Lucene search
K

31757 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 8 hours ago5 views

Malicious code in @leviosa86com/leviosa86-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96264a8719e17bd8ec21d47213fe31dec87445e01ff312a1e46af5819e028979 Package @leviosa86com/[email protected] ships src/poc/index.js which shells out via childprocess.exec to collect host identifiers hostname, pwd,...

6.1AI score
Exploits0References4
CVE
CVE
added 8 hours ago8 views

CVE-2026-8919

CVE-2026-8919 affects ASUS GameSDK. A permissive cross-domain policy with untrusted domains could let a remote user induce a local UNC request to the application’s local service endpoint, exposing a local NTLM hash and enabling information disclosure, data tampering, or service disruption. The is...

7.2CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added 8 hours ago5 views

EUVD-2026-44585

Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in...

7.2CVSS6.1AI score
Exploits0References1
NVD
NVD
added yesterday2 views

CVE-2026-49164

Heap-based buffer overflow in Active Directory Domain Services allows an unauthorized attacker to execute code over a network...

8.1CVSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-15428

An OS command injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of the domain name parameter. An adjacent attacker who can access the relevant HTTP interface can modify the parameter to inject shell metacharacters, resulting in arbitrary code execution with...

8.5CVSS
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-50495

CVE-2026-50495 is a Windows DNS vulnerability described as improper access control that could allow an authorized local attacker to tamper DNS-related data. Multiple connected sources (NVD entry and MSRC update guidance) confirm this as a locally exploitable issue with a baseline CVSS v3.1 score ...

6.1CVSS6AI score
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-50424

CVE-2026-50424 describes a denial-of-service in Windows Domain Controller caused by an untrusted pointer dereference. The vulnerability affects the Windows Domain Controller ecosystem (Active Directory Domain Services context appears in related data) and can be triggered by remote network interac...

7.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday4 views

CVE-2026-50465

CVE-2026-50465 is a Windows DNS Client tampering vulnerability caused by improper access control that can be exploited locally by an authorized attacker. Connected sources confirm Windows DNS is affected (CVE-2026-50465 listed under Windows DNS with data manipulation; MSRC update guidance). The C...

7.1CVSS6AI score
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-50366

CVE-2026-50366 describes a Denial of Service in Windows Active Directory Domain Services caused by a null pointer dereference. The vulnerability is exploitable over the network with no user interaction, requiring low privileges and network access from an authenticated attacker; the impact is deni...

6.5CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added yesterday13 views

CVE-2026-49178 Windows Active Directory Domain Services Remote Code Execution Vulnerability

...

8.8CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday12 views

CVE-2026-55001 Active Directory Domain Services Elevation of Privilege Vulnerability

...

7.8CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday12 views

CVE-2026-49164 Windows Active Directory Domain Services Remote Code Execution Vulnerability

...

8.1CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday12 views

CVE-2026-15428 OS Command Injection in TR-069 (CWMP) Management Interface in TP-Link Archer VX1800v

An OS command injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of the domain name parameter. An adjacent attacker who can access the relevant HTTP interface can modify the parameter to inject shell metacharacters, resulting in arbitrary code execution with...

8.5CVSS
Exploits0References2
OSV
OSV
added yesterday12 views

ROOT-APP-MAVEN-CVE-2026-47691 CVE-2026-47691 in io.root.io.netty:netty-resolver-dns - Patched by Root

Root has patched CVE-2026-47691 in the io.root.io.netty:netty-resolver-dns package for Root:Maven. Multiple fixed versions available...

10CVSS5.3AI score0.00292EPSS
Exploits0
CVE
CVE
added yesterday12 views

CVE-2026-15076

Vulnerability context: CVE-2026-15076 affects Eclipse Vert.x Web Client’s WebClientSession (versions up to 4.5.29 and 5.1.4). The issue is that the Domain attribute of a Set-Cookie header is not validated against the originating server’s domain. Root cause: WebClientSession stores cookies without...

8.2CVSS6.1AI score0.00171EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added yesterday18 views

CVE-2026-15076

In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...

8.2CVSS0.00171EPSS
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-43637

In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...

8.2CVSS6.1AI score0.00171EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-15076

In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...

8.2CVSS6.1AI score0.00171EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added yesterday5 views

EUVD-2026-43555

CrewAI before 1.15.1 contains a server-side request forgery vulnerability in the validateurl function that performs one-shot DNS resolution and blocklist checks before returning the original URL unchanged. Attackers can bypass the security filter by supplying URLs that redirect to internal...

8.3CVSS6.1AI score0.00265EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-58268

Name of the Vulnerable Software and Affected Versions Active Directory Domain Services affected versions not specified Description A null pointer dereference in Active Directory Domain Services allows an authorized attacker to cause a denial of service over a network. A null pointer dereference...

6.5CVSS6.1AI score
Exploits0References3
Rows per page
Query Builder