Lucene search
+L

3177 matches found

CVE
CVE
added 2 days ago7 views

CVE-2026-14371

The vulnerability CVE-2026-14371 affects Lenovo XClarity Integrator for Windows Admin Center plugin (WAC Gateway) version 5.1.1 and earlier. The issue is a Powershell Command Injection when establishing remote PowerShell commands, with a CVSS v4.0 base score of 8.8 (HIGH) and impact across confid...

8.8CVSS6.1AI score0.00757EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-14371

The Lenovo XClarity Integrator for Windows Admin Center plugin version 5.1.1 and below running on the WAC Gateway is vulnerable to Powershell Command Injection when establishing remote PowerShell commands...

8.8CVSS6.1AI score0.00757EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2 days ago8 views

New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands

Cybersecurity researchers have called attention to a new modular malware called TELEPUZ that's been spreading via websites infected with ClickFix lures since late April 2026. "The malware is full-featured, lightweight, and modular," Elastic Security Labs researcher Cyril François said in a...

6.4AI score
Exploits0
Nuclei
Nuclei
added 2 days ago10 views

Sunflower Simple and Personal 1.0.1.43315 - Remote Code Execution

Sunlogin Sunflower Simplified aka Sunflower Simple and Personal 1.0.1.43315 is vulnerable to a path traversal issue. A remote and unauthenticated attacker can execute arbitrary programs on the victim host by sending a crafted HTTP request, as demonstrated by /check?cmd=ping../ followed by the...

9.8CVSS7.2AI score0.56787EPSS
Exploits1References5
NVD
NVD
added 4 days ago8 views

CVE-2026-40400

Relative path traversal in Windows PowerShell allows an authorized attacker to execute code over a network...

8CVSS0.00588EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago25 views

CVE-2026-40400 Windows PowerShell Remote Code Execution Vulnerability

...

8CVSS0.00588EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 4 days ago4 views

CVE-2026-40400 Windows PowerShell Remote Code Execution Vulnerability

...

8CVSS6.1AI score0.00588EPSS
Exploits0References1
CVE
CVE
added 4 days ago13 views

CVE-2026-40400

CVE-2026-40400 is a Windows PowerShell relative path traversal vulnerability that could enable an authorized attacker to execute code over a network. The CVE entry identifies a remote code execution risk with NETWORK attack vector, LOW attack complexity, and LOW privileges required, but with UI i...

8CVSS6.2AI score0.00588EPSS
Exploits0References1Affected Software12
Microsoft CVE
Microsoft CVE
added 4 days ago6 views

Windows PowerShell Remote Code Execution Vulnerability

Relative path traversal in Windows PowerShell allows an authorized attacker to execute code over a network...

8CVSS6.2AI score0.00588EPSS
Exploits0
Kaspersky
Kaspersky
added 4 days ago4 views

KLA91145 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products ESU. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, gain privileges, obtain sensitive information, perform cross-site scripting attack, read local files,...

6.9AI score
Exploits0References347
Kaspersky
Kaspersky
added 4 days ago7 views

KLA91153 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, gain privileges, obtain sensitive information, spoof user interface. Below is a complete list of...

7.5AI score
Exploits0References432
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago11 views

Malicious code in auto-debug-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8dd31c11b5149d8dd2142c81cc066576dc799ba4dae4599a9569cb56256417ec package.json declares a postinstall hook node install.js that fires automatically on npm install. On Windows, install.js invokes hidden PowerShell -N...

6.1AI score
Exploits0References4
OSV
OSV
added 2026/07/10 3:41 p.m.4 views

MGASA-2026-0240 Updated vim packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Arbitrary Code Execution via Python Omni-Completion in Vim 9.1.1783 && Vim = 9.2.0320 && Vim 9.2.0679. CVE-2026-57454 Out-of-bounds Write in SOFO Soundfolding in Vim 9.2.0698. CVE-2026-57455 Arbitrary Code Execution via Python Omni-Completion...

8.4CVSS6.2AI score0.00303EPSS
Exploits0References34
Mageia
Mageia
added 2026/07/10 3:41 p.m.7 views

Updated vim packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Arbitrary Code Execution via Python Omni-Completion in Vim 9.1.1783 && Vim = 9.2.0320 && Vim 9.2.0679. CVE-2026-57454 Out-of-bounds Write in SOFO Soundfolding in Vim 9.2.0698. CVE-2026-57455 Arbitrary Code Execution via Python Omni-Completion...

8.4CVSS6.2AI score0.00303EPSS
Exploits0References33
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/09 3:55 p.m.13 views

Malicious code in multer-orm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fb45c09aa7a237b2b9ff18ccf6426b76a4f46e5ea665c7747f35a345940e161 multer-orm is a typosquat of the widely used multer middleware. Its README is copied from multer, but the package adds a load-time dropper in...

6.7AI score
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.6 views

Devolutions Remote Desktop Manager 2026.2.5 < 2026.2.12 Code Execution (DEVO-2026-0021)

The version of Devolutions Remote Desktop Manager installed on the remote host is 2026.2.5 through 2026.2.11. It is, therefore, affected by a code execution vulnerability: - Incorrect link resolution by display name in the custom PowerShell VPN editor allows an authenticated attacker with write...

7.2CVSS6.5AI score0.00278EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 5:22 p.m.14 views

GHSA-J472-GF56-X589 OpenClaw: PowerShell encoded-command aliases could miss exec allowlist checks

Summary PowerShell encoded-command aliases could miss exec allowlist checks. In affected versions, a command request using abbreviated encoded-command flags could use an alias form not recognized by the allowlist parser. This advisory is scoped to the named feature and configuration. It does not...

8.7CVSS6AI score0.00451EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2026/07/02 4:5 p.m.32 views

Fake Google and Cloudflare verification pages spread multiple malware families

Updated July 6 to add connections with SyncTDS and TrafficTDS ClickFix attacks, which trick people into running malicious commands themselves, continue to evolve. This latest campaign uses fake Google and Cloudflare verification pages to convince victims to infect their own devices. A single...

6.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.8 views

Vim 9.1.1784 < 9.2.0678 Command Injection (GHSA-x5fg-h5w9-9frf)

The version of Vim installed on the remote host is between 9.1.1784 and 9.2.0678 exclusive. It is, therefore, affected by a vulnerability. - When the bundled zip plugin autoload/zip.vim falls back to PowerShell to browse, read, extract, update or delete entries in a zip archive, it builds the...

7.3CVSS6.3AI score0.00137EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/07/01 5:18 p.m.31 views

VEIL#DROP Malware Chain Uses Blogger Platform to Deliver PureLogs Stealer

Cybersecurity researchers have flagged a new multi-stage malware delivery attack chain that uses social engineering and Blogger pages to deliver an information stealer called PureLogs. The activity has been codenamed VEILDROP by Securonix. It's suspected that the initial payloads are distributed...

6.1AI score
Exploits0
Rows per page
Query Builder