Lucene search
K

121 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago6 views

Malicious code in eth-wallet-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 517d465272a3a1d252e83e178bb263a1ccf600b42fed6d5aa1d110b9141fc77a On require of index.js, a delayed IIFE reads test/fixtures/keypairs.dat, base64-decodes it into /.cache-db/.node-sync/syncd.js mode 0o700, and spawns...

6.1AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.16 views

CVE-2026-8670

Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs aka Session Replay. This issue affects Avantra: before 25.3.1...

9.6CVSS5.5AI score0.00216EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/28 12:0 a.m.16 views

Malicious code in @cloudplatform-single-spa/smk (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

5.8AI score
Exploits0References1
NVD
NVD
added 2026/05/22 2:16 p.m.10 views

CVE-2026-8672

Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords. This issue affects Avantra: before 25.3.0...

5.1CVSS0.00105EPSS
Exploits0References1
NVD
NVD
added 2026/05/22 2:16 p.m.12 views

CVE-2026-8670

Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs aka Session Replay. This issue affects Avantra: before 25.3.1...

9.6CVSS0.00216EPSS
Exploits0References1
CVE
CVE
added 2026/05/22 1:18 p.m.32 views

CVE-2026-8673

CVE-2026-8673 describes an unprotected transport of credentials in Avantra from syslink software AG on Linux and Windows, allowing sniffing of credentials. The affected line is Avantra before version 25.3.0. Documented impacts emphasize confidentiality and integrity risks, with CVSS v3.1 indicati...

9.1CVSS5.8AI score0.00192EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/22 1:17 p.m.9 views

CVE-2026-8672 Default credentials for internal DB

Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords. This issue affects Avantra: before 25.3.0...

5.1CVSS5.8AI score0.00105EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/22 1:17 p.m.17 views

CVE-2026-8672

Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords. This issue affects Avantra: before 25.3.0...

5.1CVSS5.8AI score0.00105EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Chromium

Inappropriate implementations in Google Chrome’s compositing layer on Linux and Windows, prior to version 89.0.4389.72, allowed a remote attacker to spoof the contents of the Omnibox URL bar through a crafted HTML page...

6.5CVSS7.2AI score0.01615EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/26 2:10 p.m.11 views

Arbitrary Command Injection

Overview ssh-mcp is a MCP server exposing SSH control for Linux and Windows systems via Model Context Protocol. Affected versions of this package are vulnerable to Arbitrary Command Injection via the shell.write function. An attacker can execute arbitrary system commands by supplying crafted inpu...

8.5CVSS6.1AI score0.00653EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 2:58 p.m.9 views

Security Bulletin: IBM Sterling Connect:Direct FTP+ is vulnerable to various attacks due to IBM Runtime Environment Java Technology Edition Version 17

Summary IBM Java 17 is used by IBM Sterling Connect:Direct FTP+ on AIX, Linux, and Windows platforms in product configuration and data transmission. IBM Sterling Connect:Direct FTP+ on AIX, Linux, and Windows platforms is impacted by vulnerabilities in IBM Java 17. IBM Sterling Connect:Direct FTP...

9.8CVSS6.3AI score0.00864EPSS
Exploits1Affected Software1
GithubExploit
GithubExploit
added 2026/03/16 5:11 p.m.198 views

Exploit for Race Condition in Canonical Ubuntu_Linux

Dillu-Analyzer 🛡️ Dillu Analyzer — A web-based universal malwa...

9.3CVSS5.8AI score0.99945EPSS
Exploits132
EUVD
EUVD
added 2026/03/06 12:31 a.m.7 views

EUVD-2026-9944

Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

4.3CVSS5.9AI score0.00153EPSS
Exploits0References2
NVD
NVD
added 2026/03/06 12:16 a.m.9 views

CVE-2026-28715

Sensitive information disclosure due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

6.5CVSS0.00281EPSS
Exploits0References1
NVD
NVD
added 2026/03/06 12:16 a.m.11 views

CVE-2026-28718

Denial of service due to insufficient input validation in authentication logging. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

7.5CVSS0.00339EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/05 11:57 p.m.5 views

CVE-2026-28726

Sensitive information disclosure due to improper access control. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

4.3CVSS5.9AI score0.00178EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/05 11:57 p.m.29 views

CVE-2026-28726

Sensitive information disclosure due to improper access control. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

4.3CVSS0.00178EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/05 11:52 p.m.31 views

CVE-2026-28715

Sensitive information disclosure due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

6.5CVSS0.00281EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/05 11:48 p.m.38 views

CVE-2026-28710

Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

8.1CVSS0.00414EPSS
Exploits0References1
OSV
OSV
added 2026/02/20 1:15 a.m.4 views

CVE-2025-30416

Sensitive data disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect 16 Linux, Windows before build 39938, Acronis Cyber Protect 15 Linux, Windows before build 41800...

10CVSS5.7AI score0.00438EPSS
Exploits0References1
Rows per page
Query Builder