Lucene search
K

11475 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/15 5:2 p.m.6 views

Malicious code in flowpeek (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e79fec156ab781e041d49cebd6082ee113ef98ce53945dc1a949a3a8e96fa734 During import, the code starts the embedded executable. This executable is an information stealer extracting sensitive data to a Discord channel. --- Category:...

6AI score
Exploits0References3
OSV
OSV
added 2026/03/15 5:2 p.m.5 views

MAL-2026-1437 Malicious code in flowpeek (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e79fec156ab781e041d49cebd6082ee113ef98ce53945dc1a949a3a8e96fa734 During import, the code starts the embedded executable. This executable is an information stealer extracting sensitive data to a Discord channel. --- Category:...

6AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/15 1:36 p.m.4 views

CVE-2026-28519

arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer overflow vulnerability in the DnsServer component. An attacker on the same local area network who controls the LAN DNS server can send malicious DNS responses to overflow the heap buffer, potentially allowing execution of arbitrar...

6.4AI score0.00396EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/15 1:36 p.m.37 views

CVE-2026-28519 arduino-TuyaOpen DnsServer Heap-Based Buffer Overflow Remote Code Execution

arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer overflow vulnerability in the DnsServer component. An attacker on the same local area network who controls the LAN DNS server can send malicious DNS responses to overflow the heap buffer, potentially allowing execution of arbitrar...

8.8CVSS0.00396EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/15 1:35 p.m.3 views

CVE-2026-28520

arduino-TuyaOpen before version 1.2.1 contains a single-byte buffer overflow vulnerability in the WiFiMulti component. When the victim's smart hardware connects to an attacker-controlled AP hotspot, the attacker can exploit the overflow to execute arbitrary code on the affected embedded device...

6.4AI score0.00193EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/13 9:31 p.m.10 views

EUVD-2026-11922

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.This issue affects WoodMart: from n/a through = 8.3.9...

5.8AI score0.0024EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/13 9:31 p.m.5 views

EUVD-2026-11842

Insertion of Sensitive Information Into Sent Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Retrieve Embedded Sensitive Data.This issue affects WpEvently: from n/a through 5.1.9...

5.8AI score0.00251EPSS
Exploits0References2
NVD
NVD
added 2026/03/13 7:54 p.m.2 views

CVE-2026-32354

Insertion of Sensitive Information Into Sent Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Retrieve Embedded Sensitive Data.This issue affects WpEvently: from n/a through 5.1.9...

5.3CVSS0.00251EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/13 11:42 a.m.5 views

CVE-2026-32405 WordPress WoodMart theme <= 8.3.9 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.This issue affects WoodMart: from n/a through = 8.3.9...

5.8AI score0.0024EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/13 11:42 a.m.4 views

CVE-2026-32405

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.This issue affects WoodMart: from n/a through = 8.3.9...

5.8AI score0.0024EPSS
Exploits0References2
CVE
CVE
added 2026/03/13 11:41 a.m.7 views

CVE-2026-32354

The CVE-2026-32354 entry concerns the WordPress plugin WpEvently mage-eventpress. Affected software: mage-eventpress (WordPress plugin) with versions

5.3CVSS5.8AI score0.00251EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/13 11:41 a.m.4 views

CVE-2026-32354

Insertion of Sensitive Information Into Sent Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Retrieve Embedded Sensitive Data.This issue affects WpEvently: from n/a through 5.1.9...

5.8AI score0.00251EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.6 views

WordPress plugin WpEvently 安全漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin WpEvently has an information disclosure vulnerability that can be exploited by...

5.3CVSS5.7AI score0.00251EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/12 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2026-23907

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.35, from 3.0.0 through 3.0.6. The ExtractEmbeddedFiles example...

5.3CVSS5.8AI score0.00886EPSS
Exploits0References3
OSV
OSV
added 2026/03/11 2:49 p.m.1 views

GHSA-56PX-HM34-XQJ5 Unauthorized access to Argo Workflows Template

Summary Workflow templates endpoints allow any client to retrieve WorkflowTemplates and ClusterWorkflowTemplates. Any request with a Authorization: Bearer nothing token can leak sensitive template content, including embedded Secret manifests. Details...

7.5CVSS5.8AI score0.00652EPSS
Exploits1References6
NVD
NVD
added 2026/03/11 4:17 a.m.4 views

CVE-2026-29515

MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP server component that allows network attackers to log in without valid credentials. Attackers can send arbitrary username and password combinations to the PASS command handler, which unconditionally...

9.8CVSS0.00481EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.10 views

Micro Research MR-GM5L-S1和Micro Research MR-GM5A-L1 信任管理问题漏洞

Both Micro Research MR-GM5L-S1 and Micro Research MR-GM5A-L1 are embedded industrial communication module devices produced by the Canadian company Micro Research. Both devices have vulnerabilities related to trust management. These vulnerabilities stem from the use of hardcoded credentials, which...

9.8CVSS7.3AI score0.00392EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.5 views

Micro Research MR-GM5L-S1和Micro Research MR-GM5A-L1 安全漏洞

Both Micro Research MR-GM5L-S1 and Micro Research MR-GM5A-L1 are embedded industrial communication module devices produced by the Canadian company Micro Research. Both devices have security vulnerabilities; these vulnerabilities stem from authentication bypass issues, which could allow attackers ...

9.8CVSS7.3AI score0.00558EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.7 views

dhtmlx FileExplorer 安全漏洞

dhtmlx FileExplorer is a JavaScript file system developed by the dhtmlx company. There is a security vulnerability in dhtmlx FileExplorer, which stems from an authentication bypass in the embedded SwiFTP FTP server component. This vulnerability allows network attackers to log in and perform file...

9.8CVSS5.8AI score0.00481EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.5 views

Micro Research MR-GM5L-S1和Micro Research MR-GM5A-L1 代码注入漏洞

Both Micro Research MR-GM5L-S1 and Micro Research MR-GM5A-L1 are embedded industrial communication module devices produced by the Canadian company Micro Research. Both devices have code injection vulnerabilities; these vulnerabilities stem from code injection issues that may allow for the executi...

8.6CVSS7.4AI score0.00567EPSS
Exploits0References2
Rows per page
Query Builder