Lucene search
K

262 matches found

EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42765

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some unknown functionality of the file pkg/channels/mqtt/mqtt.go of the component MQTT Channel Handler. This manipulation of the argument clientid causes incorrect authorization. The attack is possible to be...

6.5CVSS6.2AI score0.00214EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/01 10:57 p.m.26 views

CVE-2026-55790 Craft CMS: DOM XSS via GitHub issue title in CraftSupport widget

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22 and 4.0.0-RC1 through 4.17.15, an attacker with only a GitHub account can plant a JavaScript payload in a craftcms/cms issue title. When a Craft admin uses the CraftSupport widget’s "Give feedback" screen and types...

7.4CVSS0.00311EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 10:57 p.m.25 views

CVE-2026-55790

Summary of CVE-2026-55790 (Craft CMS) : This is a DOM-based cross-site scripting flaw in Craft CMS. Versions affected are 5.0.0-RC1–5.9.22 and 4.0.0-RC1–4.17.15. An attacker with only a GitHub account can insert a JavaScript payload into a craftcms/cms issue title. When a Craft admin uses the Cra...

7.4CVSS5.8AI score0.00311EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.12 views

CVE-2026-10070

A vulnerability was found in macrozheng mall up to 1.0.3. This affects an unknown function of the file /admin/update/ of the component Super Admin Password Handler. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The vendor deleted the...

5.8CVSS5.2AI score0.00218EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 6:16 p.m.15 views

CVE-2026-10070

A vulnerability was found in macrozheng mall up to 1.0.3. This affects an unknown function of the file /admin/update/ of the component Super Admin Password Handler. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The vendor deleted the...

5.8CVSS0.00218EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.21 views

PT-2026-44921

A vulnerability was found in macrozheng mall up to 1.0.3. This affects an unknown function of the file /admin/update/ of the component Super Admin Password Handler. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The vendor deleted the...

5.8CVSS5.5AI score0.00218EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/13 8:8 p.m.15 views

Malicious code in web3-helpers (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8d6102ae402b2583a01da47e71f41cccba99fb7826dcf360004d8924557e1760 During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/13 8:7 p.m.10 views

Malicious code in math-array-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1b6411ce9c35210436bef6dadb284e5d89ec85c2cc17f970509aa4b5f30c2440 During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...

6AI score
Exploits0References1
OSV
OSV
added 2026/05/13 8:4 p.m.14 views

MAL-2026-3701 Malicious code in api-request-helpers (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c8e8b70ac4deca30691d583ac6891034222b7458bf5ba9e7b86cf5e6627d8abb During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...

6AI score
Exploits0References1
OSV
OSV
added 2026/05/13 8:3 p.m.7 views

MAL-2026-3700 Malicious code in alembic-util (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8e9b764ee0ccd6a2c6c2db1b7722f083ee9f643cb99d03821d5e6571f68db253 During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...

6AI score
Exploits0References1
Snyk
Snyk
added 2026/04/26 2:10 p.m.11 views

Arbitrary Command Injection

Overview ssh-mcp is a MCP server exposing SSH control for Linux and Windows systems via Model Context Protocol. Affected versions of this package are vulnerable to Arbitrary Command Injection via the shell.write function. An attacker can execute arbitrary system commands by supplying crafted inpu...

8.5CVSS6.1AI score0.00653EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 3:12 p.m.4 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the response file processing due to a dangling pointer to freed memory being stored in the global dependfile and later dereferenced after the response-file buffer is freed. An attacker can cause data corruption or...

9.6CVSS6AI score0.00414EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/02 12:31 p.m.5 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview fast-filesystem-mcp is a Fast Filesystem MCP Server - Advanced file operations with Auto-Chunking, Sequential Reading, complex file operations copy, move, delete, batch, compress, optimized for Claude Desktop Affected versions of this package are vulnerable to Improper Neutralization of...

6.5CVSS6.8AI score0.0111EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.9 views

PT-2026-28215

Hi guys! Recently I got this email from [email protected]. I read through the email and spotted a few grammatical errors, as well as a share.google link, which I thought was unusual for Microsoft to do. Even though it was fully delivered and signed by GitHub.com, I realised that what the...

5.8AI score
Exploits0References1
CVE
CVE
added 2026/03/25 4:30 p.m.20 views

CVE-2026-20719

CVE-2026-20719 affects Mattermost server/components that render external SVGs in link embeds across Mattermost 10.11.x–11.4.x (including 11.2.x, 11.3.x, 11.4.x). The root cause is failure to prevent rendering of external SVGs in embeds, enabling unauthenticated users to crash the web/desktop apps...

7.5CVSS5.8AI score0.00351EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/03/01 11:22 a.m.4 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the FunctionPushPop. An attacker can cause excessive resource consumption and application instability by triggering deep or infinite recursion through crafted input to the affected process. Remediation There is...

5.5CVSS5.9AI score0.00162EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/23 1:20 p.m.4 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the chaiscript::TypeInfo::bareequal function. An attacker can cause a program crash or potentially execute arbitrary code by triggering use of memory after it has been freed. Remediation There is no fixed version for...

2.5CVSS6.1AI score0.00191EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/28 8:49 p.m.4 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception via the oneflow.logicalor function. An attacker can cause the application to crash by submitting specially crafted input. Remediation There is no fixed version for oneflow. References - GitHub Issue Credit: Daisy2ang...

8.7CVSS5.5AI score0.00224EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/28 8:47 p.m.4 views

Improper Validation of Specified Quantity in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input via the arange function. An attacker can cause the application to become unresponsive or crash by submitting specially crafted input. Remediation There is no fixed version for oneflow...

8.7CVSS5.5AI score0.00374EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/28 6:50 p.m.3 views

Improper Validation of Specified Quantity in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input via the flow.cuda.BoolTensor component when processing crafted input. An attacker can cause the application to crash or become unresponsive by submitting specially crafted data...

8.7CVSS5.5AI score0.00308EPSS
Exploits1References2
Rows per page
Query Builder