Lucene search
K

156 matches found

Snyk
Snyk
added 2026/05/27 7:33 p.m.3 views

External Control of System or Configuration Setting

Overview Affected versions of this package are vulnerable to External Control of System or Configuration Setting via the found-action process. An attacker can execute arbitrary shell commands on the host system by sending specially crafted JSON data to the REST API server endpoint when it is...

10CVSS6.1AI score0.00061EPSS
Exploits0References2
CVE
CVE
added 2026/05/26 6:23 p.m.13 views

CVE-2026-8890

The CVE-2026-8890 entry affects code100x Mobile API. The vulnerability is an authentication bypass in the Mobile API’s middleware.ts: when an Auth-Key header is present but not validated, an attacker can inject a crafted JSON payload in the g header, spoofing a user identity that downstream handl...

8.8CVSS5.9AI score0.00096EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 6:23 a.m.12 views

Malicious code in reasonix-plugmem (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f1f950e58a5bfe1df7c6507fe6ae8edd75ececaca6456efe57e24ab143cf7f7 On startup, plugmemmcp.mjs writes /.reasonix/settings.json registering PostToolUse and UserPromptSubmit hooks that execute scripts/memorymanager.py...

5.8AI score
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: sctp: Handle the error returned from sctpauthasocinitactivekey. When an error is returned from sctpauthasocinitactivekey, the activekey is not actually updated. The old shkey remains freed while it’s still being used as the activ...

7.8CVSS5.8AI score0.00022EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux - уязвимость в golang-go.crypto

Applications and libraries that misuse the connection.serverAuthenticate function via the ServerConfig.PublicKeyCallback callback field may be susceptible to authorization bypasses. The documentation for ServerConfig.PublicKeyCallback states that “Calling this function does not guarantee that the...

9.1CVSS6.7AI score0.3863EPSS
Exploits2References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: nvmet: fixed a memory leak in nvmetauthsetkey When changing dhchap secrets, we also need to release the old secrets. kmemleak complaint: -- Unreferenced object 0xffff8c7f44ed8180 size 64: Comm “check”, pid 7304, jiffies 429568613...

5.5CVSS6AI score0.00145EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux - уязвимость в bind9

The code that processes control channel messages sent to named recursively calls certain functions during packet parsing. The recursion depth is limited only by the maximum acceptable packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack...

7.5CVSS7.1AI score0.00227EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.1 views

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net/sctp: A null dereference in the sctpdisposition sctpsfdo51Dce function has been fixed. If newasoc-peer.adaptationind=0, sctpulpeventmakeauthkey=0, and sctpulpeventmakeauthkey returns 0, then the variable aiev remains zero, an...

5.2AI score0.00066EPSS
Exploits0References2
NVD
NVD
added 2026/05/19 6:16 p.m.11 views

CVE-2025-61081

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

0.00029EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.8 views

PT-2026-41983

Name of the Vulnerable Software and Affected Versions BYD Atto3 affected versions not specified Description An attacker can obtain a permanently available authentication key through a Brute Force attack. This key allows unauthorized flashing of the Electronic Parking Break EPB and Supplemental...

7.5CVSS5.8AI score0.00029EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/19 12:0 a.m.4 views

CVE-2025-61081

DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

5.8AI score0.00029EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/19 12:0 a.m.28 views

CVE-2025-61081

...

0.00029EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/19 12:0 a.m.5 views

CVE-2025-61081

In BYD Atto3, an attacker can obtain an authentication key through Brute Force attack, which is permanently available. The authentication key enables flash to the Electronic Parking Break EPB and Supplemental Restoration System SRS related ECUs...

5.8AI score0.00029EPSS
Exploits0References2
NVD
NVD
added 2026/05/14 8:17 p.m.5 views

CVE-2026-8596

Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...

8.5CVSS0.00055EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/13 9:6 p.m.4 views

CVE-2026-44426

ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/namespaces/:tenant returns the full namespace object — including the members list user IDs, e-mails, roles, settings, and device counts — to any caller authenticated by an API Key, for any tenant, regardless of the API Key's own...

6.5CVSS5.8AI score0.0004EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/05/13 8:51 p.m.5 views

EUVD-2026-30167

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in the authentication key reset functionality allowed an authenticated organization administrator to reset authentication keys belonging to site administrator accounts within...

8.6CVSS5.8AI score0.00061EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 8:51 p.m.29 views

CVE-2026-44380 MISP: Improper access control in auth key reset allows privilege escalation to site administrator

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in the authentication key reset functionality allowed an authenticated organization administrator to reset authentication keys belonging to site administrator accounts within...

8.6CVSS0.00061EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/12 3:8 p.m.12 views

Dalfox has an Unauthenticated Remote DoS via Closed-Channel Write in `ParameterAnalysis` (server mode)

Summary ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first stage completes closeresults at line 438, but the second stage — which processes POST-body parameters dp — ...

7.5CVSS5.8AI score0.00047EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2026/05/12 3:7 p.m.4 views

GHSA-V25V-M36W-JP4H Dalfox Server Mode Vulnerable to Unauthenticated Remote Code Execution via `found-action`

GHSA: Unauthenticated Remote Code Execution via found-action in Dalfox Server Mode Summary When dalfox is started in REST API server mode dalfox server, the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options —...

10CVSS6.4AI score0.00061EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/08 4:32 p.m.5 views

Missing Authentication for Critical Function

Overview gmaps-mcp is a MCP server for Google Maps — places search, directions, geocoding. Works with Claude Desktop, Cursor, Claude Code. Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the HTTP authentication process. An attacker can make...

8.3CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder