Lucene search
K

687 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 10 hours ago4 views

Malicious code in home-mp-commons (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 885b9dad73e9eeb07a1fcb4a94493ec85573f656f7b9347a8682f56db359cfd6 [email protected] is an empty npm package declared main index.js is absent from the tarball whose sole effect on install is to resolve a single...

6.2AI score
Exploits0References2
NVD
NVD
added 5 days ago16 views

CVE-2026-33802

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on EX Series allows a local, authenticated attacker to cause a Denial-of-Service DoS. On EX2300, EX4000, EX4100, EX4300-MP Multigigabit and EX4400 switches, an authenticated, local attacker with no specific permissions ...

6.8CVSS0.00123EPSS
Exploits0References1
CVE
CVE
added 5 days ago11 views

CVE-2026-33802

Summary: CVE-2026-33802 is a Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on EX Series switches (EX2300, EX4000, EX4100, EX4300-MP, EX4400) that allows a locally authenticated attacker with no specific permissions to execute a privileged CLI command and trigger a Do...

6.8CVSS6AI score0.00123EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 8:52 a.m.4 views

SUSE-SU-2026:2644-1 Security update for frr

This update for frr fixes the following issues - CVE-2026-28532: Denial of Service due to integer overflow in OSPF TLV parser functions bsc1263859. - CVE-2026-37457: An off-by-one out-of-bounds write vulnerability in the bgpflowspecopdecode function bgpd/bgpflowspecutil.c of FRRouting FRR...

7.5CVSS5.8AI score0.00389EPSS
Exploits0References7
Rockylinux
Rockylinux
added 2026/06/25 12:3 p.m.6 views

gmp security and enhancement update

An update is available for gmp. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gmp packages contain GNU MP, a library for arbitrary precision arithmetics,...

7.5CVSS7.5AI score0.03425EPSS
Exploits1
OSV
OSV
added 2026/06/25 12:3 p.m.2 views

RLSA-2023:6661 Low: gmp security and enhancement update

The gmp packages contain GNU MP, a library for arbitrary precision arithmetics, signed integers operations, rational numbers, and floating point numbers. Security Fixes: gmp: Integer overflow and resultant buffer overflow via crafted input CVE-2021-43618 For more details about the security issues...

6.2CVSS6.2AI score0.03425EPSS
Exploits1References2
Patchstack
Patchstack
added 2026/06/23 4:37 p.m.6 views

WordPress MP Customize Login Page plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin MP Customize Login Page versions = 1.0...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/22 12:31 a.m.10 views

EUVD-2026-38196

A security flaw has been discovered in Edimax BR-6478AC V2 1.23. Affected by this vulnerability is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument command results in command injection. The attack may be initiated remotely. Th...

6.5CVSS6.4AI score0.01158EPSS
Exploits0References6
NVD
NVD
added 2026/06/21 10:16 p.m.14 views

CVE-2026-12810

A security flaw has been discovered in Edimax BR-6478AC V2 1.23. Affected by this vulnerability is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument command results in command injection. The attack may be initiated remotely. Th...

6.5CVSS0.01158EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/21 9:45 p.m.24 views

CVE-2026-12810 Edimax BR-6478AC V2 POST Request mp command injection

A security flaw has been discovered in Edimax BR-6478AC V2 1.23. Affected by this vulnerability is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument command results in command injection. The attack may be initiated remotely. Th...

6.5CVSS0.01158EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.17 views

PT-2026-51257

Name of the Vulnerable Software and Affected Versions Edimax BR-6478AC V2 version 1.23 Description A security flaw in the POST Request Handler component allows for remote command injection. This occurs through the manipulation of the command argument within the mp function of the '/goform/mp'...

6.5CVSS6.7AI score0.01158EPSS
Exploits0References12
OSV
OSV
added 2026/06/18 2:2 p.m.3 views

SUSE-SU-2026:2454-1 Security update for frr

This update for frr fixes the following issues Update to frr 8.5.7: - CVE-2026-5107: Fixed an improper access controls in EVPN Type-2 Route Handler bsc1261013. - CVE-2026-28532: Harden TE/SR TLV iteration against malformed lengths bsc1263859. - CVE-2026-37457: Fix off-by-one error in FlowSpec...

7.5CVSS5.9AI score0.00389EPSS
Exploits0References9
Snyk
Snyk
added 2026/06/10 11:12 p.m.11 views

NULL Pointer Dereference

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

6.5CVSS5.3AI score0.00187EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.10 views

CVE-2026-8774

A vulnerability was detected in Edimax BR-6228NC 1.22. Affected by this issue is the function mp of the file /goform/mp of the component POST Request Handler. The manipulation of the argument command results in command injection. The attack may be performed from remote. The exploit is now public...

6.5CVSS6.3AI score0.01182EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.12 views

CVE-2026-9228

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.16 via the actiongeteventdata due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS5.5AI score0.00218EPSS
Exploits0References1
OSV
OSV
added 2026/06/04 4:30 p.m.8 views

MINI-RH2M-43MP-5VMP

Bulletin has no description...

9.1CVSS5.7AI score0.00466EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/28 1:2 p.m.14 views

CVE-2026-48688

A flaw was found in FastNetMon Community Edition. Multiple out-of-bounds read vulnerabilities exist within the BGP MPREACHNLRI IPv6 attribute decoder. A remote attacker could exploit these flaws by sending specially crafted BGP messages, which could lead to information disclosure or a denial of...

7.5CVSS5.7AI score0.00283EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/28 3:27 a.m.12 views

CVE-2026-9228 Timetable and Event Schedule by MotoPress <= 2.4.16 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via action_get_event_data Function

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.16 via the actiongeteventdata due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00218EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/28 3:27 a.m.15 views

EUVD-2026-32705

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.16 via the actiongeteventdata due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00218EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/28 3:27 a.m.40 views

CVE-2026-9228 Timetable and Event Schedule by MotoPress <= 2.4.16 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via action_get_event_data Function

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.16 via the actiongeteventdata due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS0.00218EPSS
Exploits0References6
Rows per page
Query Builder