Lucene search
K

1089 matches found

CVE
CVE
added 2026/05/11 12:0 a.m.18 views

CVE-2026-30635

CVE-2026-30635 describes a command-injection vulnerability in the automagik-genie 2.5.27 MCP Server. The issue affects the readTranscriptFromCommit path in dist/mcp/server.js, where an attacker can trigger arbitrary command execution via the view_task (also known as view) when reading from an ext...

8.1CVSS6.1AI score0.01008EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/07 12:0 a.m.10 views

ClawGuard: Out-Of-Band Detection of LLM Agent Workflow Hijacking Via EM Side Channel

Autonomous LLM agents face a critical security risk known as workflow hijacking, where attackers subtly alter tool and skill invocations. Existing defenses rely on host-internal telemetry such as audit logs, which can be forged if the host OS is compromised. To solve this, we introduce ClawGuard,...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/06 12:0 a.m.10 views

Malicious code in forge-jsxy (npm)

forge-jsxy is a malicious npm package part of the same campaign as forge-jsx. It typosquats the name by appending a 'y' and carries an identical fake description 'Node.js integration layer for Autodesk Forge' to impersonate a legitimate Autodesk Forge SDK. The package is a fully-formed RAT deploy...

5.6AI score
Exploits0References2
OSV
OSV
added 2026/05/06 12:0 a.m.10 views

MAL-2026-3609 Malicious code in forge-jsxy (npm)

forge-jsxy is a malicious npm package part of the same campaign as forge-jsx. It typosquats the name by appending a 'y' and carries an identical fake description 'Node.js integration layer for Autodesk Forge' to impersonate a legitimate Autodesk Forge SDK. The package is a fully-formed RAT deploy...

5.6AI score
Exploits0References2
EUVD
EUVD
added 2026/05/05 3:31 p.m.9 views

EUVD-2026-27327

The GoAhead web server on MeiG Smart FORGESLT711 devices firmware MDM9607.LE.1.0-00110-STD.PROD-1 allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint...

9.1CVSS5.8AI score0.15394EPSS
Exploits3References4
NVD
NVD
added 2026/05/05 2:16 p.m.16 views

CVE-2026-36356

The GoAhead web server on MeiG Smart FORGESLT711 devices firmware MDM9607.LE.1.0-00110-STD.PROD-1 allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint...

9.1CVSS0.15394EPSS
Exploits3References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 12:43 p.m.6 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses node-forge-1.3.2.tgz, node-forge-1.3.3.tgz which is vulnerable to CVE-2026-33891, CVE-2026-33894, CVE-2026-33895, CVE-2026-33896

Summary IBM Maximo Application Suite - Visual Inspection component uses node-forge-1.3.2.tgz, node-forge-1.3.3.tgz which is vulnerable to CVE-2026-33891, CVE-2026-33894, CVE-2026-33895, CVE-2026-33896 , This bulletin contains information regarding the vulnerability and its remediation...

9.1CVSS6.6AI score0.0058EPSS
Exploits2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/05 2:26 a.m.8 views

CVE-2026-4409

The Subscribe To Comments Reloaded plugin for WordPress is vulnerable to unauthorized modification of data due to a leaked secret key and usage of a weak hash generation algorithm in all versions up to, and including, 240119. This makes it possible for unauthenticated attackers to extract the...

6.5CVSS5.9AI score0.00227EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/05 12:0 a.m.43 views

CVE-2026-36356

The GoAhead web server on MeiG Smart FORGESLT711 devices firmware MDM9607.LE.1.0-00110-STD.PROD-1 allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint...

0.15394EPSS
Exploits3References3
ATTACKERKB
ATTACKERKB
added 2026/05/05 12:0 a.m.6 views

CVE-2026-36356

The GoAhead web server on MeiG Smart FORGESLT711 devices firmware MDM9607.LE.1.0-00110-STD.PROD-1 allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint...

5.8AI score0.15394EPSS
Exploits3References4
Vulnrichment
Vulnrichment
added 2026/05/05 12:0 a.m.8 views

CVE-2026-36356

The GoAhead web server on MeiG Smart FORGESLT711 devices firmware MDM9607.LE.1.0-00110-STD.PROD-1 allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint...

5.8AI score0.15394EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.8 views

PT-2026-36951

Name of the Vulnerable Software and Affected Versions Subscribe To Comments Reloaded versions prior to 240120 Description The Subscribe To Comments Reloaded plugin for WordPress allows unauthenticated attackers to modify data without authorization. This is caused by a leaked secret key and the us...

6.5CVSS5.9AI score0.00227EPSS
Exploits0References11
Snyk
Snyk
added 2026/05/04 1:20 a.m.8 views

Malicious Package

Overview forge-jsx is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/03 8:57 p.m.122 views

Exploit for CVE-2026-36356

CVE-2026-36356: MeiG Smart FORGESLT711 GoAhead — Unauthentica...

6AI score0.15394EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2026/05/01 8:48 p.m.5 views

CVE-2026-39911

Hashgraph Guardian through version 3.5.1, fixed in commit 45fbe2f, contains an unsandboxed JavaScript execution vulnerability in the Custom Logic policy block worker that allows authenticated Standard Registry users to execute arbitrary code by passing user-supplied JavaScript expressions directl...

8.8CVSS6.3AI score0.00545EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 9:35 a.m.6 views

Security Bulletin: IBM watsonx.data integration (Data Observability) is vulnerable to node-forge-1.3.1.tgz due to CVE-2025-12816 ( CVE number(s) )

Summary An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security...

8.6CVSS6.5AI score0.00689EPSS
Exploits1Affected Software1
NVD
NVD
added 2026/04/24 9:16 a.m.4 views

CVE-2026-6272

A client holding only a read JWT scope can still register itself as a signal provider through the production kuksa.val.v2 OpenProviderStream API by sending ProvideSignalRequest. 1. Obtain any valid token with only read scope. 2. Connect to the normal production gRPC API kuksa.val.v2. 3. Open...

8.5CVSS0.00269EPSS
Exploits0References1
Veracode
Veracode
added 2026/04/16 5:10 a.m.13 views

Improper Verification Of Cryptographic Signature

node-forge is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to insufficient validation of RSASSA PKCS1 v1.5 signatures allowing malformed ASN structures and inadequate padding checks, which allows an attacker to forge valid signatures and bypass signatur...

7.5CVSS5.7AI score0.00339EPSS
Exploits0References21Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/15 6:37 p.m.17 views

Malicious code in forge-jsx (npm)

forge-jsx is a malicious npm package that impersonates an Autodesk Forge SDK. It was published as a fully-formed RAT from its first version on April 7, 2026. Installing the package on any non-CI machine deploys a persistent background agent that captures all keystrokes, monitors clipboard content...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/04/15 6:37 p.m.9 views

MAL-2026-2884 Malicious code in forge-jsx (npm)

forge-jsx is a malicious npm package that impersonates an Autodesk Forge SDK. It was published as a fully-formed RAT from its first version on April 7, 2026. Installing the package on any non-CI machine deploys a persistent background agent that captures all keystrokes, monitors clipboard content...

5.9AI score
Exploits0References2
Rows per page
Query Builder