Lucene search
K

1878 matches found

OSV
OSV
added 2026/06/05 12:53 a.m.10 views

MAL-2026-5235 Malicious code in awaitly-analyze (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b77cddba130960f19c0c0b71b952811cc8dabd41e848d5305497cd16757ba2e3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.19 views

PT-2026-47086

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description A low-privilege MCP token holder with knowledge of an attachment path can read any file in shared storage, including attachments from other bases and workspaces. This occurs because the MCP...

2.3CVSS5.9AI score0.00209EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.10 views

Ansible 参数注入漏洞

Ansible is an easy-to-use IT automation system developed under the open source license of Ansible. Ansible has a parameter injection vulnerability, which stems from improper use of the parameter separator in the ansible-galaxy role install command, allowing arbitrary code to execute...

7.8CVSS5.6AI score0.00156EPSS
Exploits0References3
NVD
NVD
added 2026/06/04 9:16 p.m.21 views

CVE-2026-5066

A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem subsys/net/lib/sockets/socketstls.c. When the TLS session cache is enabled, tlssessionstore and tlssessionrestore memcpy the caller-supplied address into a fixed-size buffer using the...

8.8CVSS0.00217EPSS
Exploits1References1
NVD
NVD
added 2026/06/04 6:16 a.m.13 views

CVE-2026-49187

The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...

8.7CVSS0.00245EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 3:50 a.m.42 views

CVE-2026-49187 Hard-coded APK Resource Credentials & Scepters

The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...

8.7CVSS0.00245EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 3:50 a.m.7 views

CVE-2026-49187 Hard-coded APK Resource Credentials & Scepters

The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...

8.7CVSS5.8AI score0.00245EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 3:50 a.m.12 views

EUVD-2026-34204

The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...

8.7CVSS5.8AI score0.00245EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 3:50 a.m.11 views

CVE-2026-49187

The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...

8.7CVSS5.8AI score0.00245EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 3:50 a.m.19 views

CVE-2026-49187

CVE-2026-49187 concerns hard-coded APK resource files that never expire and a shared scepter that can lead to information leaks and potential misuse. According to the entry, exploitation is network-based with low attack complexity and no privileges required, causing high confidentiality impact (t...

8.7CVSS5.8AI score0.00245EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.11 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the hardcoded nature of the APK resource files, which are never expired and share credentials, potentially leading to informati...

8.7CVSS5.3AI score0.00245EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.14 views

PT-2026-46144

The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...

8.7CVSS5.8AI score0.00245EPSS
Exploits0References2
CVE
CVE
added 2026/06/03 1:16 p.m.36 views

CVE-2026-6873

CVE-2026-6873 affects Django 6.0 before 6.0.6 and 5.2 before 5.2.15. The issue is a non-injective salt derivation in django.http.HttpRequest.get_signed_cookie that concatenates the cookie name and salt argument, enabling a remote attacker to use a signed cookie in a context different from where i...

4.3CVSS5.8AI score0.00245EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.31 views

Oracle Linux 8 : gnutls (ELSA-2026-20611)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-20611 advisory. - Fix CVE-2026-33846 DTLS fragment reassembly, High, heap overwrite - Fix CVE-2026-42009 DTLS fragment reassembly, High, undefined behaviour - Fix...

9.8CVSS5.9AI score0.01335EPSS
Exploits1References12
OSV
OSV
added 2026/06/01 11:42 a.m.7 views

BIT-KIBANA-2026-33463 Operation on a Resource after Expiration or Termination in Kibana Leading to Unauthorized File Access

Operation on a Resource after Expiration or Termination CWE-672 in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-bounded access token to remain usable beyond its intended validity window, enabling an unauthenticate...

5.3CVSS5.8AI score0.00238EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

UTT HiPER 1200GW 安全漏洞

UTT HiPER 1200GW is a wireless gateway device developed by UTT Corporation. Versions of UTT HiPER 1200GW prior to 2.5.3-170306 contained security vulnerabilities. These vulnerabilities were caused by incorrect parameter handling in the strcpy function within the file/goform/formFireWall, which...

9CVSS8.4AI score0.00472EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.8 views

UTT HiPER 1200GW 安全漏洞

UTT HiPER 1200GW is a wireless gateway device developed by UTT Corporation. Versions of UTT HiPER 1200GW prior to 2.5.3-170306 contained security vulnerabilities. These vulnerabilities were caused by incorrect operations with the strcpy function in the file/goform/formTaskEdit, which could lead t...

9CVSS8.4AI score0.00472EPSS
Exploits0References6
CVE
CVE
added 2026/06/01 12:0 a.m.28 views

CVE-2026-37224

Summary: FlexRIC v2.0.0 crashes when it receives two identical E2_SETUP_REQUEST messages from the same or spoofed E2 Nodes. The iApp registry enforces node ID uniqueness via an assert(), not a graceful rejection, leading to a remote unauthenticated crash of the iApp process (port 36421) and a SIG...

7.5CVSS5.8AI score0.00428EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/29 8:28 a.m.11 views

EUVD-2026-33265

The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Payment Bypass via Insufficient Verification of Data Authenticity in all versions up to, and including, 2.4.9. Although cf7pppaypalipnhandler correctly validates IPN authenticity by posting back to PayPal with...

5.3CVSS5.9AI score0.00204EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

WWBN AVideo 操作系统命令注入漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained an operating system command injection vulnerability. This vulnerability stemmed from the execAsync command in the YPTSocket notification branch, which constructed...

8.8CVSS5.9AI score0.00318EPSS
Exploits0References1
Rows per page
Query Builder