Lucene search
+L

48156 matches found

Nuclei
Nuclei
added yesterday138 views

WAGO - Remote Command Execution

In multiple products of WAGO, a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behavior, Denial of Service, and full system compromise. id: CVE-2023-1698 info: name: WAGO - Remote Command Execution...

9.8CVSS7.1AI score0.82037EPSS
Exploits5References5
OSV
OSV
added yesterday3 views

MAL-2026-10696 Malicious code in loader1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9578c2db9f9fd58bb7b743e3ca8581aa21f4632bb965dcb53b7a4aaa02e5667 The package ships a single index.html declared as main whose only behavior is to fetch...

6.1AI score
Exploits0References5
OSV
OSV
added yesterday4 views

MAL-2026-10694 Malicious code in vor8zakon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99924288481504c324c3f573ba7ba99ac4e1c7a7f22a940c94d81059b868fdfd Package advertises itself as 'A simple cryptographic library for JavaScript applications' but ships no crypto code and exports nothing. package.json...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday6 views

Malicious code in vor8zakon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99924288481504c324c3f573ba7ba99ac4e1c7a7f22a940c94d81059b868fdfd Package advertises itself as 'A simple cryptographic library for JavaScript applications' but ships no crypto code and exports nothing. package.json...

6.1AI score
Exploits0References2
NVD
NVD
added 2 days ago7 views

CVE-2026-15921

Node Version Manager nvm is a POSIX-compliant shell function for managing multiple node.js versions. In versions 0.32.1 through 0.40.5, nvm ls-remote and other commands that refresh remote LTS aliases, such as nvm install --lts parse the node.js mirror's index.tab and use each release's LTS...

3.1CVSS0.00225EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-14961

Pegatron Tdelo64.sys exposes a privileged device interface, \.\TdeIo, that fails to properly restrict access to sensitive IOCTL functionality. The driver's IOCTL dispatcher does not validate caller privileges or verify user-supplied kernel memory addresses before performing memory operations. By...

6.2CVSS6.2AI score0.00121EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2 days ago16 views

CVE-2026-14960

CVE-2026-14960 concerns Pegatron tdeio64.sys exposing privileged hardware access via the .TdeIo device interface. Connected docs describe IOCTLs (TDE_IOCTL_INDEXIO_READ/WRITE) that allow unprivileged local users to perform arbitrary hardware I/O port operations without proper authorization, and,...

9.8CVSS6.2AI score0.00203EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2 days ago6 views

CVE-2026-57832

The Joomla extension EDocman is vulnerable to an unauthenticated SQL injection...

8.7CVSS6.1AI score0.00237EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-44598

The HCM developed by MetaGuru has a SQL Injection vulnerability. Authenticated remote attackers can inject SQL commands via specific parameters, thereby compromising the confidentiality, integrity, and availability of database data...

8.8CVSS6.2AI score0.00302EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago8 views

Malicious code in @fhkry/x-baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db9f6c3e5c391d9d3ffeb7f6c1b4154b0266efeb73bdf5543ad81f50236bdabc This package presents itself as a fork of @whiskeysockets/baileys impersonating the original author 'Adhiraj Singh' in package.json and exposing the...

6.1AI score
Exploits0References9
OSV
OSV
added 2 days ago6 views

MAL-2026-10665 Malicious code in @fhkry/x-baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db9f6c3e5c391d9d3ffeb7f6c1b4154b0266efeb73bdf5543ad81f50236bdabc This package presents itself as a fork of @whiskeysockets/baileys impersonating the original author 'Adhiraj Singh' in package.json and exposing the...

6.1AI score
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago8 views

Malicious code in crypto-hasher (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5162012006c5d2576c6f93540445f10185d44acfb5cef39764f7a2b45c45d205 [email protected] impersonates the hash-wasm library. Its main entrypoint dist/index.umd.js injects code into the WASM Interface update method so...

6.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in @sauruslord/libsignal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0c2cf2672d98396a7b66cb732741d269732f5faae72293ea46e06b879e7a45b Package name impersonates Open Whisper Systems' libsignal-node but ships unrelated code. On require of index.js, after a 1-second delay, install.js...

6.1AI score
Exploits0References2
OSV
OSV
added 2 days ago6 views

MAL-2026-10659 Malicious code in @sauruslord/libsignal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0c2cf2672d98396a7b66cb732741d269732f5faae72293ea46e06b879e7a45b Package name impersonates Open Whisper Systems' libsignal-node but ships unrelated code. On require of index.js, after a 1-second delay, install.js...

6.1AI score
Exploits0References2
OSV
OSV
added 2 days ago6 views

MAL-2026-10662 Malicious code in ssweb-wp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cdc75de95852418c3d695299d52199b24e52202b2e5595089b3107a73c1e86b The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago6 views

Malicious code in sauruslord-baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 474b90ec19af5dbbc5bf3c8d27c0c4d079c7d980d6e3316dad3bbf5682abbe52 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References4
OSV
OSV
added 2 days ago3 views

MAL-2026-10648 Malicious code in @hkyyy/portal-widget-helper-0601 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f72e27d8bfbf5b9bfefe661d642be934399a38031c1bee028a20ed3282e0f482 The package has no real functionality — index.js only exports ok: true — and its sole effect is to run a postinstall reconnaissance script...

6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-60319

Name of the Vulnerable Software and Affected Versions Wekan versions prior to 9.32 Description The Accounts.onCreateUser function in server/models/users.js merges OIDC logins into existing accounts when the OIDC email or username matches an existing user without verifying ownership or checking th...

9.2CVSS6.1AI score0.00302EPSS
Exploits0References5
OSV
OSV
added 3 days ago4 views

MAL-2026-10651 Malicious code in iwsdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66af3674e89512532e1448a9421b3318388094ff91bb2e8c32714670a7f5f2cc The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago8 views

Malicious code in iwsdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66af3674e89512532e1448a9421b3318388094ff91bb2e8c32714670a7f5f2cc The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
Rows per page
Query Builder