Lucene search
K

7926 matches found

Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.12 views

PT-2026-48749

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.27 Description An arbitrary code execution issue exists in skill install flows. This occurs because workspace .env files can override the Homebrew executable selection, allowing attackers with access to truste...

8.8CVSS6.2AI score0.00298EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.14 views

PT-2026-48730

Name of the Vulnerable Software and Affected Versions Hermes WebUI versions prior to 0.51.358 Description Improper access control allows unauthenticated remote attackers to hijack the initial setup process. By sending a POST request to the settings API endpoint without network origin restrictions...

9.4CVSS5.5AI score0.00543EPSS
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 10:38 p.m.8 views

Malicious code in icinga (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbedb312e9cfe0f5cc7783487adc963f142ebcaefa0fb9305a9a535f373b052d PyPI package 'icinga' at version 99.1.0 is a dependency-confusion / typosquat lure against the Icinga monitoring project. It ships no real...

5.7AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 5:21 p.m.9 views

Malicious code in hello-dynamic (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 168dd7abca8ed812dcfb0119eaf80a2b05b186ee37a1e0c8f98e88f884a90602 Package attempts to test exploitation via legacy dependencylinks configuration --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages,...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/06/10 5:11 p.m.13 views

MAL-2026-5519 Malicious code in requests-toolbelt-plus (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38c64ca050de4910f56bc4a652890b0a378082859cb62153762c6ae08b4b8eae The package impersonates the popular requests-toolbelt library but ships an empty requeststoolbeltplus/init.py and places its real logic in setup.py...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 5:11 p.m.13 views

Malicious code in requests-toolbelt-plus (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38c64ca050de4910f56bc4a652890b0a378082859cb62153762c6ae08b4b8eae The package impersonates the popular requests-toolbelt library but ships an empty requeststoolbeltplus/init.py and places its real logic in setup.py...

6.1AI score
Exploits0References3
NVD
NVD
added 2026/06/10 2:16 a.m.13 views

CVE-2026-45542

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the Security Scheme 2 SRP6a session-setup path of the protocomm component. The first-phase handler handlesessioncommand0 in...

7.1CVSS0.00325EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/10 12:34 a.m.7 views

CVE-2026-45542 ESF-IDF: Heap buffer overflow in protocomm Security2 over Bluetooth

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the Security Scheme 2 SRP6a session-setup path of the protocomm component. The first-phase handler handlesessioncommand0 in...

7.1CVSS5.7AI score0.00325EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/10 12:34 a.m.11 views

EUVD-2026-35918

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the Security Scheme 2 SRP6a session-setup path of the protocomm component. The first-phase handler handlesessioncommand0 in...

7.1CVSS5.8AI score0.00325EPSS
Exploits0References7
CVE
CVE
added 2026/06/10 12:34 a.m.33 views

CVE-2026-45542

ESF-IDF (Espressif IoT Development Framework) versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0 suffer a heap buffer overflow in protocomm Security Scheme 2 (SRP6a) during session setup. The handle_session_command0() path copies a client-provided SRP6a username field into a smaller destination buffer,...

7.1CVSS5.8AI score0.00325EPSS
Exploits0References7Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 4:53 p.m.10 views

Malicious code in ultimate-ai-power (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90499eb8f54fcc67c067ef7d5397153b4abfc5bbca9d96e7deb291152f49ed3f On import ultimateaipower, the package's top-level init.py collects the local username getpass.getuser and resolved host IP socket.gethostbyname and...

5.7AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 4:31 p.m.12 views

Malicious code in cubifyanything (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cab88d6047b15dbb32ca245f083a7eecd1df75ce183d47637c6c9edf5cfd0b4 cubifyanything 1.0.1 is a dependency-confusion squat shipping no real functionality top-level cubifyanything/init.py is 0 bytes and a setup.py that...

5.6AI score
Exploits0References4
The Hacker News
The Hacker News
added 2026/06/09 9:13 a.m.15 views

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades , this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index PyPI registry, as the Mini Shai-Hulud-style attacks continue to be refined and splintered to target specific ecosystems...

6.2AI score
Exploits0
NVD
NVD
added 2026/06/08 8:17 p.m.20 views

CVE-2026-40519

Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the setupCertbotPlugins function in backend/setup.js, allowing attackers with certificates:manage permission to execute arbitrary...

7.7CVSS0.00921EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/08 7:28 p.m.6 views

CVE-2026-40519

Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the setupCertbotPlugins function in backend/setup.js, allowing attackers with certificates:manage permission to execute arbitrary...

7.7CVSS6.7AI score0.00921EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/08 7:28 p.m.43 views

CVE-2026-40519 Nginx Proxy Manager Authenticated RCE via setupCertbotPlugins()

Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the setupCertbotPlugins function in backend/setup.js, allowing attackers with certificates:manage permission to execute arbitrary...

7.7CVSS0.00921EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/08 7:28 p.m.13 views

EUVD-2026-35196

Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the setupCertbotPlugins function in backend/setup.js, allowing attackers with certificates:manage permission to execute arbitrary...

7.7CVSS6.7AI score0.00921EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/08 7:28 p.m.9 views

CVE-2026-40519 Nginx Proxy Manager Authenticated RCE via setupCertbotPlugins()

Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the setupCertbotPlugins function in backend/setup.js, allowing attackers with certificates:manage permission to execute arbitrary...

7.7CVSS6.7AI score0.00921EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 7:20 p.m.14 views

Malicious code in nerfstudio-gs (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 523b928ceb73227e96f02eb85783222da17d0e716c9c7012b4cbcafd1e787f58 During installation or Python setup via PTH file, the code exfiltrated all kinds of sensitive data, including env variables, browser's data, SSH keys, data fro...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/06/08 7:20 p.m.8 views

MAL-2026-5333 Malicious code in nerfstudio-gs (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 523b928ceb73227e96f02eb85783222da17d0e716c9c7012b4cbcafd1e787f58 During installation or Python setup via PTH file, the code exfiltrated all kinds of sensitive data, including env variables, browser's data, SSH keys, data fro...

5.7AI score
Exploits0References1
Rows per page
Query Builder