Lucene search
K

156 matches found

Cvelist
Cvelist
added 2026/06/29 6:16 p.m.32 views

CVE-2026-58000 luci-proto-openvpn - Command Injection via cl_meta Parameter in generateKey

luci-proto-openvpn through 0.11.1, fixed in commit e4ff45e, contains a command injection vulnerability in the generateKey ubus method where the clmeta parameter is interpolated into a shell command without proper escaping or quoting. An authenticated LuCI user with OpenVPN protocol configuration...

8.8CVSS0.01401EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.11 views

PT-2026-53683

Name of the Vulnerable Software and Affected Versions luci-proto-openvpn versions prior to 0.11.1 Description An authenticated LuCI user with OpenVPN protocol configuration access can execute arbitrary commands as root. This occurs because the generateKey ubus method interpolates the cl meta...

8.8CVSS6.1AI score0.01401EPSS
Exploits0References7
OSV
OSV
added 2026/06/09 8:13 a.m.7 views

SUSE-SU-2026:2308-1 Security update for netty, netty-tcnative

This update for netty, netty-tcnative fixes the following issues - CVE-2026-41417: missing validations leads to HTTP request smuggling and RTSP request injection via start-line injection in DefaultHttpRequest.setUri bsc1264350. - CVE-2026-42578: HTTP Header Injection via HttpProxyHandler Disabled...

9.8CVSS6.8AI score0.00944EPSS
Exploits11References25
The Hacker News
The Hacker News
added 2026/06/04 11:19 a.m.16 views

FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads

Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell. According to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously reported activity cluster dubbed...

6.1AI score
Exploits0
Patchstack
Patchstack
added 2026/03/20 9:14 p.m.7 views

WordPress Contact List plugin <= 3.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via '_cl_map_iframe' Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'clmapiframe' Parameter vulnerability discovered by Tharadol Suksamran d3kc4rt1 in WordPress Plugin Contact List versions = 3.0.18...

6.4CVSS5.8AI score0.00272EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.5 views

PT-2026-26720

The Contact List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ' cl map iframe' parameter in all versions up to, and including, 3.0.18. This is due to insufficient input sanitization and output escaping when handling the Google Maps iframe custom field. The...

6.4CVSS6AI score0.00272EPSS
Exploits1References9
OSV
OSV
added 2026/03/19 7:25 a.m.5 views

MAL-2026-1579 Malicious code in nf-cl-ls (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05a649ee3bcabdbceb5c56f4056dda77174867deaa1600f8a196792cc6c1356c The package nf-cl-ls was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/19 7:25 a.m.5 views

Malicious code in nf-cl-ls (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05a649ee3bcabdbceb5c56f4056dda77174867deaa1600f8a196792cc6c1356c The package nf-cl-ls was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score
Exploits0
OSV
OSV
added 2026/03/18 1:0 p.m.5 views

MAL-2026-1799 Malicious code in nf-cl-logger-test2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7f92e72b8e76efdc1d671f13821d881ac58ea36208cd948bad66d2650e63492 The package nf-cl-logger-test2 was found to contain malicious code...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/18 1:0 p.m.9 views

Malicious code in nf-cl-logger-test2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7f92e72b8e76efdc1d671f13821d881ac58ea36208cd948bad66d2650e63492 The package nf-cl-logger-test2 was found to contain malicious code...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/18 1:0 p.m.10 views

Malicious code in nf-cl-logger-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3215a4f0e3f4b33553d866c95c85ddbd61038f8cc37123818021c3307801abf0 The package nf-cl-logger-test was found to contain malicious code...

5.8AI score
Exploits0
OSV
OSV
added 2026/03/18 1:0 p.m.6 views

MAL-2026-1798 Malicious code in nf-cl-logger-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3215a4f0e3f4b33553d866c95c85ddbd61038f8cc37123818021c3307801abf0 The package nf-cl-logger-test was found to contain malicious code...

5.8AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/02/05 12:24 a.m.5 views

SUSE CVE-2026-23105

In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use clisactive to determine whether class is active in qfqrmfromag This is more of a preventive patch to make the code more consistent and to prevent possible exploits that employ child qlen manipulations on qfq...

4.7CVSS5.3AI score0.0012EPSS
Exploits0References20
NVD
NVD
added 2026/02/04 5:16 p.m.7 views

CVE-2026-23105

In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use clisactive to determine whether class is active in qfqrmfromag This is more of a preventive patch to make the code more consistent and to prevent possible exploits that employ child qlen manipulations on qfq...

7.8CVSS0.0012EPSS
Exploits0References7
OSV
OSV
added 2026/02/04 5:16 p.m.4 views

UBUNTU-CVE-2026-23105

In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use clisactive to determine whether class is active in qfqrmfromag This is more of a preventive patch to make the code more consistent and to prevent possible exploits that employ child qlen manipulations on qfq...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References29
EUVD
EUVD
added 2026/02/04 4:8 p.m.7 views

EUVD-2026-5436

In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use clisactive to determine whether class is active in qfqrmfromag This is more of a preventive patch to make the code more consistent and to prevent possible exploits that employ child qlen manipulations on qfq...

5.3AI score0.0012EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/30 11:13 p.m.10 views

Malicious code in mbo-letters-cl (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d367723532d1a3f90f88a1d23230230dafb47b5f26a68af29aafda36084f5417 The package mbo-letters-cl was found to contain malicious code. Source: ossf-package-analysis...

5.9AI score
Exploits0
OSV
OSV
added 2026/01/30 11:13 p.m.7 views

MAL-2026-611 Malicious code in mbo-letters-cl (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d367723532d1a3f90f88a1d23230230dafb47b5f26a68af29aafda36084f5417 The package mbo-letters-cl was found to contain malicious code. Source: ossf-package-analysis...

5.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.6 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003267)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003267 advisory. The vc4getbcl function in drivers/gpu/drm/vc4/vc4gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow...

5.5CVSS7.1AI score0.00425EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.5 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002808)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002808 advisory. Integer overflow in the vc4getbcl function in drivers/gpu/drm/vc4/vc4gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 allows local users to cause a...

7.8CVSS6.8AI score0.00423EPSS
Exploits0References10
Rows per page
Query Builder