Lucene search
K

6 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 5:23 p.m.11 views

Malicious code in bodega-sdk (npm)

flow/surf-lending DeFi cred-exfil campaign sibling c1655. preinstall node index.js || true exfils env secrets to raw C2 2.25.140.71:8443/surflending/npm-confusion verified identical. No-renotify. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

5.4AI score
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 12:20 a.m.38 views

CVE-2026-44743 Security Misconfiguration vulnerability in SAP Business Objects

Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the confidentiality of the data. There is no impact on integrity and availability of the application...

3.7CVSS0.00188EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 4:39 p.m.13 views

CVE-2026-44460

FileRise (self-hosted web-based file manager) contains a vulnerability in /api/totp_setup.php prior to version 3.12.0. If a session has passed password check (state pending_login_user) and the target account already has TOTP configured, the endpoint decrypts and returns the existing TOTP secret i...

7.4CVSS5.8AI score0.00265EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/22 1:55 a.m.3 views

CVE-2026-23964

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.5, 4.4.12, and 4.3.18, an insecure direct object reference in the web push subscription update endpoint lets any authenticated user update another user's push subscription by guessing or obtaining th...

6.5CVSS5.5AI score0.00195EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2020/10/28 6:15 p.m.2 views

CVE-2020-25966

Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. This could be used by unauthorized parties to get configured login credentials of the assets via a modified pAccountID value. NOTE: The vendo...

7.5CVSS5.8AI score0.01353EPSS
Exploits1References2
Hacker One
Hacker One
added 2019/03/24 12:6 p.m.155 views

Pornhub: CRITICAL ISSUE : Leak of all accounts mail login md5 pass and more

The researcher has found a critical issue on a specific endpoint allowing him to leak usernames and hashed passwords. I reported here a critical issue on a specific endpoint allowing to collect easily all tube8 accounts sensitive information, including email and password. The report could be easi...

0.3AI score
Exploits0
Rows per page
Query Builder