Lucene search
K

277 matches found

OSV
OSV
added 2 days ago5 views

MAL-2026-10467 Malicious code in polymarket-stake-kelly-math (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01715ebd11c8adf6ac26ce11bc5fc07e6cfb6775fa77dbe1ca022d0d6593b99c [email protected] ships a postinstall script scripts/install-check.cjs referenced by package.json's postinstall hook that on every np...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/29 6:4 a.m.5 views

MAL-2026-6584 Malicious code in poly-kelly (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d3df5266b6e9d9347844e4e054ab744aad9517c6f55df4e68e6c6815e843da7 On npm install, the package's postinstall script reads the homepage field from package.json set to...

5.9AI score
Exploits0References5
FreeBSD
FreeBSD
added 2026/06/24 12:0 a.m.6 views

rclone -- Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation

https://github.com/rclone/rclone/security/advisories/GHSA-qw24-gh76-8rvv reports: Rclone is a command-line program to sync files and directories to and from different cloud storage providers.From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of...

9.8CVSS5.9AI score0.00701EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 12:0 p.m.7 views

MAL-2026-6155 Malicious code in designsystem-vector (npm)

The npm package designsystem-vector published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.5AI score
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.11 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the lack of authorization verification for the key management API endpoints involved in cellular eSIM allocation. As a result,...

8.3CVSS5.3AI score0.00168EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.12 views

TOTOLINK A8000RU 操作系统命令注入漏洞

The TOTOLINK A8000RU is a wireless router from China's Gion Electronics TOTOLINK. The Totolink A8000RU version 7.1cu.643b20200521 suffers from an OS command injection vulnerability that originates from the enable operation of the parameter of the function setRemoteCfg in the Web Management...

10CVSS7.3AI score0.01732EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 8:54 a.m.13 views

Malicious code in @hanssoft/libsignal-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 063fa3a06df50a8c53c5eb05ac4d1214e6fa1edfb18d03c8484fa2014190659a Package name impersonates the well-known libsignal-node Signal Protocol library and ships a verbatim copy of its README, but the code is unrelated. O...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/21 8:54 a.m.9 views

MAL-2026-4393 Malicious code in @hanssoft/libsignal-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 063fa3a06df50a8c53c5eb05ac4d1214e6fa1edfb18d03c8484fa2014190659a Package name impersonates the well-known libsignal-node Signal Protocol library and ships a verbatim copy of its README, but the code is unrelated. O...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/19 6:39 p.m.10 views

MAL-2026-4478 Malicious code in alya-baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 473103f2220a0215abf49be7e46ec1748052935ce188e0eee6ded08af7b47cf1 alya-baileys is a fork of the Baileys WhatsApp library that adds a hidden, remotely-controlled action channel against the installer's authenticated...

5.8AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.7 views

PT-2026-35768

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.2 Description An arbitrary directory deletion issue exists in mirror mode. Attackers can delete remote directories by influencing the remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values. By...

8.1CVSS6AI score0.00371EPSS
Exploits0References6
OSV
OSV
added 2026/04/03 9:42 p.m.2 views

GHSA-GFMV-VH34-H2X5 Signal K Server: Unauthenticated Source Priorities Manipulation

Summary The SignalK Server exposes an unauthenticated HTTP endpoint that allows remote attackers to modify navigation data source priorities. This endpoint, accessible via PUT /signalk/v1/api/sourcePriorities, does not enforce authentication or authorization checks and directly assigns...

7.5CVSS5.9AI score0.0031EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/16 3:30 p.m.7 views

EUVD-2026-12307

Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration...

5.3CVSS5.9AI score0.00282EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/16 4:32 a.m.30 views

CVE-2026-20995

Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration...

5.3CVSS0.00282EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.9 views

SAMSUNG Smart Switch 安全漏洞

Samsung Smart Switch is a data migration tool developed by South Korea’s Samsung Corporation. Versions of Samsung Smart Switch prior to 3.7.69.15 contained security vulnerabilities. These vulnerabilities stemmed from exposing sensitive functions to unauthorized participants, potentially allowing...

5.3CVSS5.8AI score0.00282EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.8 views

PT-2026-25600

Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration...

5.3CVSS5.9AI score0.00282EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/21 1:28 a.m.7 views

CVE-2026-26322

OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Gateway tool accepted a tool-supplied gatewayUrl without sufficient restrictions, which could cause the OpenClaw host to attempt outbound WebSocket connections to user-specified targets. This requires the ability to...

7.6CVSS5.7AI score0.00336EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/02/17 12:0 a.m.270 views

📄 n8n Workflow Automation Remote Configuration / Admin Data Extraction

This Metasploit module exploits multiple vulnerabilities in n8n workflow automation tool. It leverages a file read vulnerability to steal encryption keys and database, then uses stolen credentials to authenticate and execute arbitrary commands via the Execute Command node...

10CVSS9AI score0.71647EPSS
Exploits18
Vulnrichment
Vulnrichment
added 2026/02/06 11:14 p.m.2 views

CVE-2020-37157 DBPower C300 HD Camera - Remote Configuration Disclosure

DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by...

8.7CVSS5.5AI score0.004EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/06 11:14 p.m.3 views

CVE-2020-37146 Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure

ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files. Attackers can access the camera's configuration backup by sending a GET request to the /configbackup.bin endpoint, exposing credentia...

8.7CVSS5.5AI score0.00414EPSS
Exploits0References4
CVE
CVE
added 2026/02/06 11:14 p.m.14 views

CVE-2020-37146

CVE-2020-37146 affects ACE Security WiP-90113 HD Camera. A configuration disclosure vulnerability allows unauthenticated attackers to retrieve sensitive configuration files by sending a GET request to /config_backup.bin, exposing credentials and system settings. Exploitation context and impact ar...

8.7CVSS5.4AI score0.00414EPSS
Exploits0References4
Rows per page
Query Builder