Lucene search
K

1160 matches found

CVE
CVE
added 2 days ago12 views

CVE-2026-8921

The CVE-2026-8921 entry concerns ASUS Business Manager. It describes an External Control of File Name or Path vulnerability that allows a local user to execute arbitrary code with SYSTEM privileges by sending a tampered IPC message. Affected product is ASUS Business Manager; the root cause is con...

8.5CVSS6.2AI score0.00124EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-41483

External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. Refer to the ' Security Update for ASUS Business Manager ' section on the ASUS Security Advisory for more information...

8.5CVSS6.2AI score0.00124EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-8921

External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. Refer to the ' Security Update for ASUS Business Manager ' section on the ASUS Security Advisory for more information...

8.5CVSS6.2AI score0.00124EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-55639

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description An issue exists where external control of a file name or path allows an unauthorized attacker to execute code over a network. Recommendations At the moment, there is no...

8.1CVSS6.1AI score0.0053EPSS
Exploits0References3
OSV
OSV
added 6 days ago5 views

PYSEC-2026-259 Aim External Control of File Name or Path vulnerability

A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the tarfile.extractall function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control repo.path and runhash to bypass directory existence checks and...

9.1CVSS7.5AI score0.0081EPSS
Exploits1References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 3:38 p.m.7 views

Malicious code in sync-external (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc297a0deaba794fdbfccc280a79c7cc895f21fc4e0122b1fba1bc4759b66c3f The package ships an obfuscated JavaScript file at shim/index.js using hex-style identifier mangling 0x391f3f, 0x3eff0a, 0x534564, etc. characteristi...

5.8AI score
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in beep

Beep version 1.3 and later contains a vulnerability in the External Control of File Name or Path feature within the --device option. This vulnerability allows local unprivileged users to inhibit the execution of arbitrary programs by other users, potentially leading to Denial-of-Service attacks...

4.7CVSS6.3AI score0.0035EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/18 5:22 p.m.16 views

Armeria: External Control of File Name or Path in xDS SDS DataSource

External Control of File Name or Path in xDS SDS DataSource Summary DataSourceStream in the :xds module resolves control-plane-supplied filename and environmentvariable fields from SDS Secret resources without any allow-list or base-directory confinement. A semi-trusted or compromised xDS control...

5.9CVSS5.5AI score0.00198EPSS
Exploits0References3Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 3:12 a.m.11 views

Malicious code in @mastra/datadog (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 419bbaa0a59a504f999013baee0011006c5cc6326045c0424705d91d3ac10c75 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/06/17 3:12 a.m.7 views

MAL-2026-5946 Malicious code in @mastra/editor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d15cb5bd62365f9e834fc44ed65e0db2c34aae555a5068c706cc9de0567a5fc0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 3:11 a.m.9 views

Malicious code in @mastra/mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e2c2d05f943ea7c6d8e1ae3bcfb7acc5497d114f89e6199f50e0ea3119256be2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
NVD
NVD
added 2026/06/16 8:16 p.m.7 views

CVE-2026-10303

In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attacker who can...

7.4CVSS0.00757EPSS
Exploits0References5
CVE
CVE
added 2026/06/16 6:24 p.m.15 views

CVE-2026-10303

CVE-2026-10303 affects ServerCo getssl up to version 2.49. The ACME challenge token returned to clients was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attac...

7.4CVSS5.5AI score0.00757EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 6:9 a.m.10 views

Malicious code in pampipes (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 660a84b18bd4e15af0f490d3f4bfde871b12e7912493f23d5ae7a3db10a82565 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.7 views

PT-2026-49822

In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attacker who can...

7.4CVSS5.4AI score0.00757EPSS
Exploits0References8
OSV
OSV
added 2026/06/15 11:45 p.m.8 views

MAL-2026-5846 Malicious code in prettier_v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0da6eb947f9a9046563fe43e0b5064d7dc2a75e019425a564276d44d39bc263 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
Snyk
Snyk
added 2026/06/15 5:18 p.m.9 views

External Control of File Name or Path

Overview org.webjars.npm:launch-editor is a launch editor from node.js Affected versions of this package are vulnerable to External Control of File Name or Path in the handling of UNC paths on Windows systems. An attacker can obtain NTLMv2 password hashes by tricking a user into accessing a...

8.3CVSS5.3AI score0.00322EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 12:36 p.m.8 views

Malicious code in theta-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bbfa69ed41fd4cfb88637f2f5765174105f8c4eb42d4f433fdd05d642e664fa9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/11 9:35 a.m.24 views

MAL-2026-5629 Malicious code in sass-formats (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ccda832d10cb642350129278ae1fc341d3be8b8302ddbf9bdcfc15eeeb6eae8 The package name sass-formats is one character-edit away from the popular sass-formatter package and reuses its original author field "author": "Syle...

5.6AI score
Exploits0References3
OSV
OSV
added 2026/06/11 4:4 a.m.11 views

MAL-2026-5584 Malicious code in justgetit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6e3691bf83f31d1f1dd45e3224151455cbcf6b03acf1d50a25a96eb69ef3065 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
Rows per page
Query Builder