MAL-2026-6083 Malicious code in syncagents (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aebf468a6887fb09002d4ae4aceab77e347034b389b02e252844f7d0d81fabd6 The PyPI package 'syncagents' impersonates the legitimate PyPI package 'agentsync' — the README, PKG-INFO, CHANGELOG, and project URLs all point at...

NTLM Relay to Self (HTTP to LDAP) - Post Exploitation

This module performs an NTLM relay-to-self privilege escalation attack. It starts an HTTP-to-LDAP relay server on the compromised host, then triggers the WebClient service via an ETW event allowing a low-privilege user to start it, and coerces the local machine account to authenticate via...

EUVD-2026-37783

Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the proxy repository configuration that allows a delegated repository administrator to disclose stored upstream proxy credentials...

EUVD-2026-37646

Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners for Japan and outside Japan; Wireless LAN Adapters for Room Air Conditioners for Japan and outside Japan; Wireless LAN Adapters for Packaged Air Conditioners for Japan and outside Japan; Refrigerators for...

EUVD-2026-37536

Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

EUVD-2026-37524

Use after free in Digital Credentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

EUVD-2026-37525

Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

EUVD-2026-37773

Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as \attacker.com\share can cause os.path.realpath to initiate an outbound SMB connection before the path is rejected, exposing the service account’s...

CVE-2026-32652

Dell AIOps Collector versions prior to 1.18.3 contain a "Use of Default Credentials" vulnerability. A low privileged attacker with console access could potentially exploit this vulnerability to gain Filesystem access. This vulnerability only affects fresh installations of Collector versions earli...

CVE-2026-20190

A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted...

Malicious code in scan-only (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a7779ff21d9783e1026e13a7abf65e448c5f3d3d111f3cae539f3690e53a2b4 The CLI binary at bin/scan-only.js, when invoked e.g., via npx scan-only --diagnose, harvests installer-side secrets and ships them to a hardcoded...

CVE-2026-6734 undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse

Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This caus...

EUVD-2026-37750

A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to insufficient input validation in the configuration template engine of the...

EUVD-2026-37749

A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted...

CVE-2026-20190 Cisco Identity Services Engine Information Disclosure Vulnerability

A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted...

CVE-2026-20181

Cisco ISE/ISE-PIC in Cisco IOS XE is affected by CVE-2026-20181. The CVE entry describes authenticated remote command execution via crafted HTTP input with privilege escalation to root and potential DoS in single-node deployments. Connected PT-security material (PT-2026-34270) references a separa...

EUVD-2026-37745

Dell AIOps Collector versions prior to 1.18.3 contain a "Use of Default Credentials" vulnerability. A low privileged attacker with console access could potentially exploit this vulnerability to gain Filesystem access. This vulnerability only affects fresh installations of Collector versions earli...

CVE-2026-32652

Dell AIOps Collector pre-1.18.3 is vulnerable to a Use of Default Credentials flaw. A low-privilege attacker with console access could gain filesystem access on fresh installations not upgraded to 1.18.3+. Upgraded installations (1.18.3+) are not affected. Remediate by upgrading to 1.18.3 or later.

CVE-2026-32652

Dell AIOps Collector versions prior to 1.18.3 contain a "Use of Default Credentials" vulnerability. A low privileged attacker with console access could potentially exploit this vulnerability to gain Filesystem access. This vulnerability only affects fresh installations of Collector versions earli...

CVE-2026-5667

Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners for Japan and outside Japan; Wireless LAN Adapters for Room Air Conditioners for Japan and outside Japan; Wireless LAN Adapters for Packaged Air Conditioners for Japan and outside Japan; Refrigerators for...