Lucene search
K

2654 matches found

Cvelist
Cvelist
added 2 days ago37 views

CVE-2026-15479 H3C NX15 Administrator Password Modification Endpoint modify change_passwd password recovery

A vulnerability was found in H3C NX15 V100R017. Affected by this vulnerability is the function changepasswd of the file /api/login/modify of the component Administrator Password Modification Endpoint. The manipulation of the argument newPass results in weak password recovery. The attack may be...

7.5CVSS0.00278EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/26 8:13 p.m.17 views

Exposed Dangerous Method or Function

Overview nx is a The core Nx plugin contains the core functionality of Nx like the project graph, nx commands and task orchestration. Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the local HTTP server's permissive CORS policy, which sends...

6CVSS6.1AI score0.00812EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 6:13 p.m.7 views

CVE-2026-54753

Nx is a monorepo solution for TypeScript and polyglot codebases. From 17.0.4 until 22.7.2 and 23.0.0-beta.2, the local HTTP server started by nx graph sent Access-Control-Allow-Origin: on every response, letting any website a developer visited read the server's responses cross-origin — including...

5.9CVSS5.9AI score0.00812EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/26 6:13 p.m.38 views

CVE-2026-54753 Nx: `nx graph` dev server permissive CORS policy

Nx is a monorepo solution for TypeScript and polyglot codebases. From 17.0.4 until 22.7.2 and 23.0.0-beta.2, the local HTTP server started by nx graph sent Access-Control-Allow-Origin: on every response, letting any website a developer visited read the server's responses cross-origin — including...

5.9CVSS0.00812EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 6:13 p.m.15 views

CVE-2026-54753

Summary (CVE-2026-54753) Nx's nx graph local HTTP server (in versions 17.0.4 through 22.7.2 and 23.0.0-beta.2) exposed an overly permissive CORS policy by returning Access-Control-Allow-Origin: * on every response. This enabled cross-origin access to sensitive server data, including the full proj...

5.9CVSS5.9AI score0.00812EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 6:13 p.m.7 views

EUVD-2026-39831

Nx is a monorepo solution for TypeScript and polyglot codebases. From 17.0.4 until 22.7.2 and 23.0.0-beta.2, the local HTTP server started by nx graph sent Access-Control-Allow-Origin: on every response, letting any website a developer visited read the server's responses cross-origin — including...

5.9CVSS5.9AI score0.00812EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 7:16 p.m.14 views

CVE-2026-10748

An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating system commands as the Nexus process user in Sonatype Nexus Repository 3 versions before 3.92.0...

8.6CVSS0.00296EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/11 1:54 p.m.7 views

Malicious Package

Overview @ntnx/nx-react-components is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.4AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.19 views

CVE-2026-20171

A vulnerability in the Border Gateway Protocol BGP enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to trigger BGP peer flaps, resulting in a denial of service DoS condition...

6.8CVSS5.5AI score0.00467EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.10 views

CVE-2026-48027

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for 18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the...

9.8CVSS5.4AI score0.0185EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.9 views

Security Update for Microsoft Visual Studio Code Nx-Console Extension (CVE-2026-48027)

The Microsoft Visual Studio Code Nx-Console Extension is version 18.95.0. It is, therefore, affected by an embedded malicious code vulnerability. The compromised extension fetched an obfuscated payload that could harvest credentials from multiple sources on disk and in memory. Note that Nessus ha...

9.8CVSS5.6AI score0.0185EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2026/06/01 2:9 p.m.6 views

@astralis-os/vitest (=2.4.1), @aws/nx-plugin (>=0.79.1 <=0.84.2) +64 more potentially affected by CVE-2026-47429 via vitest (>=4.0.13 <=4.0.9)

vitest NPM version =4.0.13, =0.79.1, =2.1.0-alpha.278, =2.1.0-alpha.278, =2.1.0-alpha.278, =2.1.0-alpha.278, =2.1.0-alpha.278, =4.0.0-alpha.31, =1.2.3-preview-a960555.0, =7.2.0, =11.0.33, =11.0.49 - @forsakringskassan/vitest-config =1.1.0 - @frovahappy/brush =0.2.0 and more Source cves:...

5.7AI score0.00232EPSS
Exploits0
OSV
OSV
added 2026/06/01 7:40 a.m.13 views

MAL-2026-5162 Malicious code in nrwl.angular-console (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 12636eadc931d19fc68ca6d30f5397404c6b782a67537c770c944ed9337a4125 The compromised version of the Nx Console VS Code extension contains malicious code injected into its main execution file. When a develope...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 7:40 a.m.16 views

Malicious code in nrwl.angular-console (VSCode)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 12636eadc931d19fc68ca6d30f5397404c6b782a67537c770c944ed9337a4125 The compromised version of the Nx Console VS Code extension contains malicious code injected into its main execution file. When a develope...

6.1AI score
Exploits0References4
OSV
OSV
added 2026/06/01 7:40 a.m.13 views

MAL-2026-5161 Malicious code in nrwl.angular-console (VSCode)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 12636eadc931d19fc68ca6d30f5397404c6b782a67537c770c944ed9337a4125 The compromised version of the Nx Console VS Code extension contains malicious code injected into its main execution file. When a develope...

6.1AI score
Exploits0References4
NVD
NVD
added 2026/05/29 9:16 a.m.15 views

CVE-2026-10056

CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account...

7.5CVSS0.00242EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 8:4 a.m.16 views

EUVD-2026-33262

CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account...

7.5CVSS5.8AI score0.00242EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 8:4 a.m.19 views

CVE-2026-10056

CVE-2026-10056 – Nx Witness VMS : A CORS misconfiguration in the REST API (pre-6.1.2) running in Standard security mode on Linux/Windows allows an unauthenticated attacker to exfiltrate a user session token and perform Administrator Account Takeover via a malicious cross-origin page. The High sec...

7.5CVSS5.8AI score0.00242EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Network Optix Nx Witness VMS 安全漏洞

Network Optix Nx Witness VMS is a video management system developed by the American company Network Optix. Versions of Network Optix Nx Witness VMS prior to version 6.1.2 contained security vulnerabilities. These vulnerabilities were caused by incorrect CORS configurations in the REST API, which...

7.5CVSS5.9AI score0.00242EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.11 views

PT-2026-44762

CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account...

7.5CVSS5.8AI score0.00242EPSS
Exploits0References2
Rows per page
Query Builder