58895 matches found
DataEase - Remote Code Execution
DataEase is an open-source business intelligence and data visualization platform. Public advisories state that CVE-2025-49002 is related to a bypass in the previous fix for CVE-2025-32966 involving case-insensitive handling of restricted H2 JDBC keywords. This template is a non-invasive detection...
Lantronix PremierWave 2050 8.9.0.0R4 - Remote Command Injection
Lantronix PremierWave 2050 8.9.0.0R4 contains an OS command injection vulnerability. A specially-crafted HTTP request can lead to command in the Web Manager Wireless Network Scanner. An attacker can make an authenticated HTTP request to trigger this vulnerability. id: CVE-2021-21881 info: name:...
Linux Distros Unpatched Vulnerability : CVE-2026-14461
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mtr is vulnerable to Out-of-bound read vulnerability in ipinfolookup function. An attacker who can influence the TXT response used for AS lookups can trigger th...
FTP Fetch, Linux Command Shell, Bind TCP Random Port Inline
Fetch and execute an x64 payload from an FTP server. Listen for a connection in a random port and spawn a command shell. Use nmap to discover the open port: 'nmap -sS target -p-'. Module Options msf use payload/cmd/linux/ftp/x64/shellbindtcprandomport msf payloadshellbindtcprandomport show action...
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 29, 2026 to July 5, 2026)
Last week, there were 250 vulnerabilities disclosed in 181 WordPress Plugins and 41 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 101 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabiliti...
openSUSE 16: clamav / clamav-devel / clamav-milter / libclamav12 / etc (openSUSE-SU-2026:21252-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21252-1 advisory. Update to version 1.5.3. Security issues fixed: - CVE-2026-20213: out-of-bounds write due to improper boundary checks for content in PE files...
CVE-2026-59874 node-tar: Negative tar entry size causes infinite loop in archive replace
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 encoded entry size, causing the archive scanner to make no progress while repeatedly parsing the same header. This issue is fixed in version 7.5.18...
[SECURITY] Fedora 43 Update: betterleaks-1.6.0-1.fc43
A Better Secrets Scanner built for configurability and speed...
[SECURITY] Fedora 44 Update: betterleaks-1.6.0-1.fc44
A Better Secrets Scanner built for configurability and speed...
BeyondTrust Remote Support (RS) < 25.3.3 Multiple Vulnerabilities (BT26-03)
The version of BeyondTrust Remote Support RS running on the remote host is prior to 25.3.3. It is, therefore, affected by multiple vulnerabilities, including: - A critical pre-authentication vulnerability in the authentication subsystem. Improper validation of authentication data may allow a...
[SECURITY] Fedora 43 Update: clamav-1.4.5-1.fc43
Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...
[SECURITY] Fedora 43 Update: rust-wayland-scanner-0.31.10-3.fc43
Wayland Scanner for generating rust APIs from XML wayland protocol files...
[SECURITY] Fedora 44 Update: rust-wayland-scanner-0.31.10-3.fc44
Wayland Scanner for generating rust APIs from XML wayland protocol files...
MAL-2026-6795 Malicious code in zod-pino444 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 560c3d47344d4da5dffac230236b5248d2f1856c221ffac7ff72d4e3b197957b Package [email protected] is a credential/secret harvester disguised behind a benign-sounding name. scripts/postinstall-agent.mjs is a...
Linux Distros Unpatched Vulnerability : CVE-2018-25282
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential...
Deserialization of Untrusted Data
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the numpy.f2py.crackfortran process. An attacker can execute arbitrary code by crafting malicious pickle...
CVE-2025-71347 picklescan - Undetected Remote Code Execution via numpy.f2py.crackfortran.param_eval
picklescan before 0.0.33 fails to detect malicious pickle files using numpy.f2py.crackfortran.parameval function in reduce methods, allowing attackers to bypass security checks. Remote attackers can embed undetected code in pickle files that executes during deserialization, enabling arbitrary cod...
CVE-2025-71345 picklescan - Arbitrary Code Execution via torch.utils.bottleneck.__main__.run_autograd_prof
picklescan before 0.0.30 fails to detect malicious pickle files that invoke torch.utils.bottleneck.main.runautogradprof function. Attackers can embed undetected code in pickle files that executes during deserialization, enabling remote code execution...
Linux Distros Unpatched Vulnerability : CVE-2026-14604
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was determined in Open Asset Import Library Assimp up to 6.0.4. Affected is the function Assimp::Exporter::ExportToBlob of the file...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper error handling in the pre-receive process when processing input with bufio.Scanner. An attacker can bypass branch-protection checks by submitting oversized input that triggers scanner errors...