Lucene search
+L

2424 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/18 12:0 a.m.7 views

CVE-2026-29963

HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input in the /tap/dw.php endpoint. The text parameter is used to construct file paths without adequate normalization or restriction to a safe base directory. A remote attacker can exploit this...

5.9AI score0.00595EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/05/18 12:0 a.m.8 views

CVE-2026-29962

HSC MailInspector v5.3.3-7 contains a Local File Inclusion LFI vulnerability caused by improper control of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes user-controlled parameters that directly affect file access operations without adequate validation, sanitization,...

5.9AI score0.00372EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/05/18 12:0 a.m.11 views

CVE-2026-29962

HSC MailInspector v5.3.3-7 contains a Local File Inclusion LFI vulnerability caused by improper control of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes user-controlled parameters that directly affect file access operations without adequate validation, sanitization,...

5.9AI score0.00372EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/18 12:0 a.m.9 views

CVE-2026-29963

HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input in the /tap/dw.php endpoint. The text parameter is used to construct file paths without adequate normalization or restriction to a safe base directory. A remote attacker can exploit this...

5.9AI score0.00595EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/18 12:0 a.m.15 views

EUVD-2026-30783

HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input in the /tap/dw.php endpoint. The text parameter is used to construct file paths without adequate normalization or restriction to a safe base directory. A remote attacker can exploit this...

5.9AI score0.00595EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.23 views

PT-2026-41707

HSC MailInspector v5.3.3-7 contains a Cross-Site Scripting XSS vulnerability in the /tap/tap.php endpoint due to improper neutralization of user-controlled input using alternate or obfuscated JavaScript syntax. The endpoint reflects unsanitized user input in HTTP responses without adequate output...

6.2AI score0.00244EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/18 12:0 a.m.49 views

CVE-2026-29963

HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input in the /tap/dw.php endpoint. The text parameter is used to construct file paths without adequate normalization or restriction to a safe base directory. A remote attacker can exploit this...

0.00595EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/18 12:0 a.m.48 views

CVE-2026-29965

HSC MailInspector 5.3.3-7 is vulnerable to Cross Site Scripting XSS in the /police/WarningUrlPage.php endpoint due to improper neutralization of user-supplied input that uses alternate or obfuscated JavaScript syntax...

0.00195EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.17 views

PT-2026-41706

HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input in the /tap/dw.php endpoint. The text parameter is used to construct file paths without adequate normalization or restriction to a safe base directory. A remote attacker can exploit this...

5.9AI score0.00595EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/18 12:0 a.m.46 views

CVE-2026-29962

HSC MailInspector v5.3.3-7 contains a Local File Inclusion LFI vulnerability caused by improper control of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes user-controlled parameters that directly affect file access operations without adequate validation, sanitization,...

0.00372EPSS
Exploits1References3
CVE
CVE
added 2026/05/18 12:0 a.m.17 views

CVE-2026-29962

The CVE-2026-29962 issue affects HSC MailInspector v5.3.3-7 and is an LFI vulnerability caused by improper validation of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes parameters that directly influence file access, enabling path traversal to read arbitrary files fro...

7.5CVSS5.9AI score0.00372EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/05/18 12:0 a.m.21 views

CVE-2026-29964

HSC MailInspector v5.3.3-7 is affected by a Cross-Site Scripting (XSS) vulnerability in the /tap/tap.php endpoint. The issue arises from improper neutralization of user-controlled input, with alternate or obfuscated JavaScript syntax reflected back in HTTP responses without adequate output encodi...

6.1CVSS6.2AI score0.00244EPSS
Exploits1References3Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/12 7:44 a.m.18 views

Malicious code in 66o (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3ba0e9f968d627812a2a4efbb8631d3400b6c19692c7668c8e511e2808aaa62 On require, index.js replaces the global console object with a Proxy index.js:36-73 that intercepts console.error/info/warn calls anywhere in the hos...

5.8AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/12 7:44 a.m.15 views

Malicious code in 0xegg2024 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86f32380998652e4d6d7b70da165cff6d669a4c6a6d9297da2a137071abf6317 Tea.yaml token farming campaign...

5.8AI score
Exploits0References1
Snyk
Snyk
added 2026/05/07 4:8 a.m.18 views

Arbitrary Code Injection

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through lib/builtin.js. An attacker can execute host code when the allowlist includes -X or uses and then calls...

9.9CVSS6.2AI score0.00974EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2026/04/24 2:13 p.m.7 views

NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software

The Office of Inspector General OIG of the U.S. National Aeronautics and Space Administration NASA has revealed how a Chinese national posed as a U.S. researcher as part of a spear-phishing campaign to obtain sensitive information from the space agency, as well as from government entities,...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/17 12:0 a.m.181 views

📄 MCPJam Inspector 1.4.2 Remote Code Execution

This Metasploit auxiliary module targets a remote code execution vulnerability in MCPJam Inspector version 1.4.2. The flaw exists in the /api/mcp/connect endpoint, where user-controlled input is improperly passed to a backend execution mechanism...

9.8CVSS6.7AI score0.43671EPSS
Exploits35
GithubExploit
GithubExploit
added 2026/04/14 5:17 a.m.114 views

avsig

⚡ AVSIG JWT Inspector & Security Auditor - decode, anal...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/04/10 5:52 a.m.163 views

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

exploit-CVE-2026-23744 MCPJam Inspector is a local-first devel...

9.8CVSS6.2AI score0.43671EPSS
Exploits35
GithubExploit
GithubExploit
added 2026/03/28 8:3 p.m.186 views

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

CVE-2026-23744 - Kobold Exploit Full chain exploit for the Ko...

9.8CVSS6.3AI score0.43671EPSS
Exploits35
Rows per page
Query Builder