Lucene search
K

11 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 7:21 a.m.6 views

Malicious code in subsearch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04245cd013e6aa9edb766cf14249c9dd6abd19d6beb9671c22a1a8bbbff3d511 The package's main entry index.js is the only file of substance and is wrapped in obfuscator.io string-array + RC4 obfuscation that hides every liter...

6AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/03 12:0 a.m.7 views

CVE-2026-36610

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding. The firmware contains no TLS implementation, allowing man-in-the-middle interception of DDNS service credentials...

5.9CVSS5.8AI score0.00147EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/03 12:0 a.m.9 views

CVE-2026-36610

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding. The firmware contains no TLS implementation, allowing man-in-the-middle interception of DDNS service credentials...

5.8AI score0.00147EPSS
Exploits0References1
OSV
OSV
added 2026/05/25 6:11 p.m.12 views

MAL-2026-4596 Malicious code in koishi-plugin-yuan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca3069b86d0de573768e010f6ee414d10454b7aa241d17bfa056ca2d7665e533 koishi-plugin-yuan exposes an HTTP endpoint /api/bind-cookie that accepts Bilibili user cookies including SESSDATA and bilijct and forwards them via...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 6:11 p.m.14 views

Malicious code in koishi-plugin-yuan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca3069b86d0de573768e010f6ee414d10454b7aa241d17bfa056ca2d7665e533 koishi-plugin-yuan exposes an HTTP endpoint /api/bind-cookie that accepts Bilibili user cookies including SESSDATA and bilijct and forwards them via...

5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.10 views

Jinan USR IOT USR-W610 安全漏洞

Jinan USR IOT USR-W610 is a serial-to-Ethernet converter developed by Jinan USR IOT. There is a security vulnerability in the Jinan USR IOT USR-W610. This vulnerability stems from the fact that the embedded Web interface of the device does not support HTTPS/TLS authentication and uses HTTP basic...

7.5CVSS5.8AI score0.00242EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/01 6:30 p.m.5 views

EUVD-2024-30202

Kerlink gateways running KerOS prior to version 5.10 expose their web interface exclusively over HTTP, without HTTPS support. This lack of transport layer security allows a man-in-the-middle attacker to intercept and modify traffic between the client and the device...

6.8CVSS6.2AI score0.0015EPSS
Exploits0References3
OSV
OSV
added 2025/02/18 6:15 p.m.5 views

CVE-2022-41545

The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 and possibly others authenticates users via basic authentication, with an HTTP header containing a base64 value of the plaintext username and password. Because the web server also does not utilize transpor...

6.4CVSS5.8AI score0.00288EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2024/12/19 12:0 a.m.6 views

PT-2024-35708 · Unknown · Home-Gallery.Org

Name of the Vulnerable Software and Affected Versions: Home-Gallery.org versions 1.15.0 and earlier Description: The default setup of Home-Gallery.org is vulnerable to DNS rebinding due to the lack of TLS and user authentication. An attacker can exploit this by changing the DNS records of their...

5.3CVSS7.2AI score0.00262EPSS
Exploits0References8
OSV
OSV
added 2020/06/22 8:15 p.m.5 views

CVE-2020-12053

In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if certificate-based authorization is used without HTTPS, an endpoint could be authorized without a private key...

9.8CVSS7.3AI score0.00678EPSS
Exploits0References1
OSV
OSV
added 2019/09/25 6:15 p.m.5 views

CVE-2019-6652

In BIG-IQ 6.0.0-6.1.0, services for stats do not require authentication nor do they implement any form of Transport Layer Security TLS...

6.5CVSS6.6AI score0.00587EPSS
Exploits0References2
Rows per page
Query Builder