 views

MAL-2026-4623 Malicious code in npm-builderio-qwik-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11a743cdce28dd141d636ff13baaee44df53fbaaed17efdc5a7380281b7097e1 The package's main entry index.js is a working browser exploit, not a library. When loaded in a DOM context, it creates a hidden iframe pointing at...

5.9AI score
Exploits0References5
OSV
OSV
added 2026/05/21 10:33 p.m.8 views

MAL-2026-4540 Malicious code in crypt0co-walet-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5510d98b1e380f6c130bf9b4428321d711ae88d8a4fcb66368a2f6fb4e7ff58 On require/import, index.js lines 6-12 serializes the full process.env to /tmp/pocimpact.json and runs whoami and ip addr via execSync to fingerprint...

6AI score
Exploits0References1
Rows per page
Query Builder