Lucene search
K

37 matches found

OSV
OSV
added 2026/07/01 7:15 p.m.7 views

MAL-2026-6710 Malicious code in vitest-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e0165cbb3d6ed37a96889c4b016463706346e1c09413635c31ea1ceedde8774 The package's postinstall script node lib/utils/index.js spawns a detached, stdio-suppressed Node child process that runs...

5.9AI score
Exploits0References4
OSV
OSV
added 2026/06/29 5:33 a.m.12 views

MAL-2026-6585 Malicious code in stake-math (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a475d161b669ae748124a4d6c1da29ebda6e40da4aa5c3c5e8b10645ef96f57a On npm install, the package's postinstall hook scripts/install-check.cjs, wired via package.json scripts.postinstall fetches a JSON config from a...

6.4AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 8:17 p.m.22 views

Malicious code in postcss-minify-selector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1bc7341d6762a6209e4bde3d99f31f1a8650b6971e64a19547b9f35e7a51abb3 Package is published as postcss-minify-selector singular but its internal postcss plugin identifier is postcss-minify-selectors plural — the canonica...

5.8AI score
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-49299

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single- tag write operations while the defined policy rules us...

5.3CVSS5.5AI score0.00295EPSS
Exploits0References3
OSV
OSV
added 2026/05/28 10:17 p.m.6 views

DEBIAN-CVE-2026-49299

In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default policy, permitting a project reader to create and update tags...

5.3CVSS5.8AI score0.00295EPSS
Exploits0References1
OSV
OSV
added 2026/05/28 9:53 p.m.4 views

CVE-2026-49299

In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default policy, permitting a project reader to create and update tags...

5.3CVSS6AI score0.00295EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.16 views

PT-2026-43397

Name of the Vulnerable Software and Affected Versions MaxKB versions prior to 2.8.1 Description An issue exists in the OSS file service URL fetch functionality where inconsistent DNS resolution occurs between the validation phase and the actual request execution. This allows for a server-side...

5.1CVSS5.8AI score0.00187EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: ulpi: Fix for the debugfs directory leak The ULPI per-device debugfs root is named after the parent of the ulpi device. However, ulpiunregisterinterface attempts to remove a debugfs directory named after the ulpi device...

5.5CVSS5.8AI score0.00222EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/28 9:19 a.m.6 views

CVE-2026-41603 Apache Thrift: Java TSSLTransportFactory hostname verification

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

5.2AI score0.00593EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.12 views

Apache Thrift 安全漏洞

Apache Thrift is a framework for cross-platform development developed by the Apache Foundation in the United States. Versions of Apache Thrift prior to 0.23.0 contained a security vulnerability, which was caused by improper validation of certificates when they did not match the hostnames...

7.4CVSS5.8AI score0.00593EPSS
Exploits0References1
OSV
OSV
added 2026/04/08 12:4 a.m.6 views

GHSA-PPVX-RWH9-7RJ7 pyload-ng: Authorization Bypass for SSL Certificate/Key Configuration Due to Option Name Mismatch in pyload-ng

Summary The ADMINONLYCOREOPTIONS authorization set in setconfigvalue uses incorrect option names sslcert and sslkey, while the actual configuration option names are sslcertfile and sslkeyfile. This name mismatch causes the admin-only check to always evaluate to False, allowing any user with...

6.8CVSS5.9AI score0.00142EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/08 12:4 a.m.4 views

pyload-ng: Authorization Bypass for SSL Certificate/Key Configuration Due to Option Name Mismatch in pyload-ng

Summary The ADMINONLYCOREOPTIONS authorization set in setconfigvalue uses incorrect option names sslcert and sslkey, while the actual configuration option names are sslcertfile and sslkeyfile. This name mismatch causes the admin-only check to always evaluate to False, allowing any user with...

6.8CVSS6AI score0.00142EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/04/07 4:9 p.m.14 views

CVE-2026-35586

The vulnerability CVE-2026-35586 affects pyload-ng and stems from an incorrect admin-only configuration guard: the ADMIN_ONLY_CORE_OPTIONS set uses ssl_cert and ssl_key instead of the actual ssl_certfile and ssl_keyfile names, and ssl_certchain was not included. This lets any non-admin user with ...

6.8CVSS5.9AI score0.00142EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/07 4:9 p.m.3 views

CVE-2026-35586 Authorization Bypass for SSL Certificate/Key Configuration Due to Option Name Mismatch in pyload-ng

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the ADMINONLYCOREOPTIONS authorization set in setconfigvalue uses incorrect option names sslcert and sslkey, while the actual configuration option names are sslcertfile and sslkeyfile. This name mismatch...

6.8CVSS5.9AI score0.00142EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/02/18 12:0 a.m.7 views

Apache Tomcat 10.1.0.M1 < 10.1.50 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 10.1.50. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.1.50security-10 advisory. - Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through...

9.1CVSS7AI score0.00494EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/02/12 7:16 p.m.29 views

CVE-2026-24895 FrankenPHP affected by Path Confusion via Unicode casing in CGI path splitting allows execution of arbitrary files

FrankenPHP is a modern application server for PHP. Prior to 1.11.2, FrankenPHP’s CGI path splitting logic improperly handles Unicode characters during case conversion. The logic computes the split index for finding .php on a lowercased copy of the request path but applies that byte index to the...

9.3CVSS0.0058EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2003-0630

Malware in sbrugna...

7.5CVSS6.4AI score0.01175EPSS
Exploits0References2
NVD
NVD
added 2025/07/18 11:15 p.m.7 views

CVE-2025-7395

A certificate verification error in wolfSSL when building with the WOLFSSLSYSCACERTS and WOLFSSLAPPLENATIVECERTVALIDATION options results in the wolfSSL client failing to properly verify the server certificate's domain name, allowing any certificate issued by a trusted CA to be accepted regardles...

9.2CVSS0.00222EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/05 12:0 a.m.5 views

Himmelblau 授权问题漏洞

Himmelblau is an Azure Entra ID authentication module open-sourced by Himmelblau. An authorization issue vulnerability exists in Himmelblau versions 0.9.0 through 0.9.14 and 1.00-alpha, which stems from an improperly matched group name and could lead to elevation of privilege...

5.4CVSS6.7AI score0.00288EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 5:21 a.m.4 views

CVE-2023-34143

Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux Device Manager Server, Device Manager Agent, Host Data Collector components allows Man in the Middle Attack.This issue affects Hitachi Device Manager: before 8.8.5-02...

8.1CVSS7AI score0.00203EPSS
Exploits0References1
Rows per page
Query Builder