Lucene search
K

16135 matches found

Packet Storm News
Packet Storm News
added 2026/03/26 12:0 a.m.4 views

TOR Virtual Network Tunneling Tool 0.4.9.6

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow...

5.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.8 views

SUSE SLES12 : Security update 5.0.7 for Multi-Linux Manager Client Tools (SUSE-SU-2026:1011-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:1011-1 advisory. golang-github-QubitProducts-exporterexporter: - Non-customer-facing optimization and update golang-github-boynux-squidexporter: - Version update from...

7.8CVSS6.2AI score0.00324EPSS
Exploits1References12
EUVD
EUVD
added 2026/03/25 6:31 p.m.3 views

EUVD-2026-15507

Deserialization of Untrusted Data vulnerability in axiomthemes m2 | Construction and Tools Store m2-ce allows Object Injection.This issue affects m2 | Construction and Tools Store: from n/a through = 1.1.2...

5.8AI score0.0051EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/25 5:23 p.m.14 views

@grackle-ai/mcp has a workspace authorization bypass in its knowledge_search MCP tool

Impact The knowledgesearch and knowledgegetnode MCP tools are included in SCOPEDTOOLS visible to scoped agents but their handlers do not receive authContext and do not enforce workspace scoping. A scoped agent in Workspace A can supply an arbitrary workspaceId parameter to search or retrieve...

5.9AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/25 5:23 p.m.2 views

GHSA-647H-P824-99W7 @grackle-ai/mcp has a workspace authorization bypass in its knowledge_search MCP tool

Impact The knowledgesearch and knowledgegetnode MCP tools are included in SCOPEDTOOLS visible to scoped agents but their handlers do not receive authContext and do not enforce workspace scoping. A scoped agent in Workspace A can supply an arbitrary workspaceId parameter to search or retrieve...

8.6CVSS6AI score
Exploits0References2
NVD
NVD
added 2026/03/25 5:16 p.m.8 views

CVE-2026-22500

Deserialization of Untrusted Data vulnerability in axiomthemes m2 | Construction and Tools Store m2-ce allows Object Injection.This issue affects m2 | Construction and Tools Store: from n/a through = 1.1.2...

9.8CVSS0.0051EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.2 views

CVE-2026-22500 WordPress m2 | Construction and Tools Store theme <= 1.1.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in axiomthemes m2 | Construction and Tools Store m2-ce allows Object Injection.This issue affects m2 | Construction and Tools Store: from n/a through = 1.1.2...

9.8CVSS5.8AI score0.0051EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.28 views

CVE-2026-22500 WordPress m2 | Construction and Tools Store theme <= 1.1.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in axiomthemes m2 | Construction and Tools Store m2-ce allows Object Injection.This issue affects m2 | Construction and Tools Store: from n/a through = 1.1.2...

9.8CVSS0.0051EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.6 views

CVE-2026-22500

CVE-2026-22500 describes a PHP Object Injection flaw due to deserialization of untrusted data in the WordPress theme m2-ce (axiomthemes m2 | Construction and Tools Store), affected versions from n/a up to and including 1.1.2. Public Red Hat and CVE records confirm a deserialization/ object inject...

9.8CVSS5.8AI score0.0051EPSS
Exploits0References1
OSV
OSV
added 2026/03/25 10:10 a.m.2 views

SUSE-SU-2026:1011-1 Security update 5.0.7 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-QubitProducts-exporterexporter: - Non-customer-facing optimization and update golang-github-boynux-squidexporter: - Version update from 1.6.0 to 1.13.0 with the following highlighted changes and fixes jscPED-14971: Added compatibility for Squi...

7.8CVSS5.8AI score0.00324EPSS
Exploits1References11
Patchstack
Patchstack
added 2026/03/25 8:26 a.m.6 views

WordPress WP DSGVO Tools (GDPR) plugin <= 3.1.38 - Missing Authorization to Unauthenticated Account Destruction of Non-Admin Users vulnerability

Missing Authorization to Unauthenticated Account Destruction of Non-Admin Users vulnerability discovered by shark3y in WordPress Plugin WP DSGVO Tools GDPR versions = 3.1.38...

9.1CVSS5.8AI score0.00431EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.4 views

PT-2026-27822

Name of the Vulnerable Software and Affected Versions axiomthemes m2 | Construction and Tools Store versions n/a through 1.1.2 Description An issue exists in axiomthemes m2 | Construction and Tools Store that allows for object injection due to deserialization of untrusted data. This impacts the...

9.8CVSS5.9AI score0.0051EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.7 views

WordPress plugin m2 | Construction and Tools Store 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

9.8CVSS5.9AI score0.0051EPSS
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2026/03/24 8:0 p.m.8 views

New Whitepaper: Exploiting Cellular-based IoT Devices

Rapid7 has released a whitepaper titled “The Weaponization of Cellular Based IoT Technology,” by Deral Heiland, principal security researcher, IoT, at Rapid7, and Carlota Bindner, lead product security researcher at Thermo Fisher Scientific. The paper examines how attackers with physical access c...

5.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/24 3:40 p.m.8 views

Malicious code in codecoverage-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77e8adaf551291b58aa99518bd0d9c4817709eb0e987acb0f318405926c8f6a1 The package codecoverage-tools was found to contain malicious code...

5.9AI score
Exploits0
OSV
OSV
added 2026/03/24 3:40 p.m.4 views

MAL-2026-2345 Malicious code in codecoverage-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77e8adaf551291b58aa99518bd0d9c4817709eb0e987acb0f318405926c8f6a1 The package codecoverage-tools was found to contain malicious code...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/03/24 6:31 a.m.4 views

EUVD-2026-14735

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to unauthorized account destruction in all versions up to, and including, 3.1.38. This is due to the super-unsubscribe AJAX action accepting a processnow parameter from unauthenticated users, which bypasses the intended email-confirmation...

9.1CVSS5.8AI score0.00431EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/03/24 4:27 a.m.4 views

CVE-2026-4283

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to unauthorized account destruction in all versions up to, and including, 3.1.38. This is due to the super-unsubscribe AJAX action accepting a processnow parameter from unauthenticated users, which bypasses the intended email-confirmation...

9.1CVSS5.8AI score0.00431EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/03/24 4:27 a.m.29 views

CVE-2026-4283 WP DSGVO Tools (GDPR) <= 3.1.38 - Missing Authorization to Unauthenticated Account Destruction of Non-Admin Users

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to unauthorized account destruction in all versions up to, and including, 3.1.38. This is due to the super-unsubscribe AJAX action accepting a processnow parameter from unauthenticated users, which bypasses the intended email-confirmation...

9.1CVSS0.00431EPSS
Exploits0References7
CNVD
CNVD
added 2026/03/24 12:0 a.m.2 views

OpenClaw has an unspecified vulnerability (CNVD-2026-14832)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that is caused by failing to pass the senderIsOwner flag when processing Discord voice transcription in agentCommand. An attacker could exploit the vulnerability to cause a voi...

5.9CVSS5.9AI score0.00139EPSS
Exploits0References1
Rows per page
Query Builder