Lucene search
K

2479 matches found

Cvelist
Cvelist
added 2026/05/05 6:22 a.m.41 views

CVE-2026-7824 PaperCut Hive (Ricoh): Plain text password in logs

An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" diagnostic mode is enabled, the application inadvertently records administrative credentials in plain text within the log files. An attacker with administrative access to the PaperCut Hive management...

5.9CVSS0.00242EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.8 views

PT-2026-36984

Name of the Vulnerable Software and Affected Versions PaperCut Hive Ricoh embedded application affected versions not specified Description An issue exists where the application records administrative credentials in plain text within log files when the "Deep Logging" diagnostic mode is enabled. An...

5.9CVSS5.8AI score0.00242EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

PaperCut Hive 日志信息泄露漏洞

PaperCut Hive is a cloud-based printing management solution developed by the Australian company PaperCut. PaperCut Hive has a vulnerability related to log information leakage. This vulnerability arises from the recording of plaintext management credentials when the deep logging mode is enabled...

5.9CVSS5.8AI score0.00242EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/01 12:0 a.m.6 views

Cisco Firepower Threat Defense (FTD) Software Snort Deep Inspection Bypass (cisco-sa-ftd-snort-bypass-rLggKzVF)

According to its self-reported version, Cisco Secure Firewall Threat Defense FTD Software is affected by a vulnerability. - A vulnerability in the Snort detection engine of Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass the configured...

5.8CVSS5.8AI score0.00247EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/04/30 6:47 p.m.90 views

hunter-max-oss

hunter-max A bug-bounty research framework. Two pieces: 1...

5.6AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/04/30 3:26 p.m.5 views

openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing

A flaw was found in OpenEXR, an image storage format library for the motion picture industry. An attacker can craft a malicious EXR file that, when processed, causes an integer overflow in the CompositeDeepScanLine::readPixels function. This overflow leads to an undersized buffer allocation, whic...

8.4CVSS6.7AI score0.00201EPSS
Exploits2References5
The Hacker News
The Hacker News
added 2026/04/30 12:36 p.m.21 views

New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials

Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEPDOOR that comes with capabilities to establish persistent access and harvest a wide range of sensitive information from compromised hosts. "The intrusion chain begins with execution of a batc...

6.2AI score
Exploits0
Exploit DB
Exploit DB
added 2026/04/30 12:0 a.m.99 views

Google Chrome 145.0.7632.75 - CSSFontFeatureValuesMap

Exploit Title: Google Chrome 145.0.7632.75 - CSSFontFeatureValuesMap Date: 2026-02-23 Exploit Author: nu11secur1ty Vendor Homepage: https://www.google.com/chrome/ Software Link: https://www.google.com/chrome/ Version: Chrome = 144.x | Chrome 145.0.7632.75 Tested on: Windows 11 / Linux / macOS CVE...

8.8CVSS5.8AI score0.2202EPSS
Exploits12
Packet Storm News
Packet Storm News
added 2026/04/28 12:0 a.m.25 views

EDySec: A Deep Learning-Based Explainable Dynamic Analysis Framework for Detecting Malicious Packages in PyPI Ecosystem

The security of open-source software repositories is increasingly threatened by next-gen software supply chain attacks. These attacks include multiphase malware execution, remote access activation, and dynamic payload generation. Traditional Machine Learning ML detectors struggle to detect these...

5.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/24 9:3 p.m.9 views

Friday Squid Blogging: How Squid Survived Extinction Events

Science news: Scientists have finally cracked a long-standing mystery about squid and cuttlefish evolution by analyzing newly sequenced genomes alongside global datasets. The research reveals that these bizarre, intelligent creatures likely originated deep in the ocean over 100 million years ago,...

5.5AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/24 6:1 p.m.5 views

CVE-2026-42039 Axios: unbounded recursion in toFormData causes DoS via deeply nested request data

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, toFormData recursively walks nested objects with no depth limit, so a deeply nested value passed as request data crashes the Node.js process with a RangeError. This vulnerability is fixed in 1.15.1 and...

6.9CVSS5.2AI score0.00744EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.12 views

Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios. Versions prior to Axios 1.15.1 and 0.31.1 contain security vulnerabilities. These vulnerabilities stem from the recursive traversal of nested objects in toFormData, which allows for unlimited depth of nested values. This can lead to Node.js...

7.5CVSS5.8AI score0.00744EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an NFC-A cascade deep limit. This vulnerability may lead to a heap buffer overflow...

8.8CVSS6.1AI score0.00281EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/22 8:23 p.m.44 views

xmldom: Uncontrolled recursion in XML serialization leads to DoS

Summary Seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested DOM tree causes a RangeError: Maximum call stack size exceeded, crashing the application. Reported operations: - Node.prototype.normalize — reported by @praveen-kv email 2026-04-05 and...

8.7CVSS6.1AI score0.00643EPSS
Exploits0References14Affected Software2
RedHat Linux
RedHat Linux
added 2026/04/22 7:1 a.m.13 views

perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files

A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory...

9.8CVSS5.9AI score0.00548EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.12 views

PT-2026-34616

Name of the Vulnerable Software and Affected Versions @xmldom/xmldom versions prior to 0.8.13 @xmldom/xmldom versions prior to 0.9.10 xmldom versions 0.6.0 and earlier Description Seven recursive traversals in lib/dom.js operate without a depth limit. When processing a sufficiently deeply nested...

8.7CVSS5.8AI score0.00643EPSS
Exploits0References34
EUVD
EUVD
added 2026/04/20 9:30 a.m.4 views

EUVD-2026-23812

A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the argument proto causes improperly controlled modification of object prototype attributes. Remote exploitation of the attack is possible. The...

7.5CVSS5.4AI score0.00336EPSS
Exploits0References5
NVD
NVD
added 2026/04/20 9:16 a.m.6 views

CVE-2026-6621

A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the argument proto causes improperly controlled modification of object prototype attributes. Remote exploitation of the attack is possible. The...

7.5CVSS0.00336EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/20 8:30 a.m.3 views

CVE-2026-6621 1024bit extend-deep index.js prototype pollution

A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the argument proto causes improperly controlled modification of object prototype attributes. Remote exploitation of the attack is possible. The...

7.5CVSS5.4AI score0.00336EPSS
Exploits0References4
CVE
CVE
added 2026/04/20 8:30 a.m.14 views

CVE-2026-6621

The CVE-2026-6621 entry concerns a prototype pollution vulnerability in 1024bit extend-deep (versions up to 0.1.6). The affected surface is an unknown function in index.js where manipulation of the proto object enables improper modification of prototype attributes. Exploitation is described as re...

7.5CVSS6.8AI score0.00336EPSS
Exploits0References4
Rows per page
Query Builder