Lucene search
K

655 matches found

CNNVD
CNNVD
added 2026/03/26 12:0 a.m.9 views

Drupal File Access Fix 安全漏洞

Drupal File Access Fix is a file access repair tool provided by the Drupal company. Versions of Drupal File Access Fix prior to 1.2.0 contained security vulnerabilities; these vulnerabilities were due to improper authorization, which could lead to forced browsing...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.8 views

Drupal Unpublished Node Permissions 安全漏洞

Drupal Unpublished Node Permissions is an extension developed by Drupal Corporation that allows for controlling access to unpublished content. Versions of Drupal Unpublished Node Permissions prior to 1.7.0 contained security vulnerabilities; these vulnerabilities were due to improper authorizatio...

7.5CVSS5.8AI score0.00232EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.8 views

Drupal Material Icons 安全漏洞

Drupal Material Icons is a module provided by the Drupal company that offers interface icon display and management functions. Versions of Drupal Material Icons prior to 2.0.4 contained security vulnerabilities, which were caused by improper authorization and could lead to forced browsing...

5.3CVSS5.8AI score0.00223EPSS
Exploits0References1
OSV
OSV
added 2026/03/23 9:47 p.m.5 views

CVE-2026-33634 Trivy ecosystem supply chain briefly compromised

Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious...

9.4CVSS6.2AI score0.60368EPSS
Exploits2References16
The Hacker News
The Hacker News
added 2026/03/19 2:25 p.m.11 views

ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More

ThreatsDay Bulletin is back on The Hacker News, and this week feels off in a familiar way. Nothing loud, nothing breaking everything at once. Just a lot of small things that shouldn’t work anymore but still do. Some of it looks simple, almost sloppy, until you see how well it lands. Other bits fe...

9.8CVSS6.7AI score0.99999EPSS
Exploits42
EUVD
EUVD
added 2026/03/18 6:31 p.m.4 views

EUVD-2026-12874

The WiFi Extender WDR201A HW V2.1, FW LFMZX28040922V1.02 implements a broken authentication mechanism in its web management interface. The login page does not properly enforce session validation, allowing attackers to bypass authentication by directly accessing restricted web application endpoint...

5.8AI score0.00369EPSS
Exploits0References3
NVD
NVD
added 2026/03/18 6:16 p.m.3 views

CVE-2026-30702

The WiFi Extender WDR201A HW V2.1, FW LFMZX28040922V1.02 implements a broken authentication mechanism in its web management interface. The login page does not properly enforce session validation, allowing attackers to bypass authentication by directly accessing restricted web application endpoint...

9.8CVSS0.00369EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/18 12:0 a.m.20 views

CVE-2026-30702

The WiFi Extender WDR201A HW V2.1, FW LFMZX28040922V1.02 implements a broken authentication mechanism in its web management interface. The login page does not properly enforce session validation, allowing attackers to bypass authentication by directly accessing restricted web application endpoint...

0.00369EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.9 views

PT-2026-26108

The WiFi Extender WDR201A HW V2.1, FW LFMZX28040922V1.02 implements a broken authentication mechanism in its web management interface. The login page does not properly enforce session validation, allowing attackers to bypass authentication by directly accessing restricted web application endpoint...

5.8AI score0.00369EPSS
Exploits0References4
CVE
CVE
added 2026/03/18 12:0 a.m.9 views

CVE-2026-30702

The affected hardware is the WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02). The vulnerability is a broken authentication mechanism in the web management interface; the login page fails to enforce proper session validation, allowing attackers to bypass authentication by directly accessing...

9.8CVSS5.8AI score0.00369EPSS
Exploits0References2
OSV
OSV
added 2026/03/13 10:31 a.m.7 views

MAL-2026-1408 Malicious code in nai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a9e4650a322afd07ff77c3f934248e52f477f2d1cebd0c84b1074bdba1142efe Package is a hacking tool that not only abuses 3rd-party services but also silently exfiltrates credentials the user uses to log in there. The provided account...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/13 10:31 a.m.4 views

Malicious code in nai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a9e4650a322afd07ff77c3f934248e52f477f2d1cebd0c84b1074bdba1142efe Package is a hacking tool that not only abuses 3rd-party services but also silently exfiltrates credentials the user uses to log in there. The provided account...

5.8AI score
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/03/13 12:0 a.m.4 views

Windows File Explorer NTLM Forced Authentication Hash Disclosure 1.0

Windows File Explorer contains persistent forced authentication behavior that automatically transmits NTLM challenge-response hashes to remote SMB/WebDAV endpoints during routine file operations, enabling credential theft and potential domain compromise through NTLM relay attacks. This is not an...

5.8AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/03 9:18 a.m.3 views

CVE-2026-22886

OpenMQ exposes a TCP-based management service imqbrokerd that by default requires authentication. However, the product ships with a default administrative account admin/ admin and does not enforce a mandatory password change on first use. After the first successful login, the server continues to...

9.8CVSS6AI score0.00402EPSS
Exploits0References1
CVE
CVE
added 2026/03/02 6:3 a.m.21 views

CVE-2026-3000

CVE-2026-3000 affects IDExpert Windows Logon Agent (Changing). The vulnerability allows unauthenticated remote attackers to cause remote code execution by forcing the system to download and execute arbitrary DLLs from a remote source. Impact is described as critical (network vector, high confiden...

9.8CVSS6.2AI score0.00507EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/03/02 5:59 a.m.25 views

CVE-2026-2999

CVE-2026-2999 affects IDExpert Windows Logon Agent by Changing. Described vulnerability: unauthenticated remote RCE that enables forcing the system to download and execute arbitrary executables from a remote source. The provided documents do not specify affected versions, root cause details beyon...

9.8CVSS6.2AI score0.00508EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/25 5:19 a.m.7 views

MAL-2026-1231 Malicious code in @schedaero/shared (npm)

Malicious package due to suspicious URL, data exfiltration, forced process exit, preinstall script execution. Impersonating legit schedaero.com. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fde30d72c136b3e78352eecc9a614e37d812dc136aca7d2c685f2bdafd305207 The...

5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.9 views

Tanium Cloud Workloads 安全漏洞

Tanium Cloud Workloads is a security and management module provided by the American company Tanium. There is a security vulnerability present in Tanium Cloud Workloads, which stems from an attacker who may be allowed access to Tanium client containers, capable of executing denial-of-service attac...

4.7CVSS5.8AI score0.00122EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.8 views

Drupal Group invite 安全漏洞

Drupal Group invite is a membership invitation module provided by the Drupal company. Versions prior to 2.3.9, 3.0.4, and 4.0.4 of Drupal Group invite contained security vulnerabilities. These vulnerabilities were due to improper exception condition checks, which could lead to forced browsing...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.8 views

Drupal Canvas 安全漏洞

Drupal Canvas is a page builder developed by the Drupal company. Versions of Drupal Canvas prior to 1.0.4 contained security vulnerabilities, which were due to improper authorization and could lead to forced browsing...

4.8CVSS5.8AI score0.00138EPSS
Exploits0References1
Rows per page
Query Builder