Lucene search
K

1243 matches found

Vulnrichment
Vulnrichment
added 2026/02/18 9:10 p.m.3 views

CVE-2026-27181 MajorDoMo Unauthenticated Module Uninstall via Market Endpoint

MajorDoMo aka Major Domestic Module allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin method reads gr'mode' from $REQUEST and assigns it to $this-mode at the start of execution, making all mode-gated code paths reachable without...

8.7CVSS5.8AI score0.00708EPSS
Exploits1References3
CVE
CVE
added 2026/02/18 9:10 p.m.12 views

CVE-2026-27181

MajorDoMo is affected by an unauthenticated module-uninstall vulnerability via the market endpoint. The market/admin flow reads gr('mode') from $_REQUEST and sets $this->mode before authentication, making all mode-gated paths reachable through /objects/?module=market. The uninstall handler cal...

8.7CVSS5.8AI score0.00708EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.7 views

PT-2026-20517

MajorDoMo aka Major Domestic Module allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin method reads gr'mode' from $ REQUEST and assigns it to $this-mode at the start of execution, making all mode-gated code paths reachable without...

8.7CVSS5.8AI score0.00708EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.7 views

MajorDoMo 安全漏洞

MajorDoMo is an open-source DIY smart home automation platform developed by the MajorDoMo community. There is a security vulnerability in MajorDoMo. This vulnerability stems from the admin method in the market module, which reads grmode from $REQUEST and assigns it to $this-mode. As a result, all...

8.7CVSS5.9AI score0.00708EPSS
Exploits1References3
OSV
OSV
added 2026/02/06 7:37 p.m.8 views

GHSA-4F84-67CV-QRV3 A single post-release of dydx-v4-client contained obfuscated multi-stage loader

A PyPI user account compromised by an attacker and was able to upload a malicious version 1.1.5.post1 of the dydx-v4-client package. This version contains a highly obfuscated multi-stage loader that ultimately executes malicious code on the host system. While the final payload is not visible...

9.3CVSS5.8AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/06 7:37 p.m.14 views

A single post-release of dydx-v4-client contained obfuscated multi-stage loader

A PyPI user account compromised by an attacker and was able to upload a malicious version 1.1.5.post1 of the dydx-v4-client package. This version contains a highly obfuscated multi-stage loader that ultimately executes malicious code on the host system. While the final payload is not visible...

5.8AI score
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/13 3:5 p.m.3 views

CVE-2025-36640 Local Privilege Escalation

A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts which could lead to escalation of privileges...

8.8CVSS6.7AI score0.00109EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/13 3:5 p.m.20 views

CVE-2025-36640 Local Privilege Escalation

A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts which could lead to escalation of privileges...

8.8CVSS0.00109EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.6 views

Tenable Nessus Agent Tray App 安全漏洞

Tenable Nessus Agent Tray App is a tray component from Tenable USA. A security vulnerability exists in Tenable Nessus Agent Tray App that stems from an installation/uninstallation issue on Windows hosts that could lead to elevated privileges...

8.8CVSS5.8AI score0.00109EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:56 a.m.5 views

CVE-2020-12703

UliCMS before 2020.2 has XSS during PackageController uninstall...

6.1CVSS6.1AI score0.00641EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.4 views

Smb4K 参数注入漏洞

Smb4K is a KDE open source online neighborhood browser. Smb4K suffers from a parameter injection vulnerability that stems from improper parameter delimiter neutralization, which could lead to a local user performing an arbitrary uninstall operation...

6.9CVSS6.7AI score0.00144EPSS
Exploits0References3
Veeam
Veeam
added 2026/01/06 12:0 a.m.59 views

Veeam Agent for Microsoft Windows 13.0.1.120 to 13.0.1.1009 Upgrade Notes

Article Applicability This article documents notable deviations from the standard Veeam Agent for Microsoft Windows upgrade procedure that occur only when upgrading from Veeam Backup & Replication VBR 13.0.1 build 13.0.1.180 to 13.0.1 Patch 1 build 13.0.1.1071. This patch to VBR includes a new...

5.8AI score
Exploits0Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/04 6:50 p.m.10 views

Malicious code in aiihttp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e98bbfaaccc91213e80bb0a09f5081a5701cf01629ac8b82370adbbbc42178b0 Obfuscated code downloads an encrypted binary blob, which is malware finally starting cryptomining. After starting the malware, the Python package uninstall...

7.2AI score
Exploits0References4
OSV
OSV
added 2026/01/04 6:50 p.m.8 views

MAL-2026-35 Malicious code in aiihttp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e98bbfaaccc91213e80bb0a09f5081a5701cf01629ac8b82370adbbbc42178b0 Obfuscated code downloads an encrypted binary blob, which is malware finally starting cryptomining. After starting the malware, the Python package uninstall...

7.2AI score
Exploits0References4
OSV
OSV
added 2026/01/04 6:49 p.m.12 views

MAL-2026-37 Malicious code in aoohttp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9d3438b2d065c0535b5ac80ce789201be4f8095642d0f10a20a7da13d46152f8 Obfuscated code downloads an encrypted binary blob, which is malware finally starting cryptomining. After starting the malware, the Python package uninstall...

7.2AI score
Exploits0References4
OSV
OSV
added 2026/01/04 6:49 p.m.16 views

MAL-2026-38 Malicious code in auohttp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f4b76a407d91e23cb990d6ed08e3c0e81898f2b97d690db76b4e3b547fda5fab Obfuscated code downloads an encrypted binary blob, which is malware finally starting cryptomining. After starting the malware, the Python package uninstall...

7.2AI score
Exploits0References4
OSV
OSV
added 2026/01/04 6:48 p.m.17 views

MAL-2026-36 Malicious code in aiohtto (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9338a4f3f167cf0ba279696ac9ae9bae26219391e2a87a805cc8bb92b4cddd6e Obfuscated code downloads an encrypted binary blob, which is malware finally starting cryptomining. After starting the malware, the Python package uninstall...

7.2AI score
Exploits0References4
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.10 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an attempt to create an extended attribute block despite uninstallation, which could result in a null pointer...

6.1AI score0.00177EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unused device management snddevmcardnew function, which could result in a memory access error when a modu...

5.8AI score0.00168EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/12/26 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-54138

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/msm: fix NULL-deref on irq uninstall In case of early initialisation errors and on platforms that do not use the DPU controller, the deinitilisation code ca...

6.3AI score0.00175EPSS
Exploits0References2
Rows per page
Query Builder