Lucene search
K

1582 matches found

OSV
OSV
added 17 hours ago3 views

MAL-2026-10572 Malicious code in eth-wallet-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 517d465272a3a1d252e83e178bb263a1ccf600b42fed6d5aa1d110b9141fc77a On require of index.js, a delayed IIFE reads test/fixtures/keypairs.dat, base64-decodes it into /.cache-db/.node-sync/syncd.js mode 0o700, and spawns...

6.1AI score
Exploits0References4
EUVD
EUVD
added 23 hours ago6 views

EUVD-2026-43551

The SCORM lab launch endpoint in Skillable scorm.skillable.com through 2026-07-13 does not validate the client-supplied userId parameter against the authenticated SCORM session token. An authenticated user can substitute arbitrary userId values to bypass per-user lab launch rate limits and consum...

6.3CVSS6.2AI score
Exploits0References5
Cvelist
Cvelist
added yesterday28 views

CVE-2026-56877

The SCORM lab launch endpoint in Skillable scorm.skillable.com through 2026-07-13 does not validate the client-supplied userId parameter against the authenticated SCORM session token. An authenticated user can substitute arbitrary userId values to bypass per-user lab launch rate limits and consum...

6.3CVSS
Exploits0References2
CVE
CVE
added yesterday10 views

CVE-2026-56877

The CVE-2026-56877 issue affects Skillable/SCORM lab launch endpoint (scorm.skillable.com). The root cause is that the server does not validate the client-supplied userId against the authenticated session token, allowing an authenticated user to substitute arbitrary userId values. This can bypass...

6.3CVSS6.2AI score
Exploits0References4
Metasploit
Metasploit
added 4 days ago19 views

FTP Fetch, Windows x64 IPv6 Bind TCP Stager

Fetch and execute an x64 payload from an FTP server. Listen for an IPv6 connection Windows x64 Module Options msf use payload/cmd/windows/ftp/x64/vncinject/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf payloadbindipv6tcp show options ...show a...

6.2AI score
Exploits0
NVD
NVD
added 5 days ago11 views

CVE-2026-56459

HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The application stores potentially sensitive information in log files that could be read by a local user...

6.2CVSS0.00141EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-56460

HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system...

6.5CVSS5.8AI score0.00371EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42555

HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system...

6.5CVSS5.8AI score0.00371EPSS
Exploits0References1
CVE
CVE
added 5 days ago14 views

CVE-2026-56460

CVE-2026-56460 affects HCL DevOps Deploy / HCL Launch. The issue is an Insertion of Sensitive Information Into Sent Data where sensitive configurations and secrets can be disclosed to authenticated users via API responses, enabling potential follow-on attacks. CVSS3.1 metrics indicate Network acc...

6.5CVSS5.8AI score0.00371EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 5 days ago36 views

CVE-2026-56460 HCL DevOps Deploy / HCL Launch is susceptible to an Insertion of Sensitive Information Into Sent Data vulnerability

HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system...

6.5CVSS0.00371EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-56459 HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure

HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The application stores potentially sensitive information in log files that could be read by a local user...

6.2CVSS0.00141EPSS
Exploits0References1
CVE
CVE
added 5 days ago12 views

CVE-2026-56459

CVE-2026-56459 affects HCL DevOps Deploy / HCL Launch. The issue: the application stores potentially sensitive information in log files, which could be read by a local user, enabling sensitive data disclosure. Details in the provided documents indicate a local-access exposure due to log handling,...

6.2CVSS5.9AI score0.00141EPSS
Exploits0References1Affected Software2
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-56459

HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The application stores potentially sensitive information in log files that could be read by a local user...

6.2CVSS5.9AI score0.00141EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-56765

Name of the Vulnerable Software and Affected Versions HCL DevOps Deploy / HCL Launch affected versions not specified Description HCL DevOps Deploy / HCL Launch may disclose sensitive configurations and secrets to authenticated users through API responses. This information leakage could be leverag...

6.5CVSS6.1AI score0.00371EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/06 8:16 p.m.36 views

CVE-2026-57572 Crawl4AI: Unauthenticated RCE via Chromium launch-argument injection in browser_config.extra_args

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browserconfig.extraargs, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command together...

10CVSS0.00523EPSS
Exploits0References2
NVD
NVD
added 2026/06/29 2:16 p.m.12 views

CVE-2026-56457

HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information vulnerability in output logs. This exposure could allow an attacker with access to the logs to potentially obtain sensitive values related to that step...

4.3CVSS0.0018EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 1:18 p.m.9 views

CVE-2026-56457

HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information vulnerability in output logs. This exposure could allow an attacker with access to the logs to potentially obtain sensitive values related to that step...

4.3CVSS5.8AI score0.0018EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/29 5:2 a.m.9 views

CVE-2026-53632

A flaw was found in launch-editor. This component, used in Node.js to open files, can be tricked into accessing arbitrary paths, including Windows Universal Naming Convention UNC paths. When a malicious UNC path is opened, Windows automatically attempts NTLM authentication to a remote server...

5.5CVSS6AI score0.00322EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 1:11 p.m.5 views

OESA-2026-2715 gnome-shell security update

The GNOME Shell redefines user interactions with the GNOME desktop. In particular, it offers new paradigms for launching applications, accessing documents, and organizing open windows in GNOME. Later, it will introduce a new applets eco-system and offer new solutions for other desktop features,...

6.5CVSS5.8AI score0.00299EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:54 p.m.5 views

CVE-2026-53632

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to 2.14.1, the launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attempts NTLM authentication to the remote host, causing the...

5.5CVSS6AI score0.00322EPSS
Exploits0References2Affected Software3
Rows per page
Query Builder