Lucene search
+L

157 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 8:38 p.m.9 views

Malicious code in cursed-modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45b6aab954f9b8edbc759c97eabe39d7a070c4dbe852586422761ad0f8c7ad95 [email protected] executes attacker-controlled code on three separate triggers and operates a bidirectional command channel against a hardcoded...

6AI score
Exploits0References19
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.13 views

CVE-2026-8500

Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command. The user parameter is not validated or escaped, and is used as the last argument on the command line, allowing for command injection...

9.8CVSS5.5AI score0.01653EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 11:16 p.m.52 views

CVE-2026-8500

Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command. The user parameter is not validated or escaped, and is used as the last argument on the command line, allowing for command injection...

9.8CVSS0.01653EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/13 10:24 p.m.8 views

CVE-2026-8500 Web::Passwd versions through 0.03 for Perl is vulnerable to RCE

Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command. The user parameter is not validated or escaped, and is used as the last argument on the command line, allowing for command injection...

5.8AI score0.01653EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 10:24 p.m.25 views

CVE-2026-8500

Web::Passwd (Perl)

9.8CVSS5.8AI score0.01653EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.32 views

PT-2026-40831

Name of the Vulnerable Software and Affected Versions Web::Passwd version 0.03 Description Web::Passwd, a small CGI application for managing htpasswd files via the htpasswd command, allows remote code execution. The user parameter is not validated or escaped before being used as the final argumen...

9.8CVSS6.2AI score0.01653EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/22 9:31 a.m.9 views

EUVD-2026-24674

The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading to Remote Code Execution in all versions up to and including 1.19.2. This is due to insufficient validation of the file path stored in the 'hhhtpasswdpath' option and lack of sanitization on the...

7.2CVSS5.9AI score0.00997EPSS
Exploits0References14
NVD
NVD
added 2026/04/22 9:16 a.m.11 views

CVE-2026-4132

The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading to Remote Code Execution in all versions up to and including 1.19.2. This is due to insufficient validation of the file path stored in the 'hhhtpasswdpath' option and lack of sanitization on the...

7.2CVSS0.00997EPSS
Exploits0References13
ATTACKERKB
ATTACKERKB
added 2026/04/22 7:45 a.m.3 views

CVE-2026-4132

The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading to Remote Code Execution in all versions up to and including 1.19.2. This is due to insufficient validation of the file path stored in the 'hhhtpasswdpath' option and lack of sanitization on the...

7.2CVSS5.9AI score0.00997EPSS
Exploits0References14
Cvelist
Cvelist
added 2026/04/22 7:45 a.m.33 views

CVE-2026-4132 HTTP Headers <= 1.19.2 - Authenticated (Administrator+) External Control of File Name or Path to RCE via 'hh_htpasswd_path' and 'hh_www_authenticate_user' Parameters

The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading to Remote Code Execution in all versions up to and including 1.19.2. This is due to insufficient validation of the file path stored in the 'hhhtpasswdpath' option and lack of sanitization on the...

7.2CVSS0.00997EPSS
Exploits0References13
CVE
CVE
added 2026/04/22 7:45 a.m.26 views

CVE-2026-4132

CVE-2026-4132 affects the WordPress HTTP Headers plugin up to version 1.19.2. The vulnerability arises from insufficient validation of the htpasswd path (hh_htpasswd_path) and lack of sanitization of the hh_www_authenticate_user value, allowing an authenticated Administrator+ to cause Remote Code...

7.2CVSS5.9AI score0.00997EPSS
Exploits0References13
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2014-4914

Malware in sbrugna...

5CVSS9.3AI score0.01743EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-0110

Malware in sbrugna...

8.1CVSS7.9AI score0.02016EPSS
Exploits1References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2006-1082

Malware in sbrugna...

8.4CVSS6.2AI score0.00526EPSS
Exploits1References15
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2013-7260

Malware in sbrugna...

8.7CVSS6.4AI score0.0108EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2006-1083

Malware in sbrugna...

7.2CVSS6.3AI score0.00393EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2002-0908

Malware in sbrugna...

7.5CVSS6.4AI score0.02426EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.20 views

EUVD-2017-8821

Malware in sbrugna...

9.8CVSS9.4AI score0.02407EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-29043

Malicious code in bioql PyPI...

5.9CVSS6.3AI score0.00394EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-5314

Malicious code in bioql PyPI...

5.9CVSS6.2AI score0.01446EPSS
Exploits0References6
Rows per page
Query Builder