Lucene search
K

9206 matches found

ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-14961

Pegatron Tdelo64.sys exposes a privileged device interface, \.\TdeIo, that fails to properly restrict access to sensitive IOCTL functionality. The driver's IOCTL dispatcher does not validate caller privileges or verify user-supplied kernel memory addresses before performing memory operations. By...

6.2CVSS6.2AI score
Exploits1References2Affected Software1
CVE
CVE
added yesterday8 views

CVE-2026-14960

Pegatron's tdeio64.sys driver exposes the .TdeIo device interface, with IOCTLs including TDE_IOCTL_INDEXIO_READ/WRITE that permit unprivileged users to perform arbitrary hardware I/O port operations and, per CERT, arbitrary kernel memory access. This can lead to privilege escalation to NT AUTHORI...

6.2AI score
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday7 views

Malicious code in @fhkry/x-baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db9f6c3e5c391d9d3ffeb7f6c1b4154b0266efeb73bdf5543ad81f50236bdabc This package presents itself as a fork of @whiskeysockets/baileys impersonating the original author 'Adhiraj Singh' in package.json and exposing the...

6.1AI score
Exploits0References9
OSV
OSV
added yesterday3 views

MAL-2026-10665 Malicious code in @fhkry/x-baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db9f6c3e5c391d9d3ffeb7f6c1b4154b0266efeb73bdf5543ad81f50236bdabc This package presents itself as a fork of @whiskeysockets/baileys impersonating the original author 'Adhiraj Singh' in package.json and exposing the...

6.1AI score
Exploits0References9
OSV
OSV
added yesterday5 views

MAL-2026-10662 Malicious code in ssweb-wp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cdc75de95852418c3d695299d52199b24e52202b2e5595089b3107a73c1e86b The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
Nuclei
Nuclei
added yesterday64 views

BIQS IT Biqs-drive v1.83 Local File Inclusion

A local file inclusion vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user. id: CVE-2021-394...

7.5CVSS7AI score0.08449EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday51 views

11in1 CMS 1.2.1 - Local File Inclusion (LFI)

Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. dot dot in the class parameter to 1 index.php or 2 admin/index.php. id: CVE-2012-0996 info: name: 11in1 CMS 1.2.1 - Local File Inclusion LFI author: daffainfo...

5CVSS6.2AI score0.09794EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday85 views

MKdocs 1.2.2 - Directory Traversal

The MKdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain sensitive information. Note the vendor has disputed the vulnerability see references because the dev server must be used in an unsafe way namely public to have this...

7.5CVSS7AI score0.14759EPSS
Exploits2
Nuclei
Nuclei
added yesterday88 views

Lansweeper Unauthenticated SQL Injection

Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. id: CVE-2019-13462 info: name: Lansweeper Unauthenticated SQL Injection author: divyamudgal severity: critical description: Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. impact: | This vulnerability can lead to...

9.1CVSS7.1AI score0.1131EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday120 views

Fastjson Insecure Deserialization - Remote Code Execution

parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi-// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is...

10CVSS7.4AI score0.3897EPSS
Exploits2References6
Nuclei
Nuclei
added yesterday23 views

Landray EKP - Path Traversal

A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sysuicomponent/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal. It is possible to...

6.9CVSS6.2AI score0.05597EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday129 views

Vanna - SQL injection

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents . This can lead to...

9.8CVSS7.2AI score0.03452EPSS
Exploits0References4
OSV
OSV
added 2 days ago3 views

MAL-2026-10651 Malicious code in iwsdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66af3674e89512532e1448a9421b3318388094ff91bb2e8c32714670a7f5f2cc The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSV
OSV
added 2 days ago4 views

MAL-2026-10598 Malicious code in monitoring-service-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6fb0e7dea7e0302bc22488fbaf436dd36c0763f05ef494977822e8a1b7b3a1ab The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
Nuclei
Nuclei
added 2 days ago174 views

CMSimple 3.1 - Local File Inclusion

CMSimple 3.1 is susceptible to local file inclusion via cmsimple/cms.php when registerglobals is enabled which allows remote attackers to include and execute arbitrary local files via a .. dot dot in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including...

6.8CVSS6.4AI score0.18809EPSS
Exploits1References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in @amedit/vercel-builder-probe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fe0b29ddff65cbd65167ea905c448d928fc6da661d69df415993635bf1bd3bc When wired in as a @vercel/build-utils Builder and the exported build runs in a Vercel deployment pipeline, index.js reads the installer's...

6.1AI score
Exploits0References5
OSV
OSV
added 2 days ago4 views

MAL-2026-10548 Malicious code in @amedit/vercel-builder-probe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fe0b29ddff65cbd65167ea905c448d928fc6da661d69df415993635bf1bd3bc When wired in as a @vercel/build-utils Builder and the exported build runs in a Vercel deployment pipeline, index.js reads the installer's...

6.1AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago8 views

Malicious code in @flcik/flick.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d31c087b34f156cf2b5ae7070222a57e2d760d68f9c4c73721c2800eb7b6bf62 @flcik/[email protected] replicates the discord.js public API surface FlickClient, GatewayIntentBits, SlashCommandBuilder, ButtonStyle, MessageFlags, th...

6.1AI score
Exploits0References10
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago7 views

Malicious code in nodemon-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1d2f1b3c8848137e0ec6a9897d6f4056102623f1139549c9dd928fcb4482e69 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSV
OSV
added 3 days ago3 views

MAL-2026-10513 Malicious code in nodemon-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1d2f1b3c8848137e0ec6a9897d6f4056102623f1139549c9dd928fcb4482e69 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
Rows per page
Query Builder