Lucene search
K

434 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago4 views

Malicious code in node-fsagent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3a0392a3ddea9b6099e8501fdb827f586a410323cecea214aa50fc1be42183b The package tarball ships archive-sender.js, which archives the host path /root/.codex, splits the tar into 200MB chunks, reconstructs an npm registr...

6.1AI score
Exploits0References10
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-43162

The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.27 via the wcfmproductarchive due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS6.2AI score0.0025EPSS
Exploits0References12
EUVD
EUVD
added 2026/06/18 3:2 p.m.9 views

EUVD-2026-37812

BBOT: Path traversal Zip-Slip in unarchive module - incomplete fix for CVE-2025-10284...

9.6CVSS5.1AI score0.00658EPSS
Exploits0References3
NVD
NVD
added 2026/06/15 8:16 p.m.9 views

CVE-2026-50871

An OS command injection vulnerability in the media archiving and export pipeline component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input...

9.8CVSS0.01571EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49312

Name of the Vulnerable Software and Affected Versions kanishka-linux Reminiscence version 0.3.0 Description An OS command injection flaw exists in the media archiving and export pipeline component. This allows attackers to execute arbitrary commands on the operating system by providing a speciall...

9.8CVSS6.2AI score0.01571EPSS
Exploits0References3
CVE
CVE
added 2026/06/15 12:0 a.m.17 views

CVE-2026-50871

CVE-2026-50871 describes an OS command injection in the media archiving and export pipeline component of kanishka-linux Reminiscence v0.3.0. An attacker can execute arbitrary commands by supplying crafted input. The CVE is rated CVSSv3.1 base score 9.8 (CRITICAL) with network attack vector, no pr...

9.8CVSS5.9AI score0.01571EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 12:31 a.m.12 views

EUVD-2026-35842

OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows attackers to execute arbitrary JavaScript in a victim's browser by embedding malicious payloads in DICOM file metadata fields. Attackers can craft a DICOM file with...

6.1CVSS5.6AI score0.00293EPSS
Exploits1References4
NVD
NVD
added 2026/06/09 10:16 p.m.13 views

CVE-2026-25860

OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows attackers to execute arbitrary JavaScript in a victim's browser by embedding malicious payloads in DICOM file metadata fields. Attackers can craft a DICOM file with...

6.1CVSS0.00293EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/09 9:9 p.m.8 views

CVE-2026-25860 OpenClinic GA 5.351.19 Reflected XSS via DICOM Image Upload Handler

OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows attackers to execute arbitrary JavaScript in a victim's browser by embedding malicious payloads in DICOM file metadata fields. Attackers can craft a DICOM file with...

6.1CVSS5.6AI score0.00293EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/09 9:9 p.m.35 views

CVE-2026-25860 OpenClinic GA 5.351.19 Reflected XSS via DICOM Image Upload Handler

OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows attackers to execute arbitrary JavaScript in a victim's browser by embedding malicious payloads in DICOM file metadata fields. Attackers can craft a DICOM file with...

6.1CVSS0.00293EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.21 views

PT-2026-48279

Name of the Vulnerable Software and Affected Versions OpenClinic GA version 5.351.19 Description A reflected cross-site scripting issue exists in the DICOM image upload handler. Attackers can execute arbitrary JavaScript in a victim's browser by embedding malicious payloads in DICOM file metadata...

6.1CVSS6.7AI score0.00293EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.12 views

CVE-2026-4635

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to archive the channel before removing persistent notifications which allows authenticated user to crash the server via timing the creation of persistent notification message between the server deleting...

6.5CVSS5.4AI score0.00172EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.9 views

CVE-2026-35462

Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, API keys with an expiresAt date are never validated against the current time during authentication. Any API key — regardless of its expiration date — is accepted indefinitely, allowing a user whose key has expire...

4.3CVSS5.5AI score0.00239EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 6:49 p.m.11 views

CVE-2024-47267

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vecto...

2.7CVSS5.5AI score0.00325EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 6:49 p.m.11 views

CVE-2024-47270

Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors...

2.7CVSS5.5AI score0.00249EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.15 views

PT-2026-49123

This crate provides shared trait definitions for the pqcrypto- ecosystem, which wraps C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604. As a result, this crate and the broader pqcrypto- ecosystem will no longer receive updates. Use...

5.3AI score
Exploits0References4
NVD
NVD
added 2026/05/27 9:16 a.m.9 views

CVE-2024-47267

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vecto...

2.7CVSS0.00325EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 9:16 a.m.12 views

CVE-2024-47270

Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors...

2.7CVSS0.00249EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 8:29 a.m.11 views

CVE-2024-47270

Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors...

2.7CVSS5.8AI score0.00249EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 8:29 a.m.9 views

CVE-2024-47270

Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors...

2.7CVSS5.8AI score0.00249EPSS
Exploits0References2
Rows per page
Query Builder