Lucene search
K

1564 matches found

CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

Google Android 安全漏洞

Google Android is an open-source operating system based on Linux, developed by Google Inc. There is a security vulnerability in Google Android, which stems from the getCallingPackageName function in Shared.java code. This function contains obfuscation, potentially allowing bypass of activity laun...

7.8CVSS5.6AI score0.00068EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 1:22 p.m.13 views

CVE-2026-49237

An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd daemon binary to root:wheel, five co-located binaries multipass, qemu-img, qemu-system-aarch64,...

7.8CVSS6AI score0.0015EPSS
Exploits2References2
EUVD
EUVD
added 2026/05/28 1:22 p.m.19 views

EUVD-2026-32900

An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd daemon binary to root:wheel, five co-located binaries multipass, qemu-img, qemu-system-aarch64,...

7.8CVSS6AI score0.0015EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/05/28 1:22 p.m.11 views

CVE-2026-49237 Local Privilege Escalation in Canonical Multipass

An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd daemon binary to root:wheel, five co-located binaries multipass, qemu-img, qemu-system-aarch64,...

7.8CVSS6AI score0.00141EPSS
Exploits1References1
OSV
OSV
added 2026/05/22 2:23 p.m.13 views

MAL-2026-4345 Malicious code in eo-terminal (npm)

Part of a multi-package malicious campaign by npm author toskypi, eo-terminal is a fully-featured infostealer and remote access trojan RAT disguised as "terminal changelog logger utilities." The package README describes a completely different package terminal-logger-utils, indicating a...

6AI score
Exploits0References4
OSV
OSV
added 2026/05/22 7:15 a.m.8 views

MAL-2026-4572 Malicious code in get-package-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 383f22ab2e1e8bbb44a44fa3828710f476947837d0b38aa9266eafcbf9959261 Package name typosquats the popular get-package-type and reuses its README/exports verbatim, but adds "postinstall": "node utils.cjs" in package.json...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 7:15 a.m.13 views

Malicious code in get-package-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 383f22ab2e1e8bbb44a44fa3828710f476947837d0b38aa9266eafcbf9959261 Package name typosquats the popular get-package-type and reuses its README/exports verbatim, but adds "postinstall": "node utils.cjs" in package.json...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 9:6 a.m.11 views

Malicious code in http-uploader-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 936024fb65d6ab06a1f01fcd765b534812efb873f076e81303d87c0b141bba2b package.json declares "preinstall": "bun run index.js", which on npm install invokes Bun to run index.js. index.js detects the host OS and shells out...

6.2AI score
Exploits0References8
OSV
OSV
added 2026/05/21 9:6 a.m.8 views

MAL-2026-4580 Malicious code in http-uploader-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 936024fb65d6ab06a1f01fcd765b534812efb873f076e81303d87c0b141bba2b package.json declares "preinstall": "bun run index.js", which on npm install invokes Bun to run index.js. index.js detects the host OS and shells out...

6.2AI score
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/10 9:0 a.m.11 views

CVE-2026-8243

A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This affects an unknown function of the component JNLP Deployment Endpoint. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be performed from remote. The vendor was...

6.9CVSS5.8AI score0.00292EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.8 views

Canias ERP 加密问题漏洞

Canias ERP is a comprehensive management system developed by the Swiss company Canias, covering enterprise resource planning and business process management. Version 8.03 of Canias ERP contains a security vulnerability related to encryption. This vulnerability stems from the use of hardcoded...

6.9CVSS6.1AI score0.00292EPSS
Exploits0References2
NVD
NVD
added 2026/04/28 3:16 a.m.8 views

CVE-2026-7215

A security flaw has been discovered in egtai gmx-vmd-mcp up to 0.1.0. This issue affects the function launchvmdguitool of the file mcpserver.py of the component VMD Launch Handler. The manipulation of the argument structurefile/trajectoryfile results in command injection. The attack may be launch...

7.5CVSS0.01338EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/28 2:0 a.m.7 views

EUVD-2026-25971

A security flaw has been discovered in egtai gmx-vmd-mcp up to 0.1.0. This issue affects the function launchvmdguitool of the file mcpserver.py of the component VMD Launch Handler. The manipulation of the argument structurefile/trajectoryfile results in command injection. The attack may be launch...

7.5CVSS7.1AI score0.01338EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/28 2:0 a.m.34 views

CVE-2026-7215 egtai gmx-vmd-mcp VMD Launch mcp_server.py launch_vmd_gui_tool command injection

A security flaw has been discovered in egtai gmx-vmd-mcp up to 0.1.0. This issue affects the function launchvmdguitool of the file mcpserver.py of the component VMD Launch Handler. The manipulation of the argument structurefile/trajectoryfile results in command injection. The attack may be launch...

7.5CVSS0.01338EPSS
Exploits0References5
CVE
CVE
added 2026/04/28 2:0 a.m.15 views

CVE-2026-7215

A CVE-2026-7215 exists in egtai gmx-vmd-mcp up to 0.1.0 affecting the VMD Launch Handler’s mcp_server.py; specifically, the function launch_vmd_gui_tool is vulnerable due to manipulation of the structure_file/trajectory_file arguments, enabling command injection. Access may be remote, and publicl...

7.5CVSS7.1AI score0.01338EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.9 views

MCP-GMX-VMD 注入漏洞

MCP-GMX-VMD is an integrated tool for molecular dynamics simulation and visualization developed by EgT’s individual developers. Versions of MCP-GMX-VMD 0.1.0 and earlier contained a injection vulnerability. This vulnerability stemmed from incorrect handling of parameters such as structurefile and...

7.5CVSS7.1AI score0.01338EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.6 views

PT-2026-35647

A security flaw has been discovered in egtai gmx-vmd-mcp up to 0.1.0. This issue affects the function launch vmd gui tool of the file mcp server.py of the component VMD Launch Handler. The manipulation of the argument structure file/trajectory file results in command injection. The attack may be...

7.5CVSS5.2AI score0.01338EPSS
Exploits0References6
CVE
CVE
added 2026/04/24 2:42 p.m.27 views

CVE-2026-31591

The CVE-2026-31591 entry details a Linux kernel KVM SNP/VMSA issue where vCPU state synchronization and encryption during SNP launch could be interfered with by userspace, risking vCPU state corruption or host kernel crashes. The root cause is insufficient locking around vcpu->mutex during VMS...

5.5CVSS5.4AI score0.00122EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/22 1:2 p.m.29 views

CVE-2026-0539 Local Privilege Escalation in pcvisit service client

Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This service binary is automatically launched with NT\SYSTEM privileges on boot. This issue affects all...

8.5CVSS0.00101EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.9 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013153)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013153 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: fix missing sevdecommission in sevreceivestart DECOMMISSION the current SEV context if...

5.1CVSS5.8AI score0.00213EPSS
Exploits0References4
Rows per page
Query Builder