Lucene search
K

6622 matches found

Nuclei
Nuclei
added yesterday68 views

Mesop AI Sandbox <= 1.2.2 - Remote Code Execution

Mesop = 1.2.2 contains an unrestricted remote code execution caused by unauthenticated ingestion and execution of base64-encoded Python code in the /exec-py endpoint of ai/testing module, letting attackers execute arbitrary commands on the host, exploit requires HTTP access to the server. id:...

9.8CVSS6.6AI score0.05289EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday140 views

Base64 Encoder/Decoder <= 0.9.2 - Cross-Site Scripting

The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2024-3822 info: name: Base64 Encoder/Decode...

4.8CVSS6.1AI score0.00741EPSS
Exploits2References3
OSV
OSV
added 2 days ago19 views

MAL-2026-10452 Malicious code in markdown-editable-table (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6b15669732f3eaec42e12c5f8d41a8f74d595fc04f709804de9768cb1719a94 The package's package.json declares a preinstall hook node index.d.js that runs automatically on npm install. The script in index.d.js base64-decodes...

6.2AI score
Exploits0References4
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-6847 Unauthenticated Remote Code Execution in ThemisNETPanel

Remote Code Execution vulnerability exists in ThemisNETPanel due to missing authentication for a critical file upload function. The application exposes an endpoint that allows unauthenticated attackers to upload arbitrary PHP files by providing a base64-encoded payload and to execute arbitrary co...

9.3CVSS0.00584EPSS
Exploits0References1
OSV
OSV
added 2 days ago3 views

MAL-2026-10403 Malicious code in @iana-rzms/bff-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b7adbad0c719aec3345c5aa16b3435e8621f4a81b5a0e0cf0e0d979509e5d21f Package published to the public @iana-rzms scope as a dependency-confusion squat targeting an internal ICANN namespace. The preinstall lifecycle scri...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago6 views

Malicious code in type-async (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d064750b4e3821d296d538ea749483e3f9cd54299645fc1c895e5c1af3639b5d The package presents itself as pino typosquat; README mirrors pino. The main entry index.js exports a middleware factory that, on invocation, spawns...

6.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago6 views

Malicious code in type-elint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f29d6bfc122cb5792d95cfade56e62789f83366b30fc0d58a88a84113d89962c Package impersonates the pino logger README is pino documentation, package name is a lookalike. The main export is a middleware factory that spawns...

6.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago8 views

Malicious code in fastify-addone (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21b9e477cff478ab071039c18c3adb6577a07cc1d82687b9e7d7cd2594dc9ddf The package presents itself as fastify-plugin name fastify-addone, repository/homepage/bugs fields point at fastify/fastify-plugin and copies that...

6AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 6 days ago7 views

CVE-2026-60108 Zeek < 8.0.9 Uncontrolled Memory Consumption DoS via FTP Analyzer

Zeek before 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer that allows unauthenticated remote attackers to cause process termination by sending a crafted FTP control session negotiating AUTH GSSAPI followed by a large ADAT control line. Attackers can exploit t...

8.7CVSS6.2AI score0.00436EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago38 views

CVE-2026-60108 Zeek < 8.0.9 Uncontrolled Memory Consumption DoS via FTP Analyzer

Zeek before 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer that allows unauthenticated remote attackers to cause process termination by sending a crafted FTP control session negotiating AUTH GSSAPI followed by a large ADAT control line. Attackers can exploit t...

8.7CVSS0.00436EPSS
Exploits0References3
CVE
CVE
added 6 days ago18 views

CVE-2026-60108

Zeek prior to 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer. An unauthenticated remote attacker can trigger a DoS by initiating an FTP control session that negotiates AUTH GSSAPI, then sends a large ADAT control line. The NVT_Analyzer does not enforce a maxim...

8.7CVSS6.2AI score0.00436EPSS
Exploits0References3Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added last week7 views

Malicious code in crypto-promiser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25594e7865a7525aebefd2f1fcc8060f144bf202b1986875e1cfd95564f66e88 [email protected] is a typosquat of the legitimate crypto-promise package that ships a dropper in its lifecycle scripts. The declared postinstall...

6.6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 12:0 a.m.6 views

Malicious code in express-mongo-limit (npm)

The npm package express-mongo-limit masquerades as an Express/MongoDB payload sanitization middleware likely typosquatting express-mongo-sanitize but is a credential stealer, remote-code-execution backdoor, crypto clipboard hijacker, and screenshot spyware. It declares a postinstall: node index.j...

6.2AI score
Exploits0References8
OSV
OSV
added 2026/07/06 3:6 a.m.6 views

MAL-2026-6795 Malicious code in zod-pino444 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 560c3d47344d4da5dffac230236b5248d2f1856c221ffac7ff72d4e3b197957b Package [email protected] is a credential/secret harvester disguised behind a benign-sounding name. scripts/postinstall-agent.mjs is a...

6AI score
Exploits0References5
OSV
OSV
added 2026/07/01 6:47 p.m.5 views

GHSA-3CCM-4QQ2-5WRP Constrata's coordinator transit engine `ciphertextContainer.UnmarshalJSON` panics on attacker-controlled short ciphertexts

Summary ciphertextContainer.UnmarshalJSON decodes the third :-separated component of a vault:vX:base64... ciphertext and then unconditionally takes a 12-byte prefix slice for the AES-GCM nonce: c.nonce = fullCiphertext:aesGCMNonceSize. If the decoded blob is shorter than 12 bytes, the slice...

4.3CVSS5.7AI score
Exploits0References4
NVD
NVD
added 2026/07/01 5:16 a.m.11 views

CVE-2026-44042

UltraVNC repeater through 1.8.2.2 contains an off-by-one error in the Base64 decode helper used for HTTP Basic authentication. In repeater/webgui/webutils.c:817, the wiuudecode function checks whether the input length exceeds the output buffer with a strict greater-than comparison , while the...

3.7CVSS0.00388EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/07/01 3:33 a.m.7 views

CVE-2026-44042 UltraVNC repeater wi_uudecode off-by-one in base64 decode boundary check

UltraVNC repeater through 1.8.2.2 contains an off-by-one error in the Base64 decode helper used for HTTP Basic authentication. In repeater/webgui/webutils.c:817, the wiuudecode function checks whether the input length exceeds the output buffer with a strict greater-than comparison , while the...

3.7CVSS6AI score0.00388EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/01 3:33 a.m.38 views

CVE-2026-44042 UltraVNC repeater wi_uudecode off-by-one in base64 decode boundary check

UltraVNC repeater through 1.8.2.2 contains an off-by-one error in the Base64 decode helper used for HTTP Basic authentication. In repeater/webgui/webutils.c:817, the wiuudecode function checks whether the input length exceeds the output buffer with a strict greater-than comparison , while the...

3.7CVSS0.00388EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 3:33 a.m.12 views

CVE-2026-44042

UltraVNC repeater up to version 1.8.2.2 contains an off-by-one bug in the Base64 decode helper used for HTTP Basic authentication. In repeater/webgui/webutils.c:817, wi_uudecode() uses a strict &gt; check to ensure output fits the buffer, but the correct condition is &gt;=. When strlen(authdata) ...

3.7CVSS6AI score0.00388EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/07/01 3:33 a.m.10 views

EUVD-2026-40877

UltraVNC repeater through 1.8.2.2 contains an off-by-one error in the Base64 decode helper used for HTTP Basic authentication. In repeater/webgui/webutils.c:817, the wiuudecode function checks whether the input length exceeds the output buffer with a strict greater-than comparison , while the...

3.7CVSS6AI score0.00388EPSS
Exploits0References2
Rows per page
Query Builder