Lucene search
K

11480 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.8 views

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-kramdown (UTSA-2026-016646)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016646 advisory. The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as...

9.8CVSS7.4AI score0.0456EPSS
Exploits0References4
NVD
NVD
added 2026/05/21 9:16 a.m.18 views

CVE-2026-27349

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPFunnels Team Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail Mint: from n/a through 1.19.5...

4.3CVSS0.00171EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/21 8:21 a.m.9 views

CVE-2026-27349

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPFunnels Team Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail Mint: from n/a through 1.19.5...

4.3CVSS5.8AI score0.00171EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.8 views

WordPress plugin Mail Mint 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.8AI score0.00171EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.13 views

PT-2026-42433

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPFunnels Team Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail Mint: from n/a through 1.19.5...

4.3CVSS5.8AI score0.00171EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/20 7:52 p.m.10 views

EUVD-2026-31189

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access internal application pages without any session management or server-side authentication checks. Attacker...

9.8CVSS5.8AI score0.00481EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/20 7:35 p.m.6 views

CVE-2026-9139

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static plaintext credentials in the page source...

9.8CVSS5.8AI score0.00454EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/20 7:35 p.m.9 views

EUVD-2026-31179

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static plaintext credentials in the page source...

9.8CVSS5.8AI score0.00454EPSS
Exploits0References2
NVD
NVD
added 2026/05/20 4:16 p.m.15 views

CVE-2026-8487

Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7...

7.5CVSS0.0028EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/20 2:12 p.m.11 views

EUVD-2026-31120

Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7...

6.5CVSS5.8AI score0.0028EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/20 2:12 p.m.12 views

CVE-2026-8487 Incorrect default permissions vulnerability in Progress Software MOVEit Automation

Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7...

6.5CVSS5.8AI score0.0028EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/20 2:12 p.m.36 views

CVE-2026-8487 Incorrect default permissions vulnerability in Progress Software MOVEit Automation

Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7...

6.5CVSS0.0028EPSS
Exploits0References1
OSV
OSV
added 2026/05/20 10:44 a.m.7 views

CLSA-2026-1779273835 jq: Fix of 8 CVEs

CVE-2026-40164: randomize hash seed to mitigate hash collision DoS - CVE-2026-40612: limit containment check depth - CVE-2026-41256: fix NUL truncation in program files loaded with -f - CVE-2026-41257: fix signed-int overflow in stackreallocate - CVE-2026-43894: cap numeric literal length to...

7.5CVSS5.9AI score0.00366EPSS
Exploits7References1
OSV
OSV
added 2026/05/20 10:2 a.m.8 views

MAL-2026-4593 Malicious code in klaudius (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0b40ecfc7aa434ac63d620d4aaab0434dd57b0fac274bb9f5d1514e263be4a3 The package's CLI bundle dist/bin.js and an associated chunk dist/chunk-SZ4KCTSL.js contain hardcoded fetch POST calls to https://api.telegram.org, t...

5.8AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.14 views

PT-2026-42187

Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7...

7.5CVSS5.8AI score0.0028EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.15 views

PT-2026-42262

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static plaintext credentials in the page source...

9.8CVSS5.8AI score0.00454EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.11 views

Taiko AG1000-01A SMS Alert Gateway 信任管理问题漏洞

The Taiko AG1000-01A SMS Alert Gateway is an industrial communication gateway device developed by Taiko Company in Singapore. It supports SMS-based alert notifications and remote event messaging. Both the Rev 7.3 and Rev 8 versions of the Taiko AG1000-01A SMS Alert Gateway contain vulnerabilities...

9.8CVSS5.9AI score0.00454EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 10:6 p.m.15 views

Malicious code in morin (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37c27d25a4c203cbb89156281fbacc7feb424a09eaa296f7c3dedff860891f1f morin/common.py hardcodes an HTTP proxy at 191.102.147.15:8000 with embedded credentials proxies = 'https': 'http://5TUMV6:[email protected]:8000...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 7:49 p.m.15 views

Malicious code in buddyme (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f4ae4b8c00d27e82d54a5d2d960b1dc4f40ba15bc938355bad8421c338d6ef6 buddyme advertises a CLI agent. When installed and run, the default REPL routes every prompt the user types to third-party LLM providers Zhipu GLM at...

5.8AI score
Exploits0References2
NVD
NVD
added 2026/05/19 5:16 p.m.15 views

CVE-2026-36829

An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check based on a user-controlled cookie value without proper sanitization, allowing directory traversal and...

9.8CVSS0.01268EPSS
Exploits0References2
Rows per page
Query Builder