Lucene search
K

682 matches found

Cvelist
Cvelist
added 2026/05/29 12:31 p.m.37 views

CVE-2026-49323 Indian Scout Bobber 2025 WCM-to-ECM weak authentication

Weak authentication between the Wireless Control Module WCM and the Engine Control Module ECM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the per-vehicle ECM immobilizer secret by passively...

4.3CVSS0.00107EPSS
Exploits0References1
OSV
OSV
added 2026/05/21 12:0 a.m.9 views

MAL-2026-4217 Malicious code in polymarket-trading-cli (npm)

A coordinated supply-chain attack comprising 9 npm packages published by maintainer polymarketdev GitHub actor texsellix, repo texsellix/polymarket-trading-bot within a 2-minute window on 2026-05-20T23:30Z–23:32Z. All packages masquerade as legitimate Polymarket CLOB trading tools while...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 12:0 a.m.14 views

Malicious code in polymarket-terminal (npm)

A coordinated supply-chain attack comprising 9 npm packages published by maintainer polymarketdev GitHub actor texsellix, repo texsellix/polymarket-trading-bot within a 2-minute window on 2026-05-20T23:30Z–23:32Z. All packages masquerade as legitimate Polymarket CLOB trading tools while...

5.8AI score
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/20 10:36 p.m.107 views

Exploit for CVE-2026-0265

CVE-2026-0265 Passive Detector v2 Defensive reconnaissanc...

9.2CVSS5.9AI score0.0044EPSS
Exploits3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in libcommons-net-java

Prior to Apache Commons Net 3.9.0, Net’s FTP client trusted the host based on the PASV response by default. A malicious server could redirect the Commons Net code to use a different host, but the user had to connect to the malicious server in the first place. This could result in the leakage of...

6.5CVSS6.5AI score0.01858EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in curl

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port. In this way, the malicious server can potentially enable curl to extract information about services that would otherwise be private and undisclosed. This could...

4.3CVSS6.6AI score0.03851EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Python 2.7, Python 3.7

A flaw was discovered in Python, specifically in the FTP File Transfer Protocol client library when operating in PASV passive mode. The issue arises from how the FTP client defaults to trusting the host based on the PASV response. This flaw allows an attacker to create a malicious FTP server that...

5.3CVSS6.8AI score0.02511EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/05/17 8:1 a.m.15 views

FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address

...

5.9CVSS5.8AI score0.00476EPSS
Exploits0
OSV
OSV
added 2026/05/15 2:1 p.m.12 views

OESA-2026-2323 gvfs security update

Gvfs is a userspace virtual filesystem implementation for GIO a library available in GLib. It comes with a set of backends, including trash support, SFTP, SMB, HTTP, DAV, and many others. Gvfs also contains modules for GIO that implement volume monitors and persistent metadata storage. Security...

4.3CVSS5.9AI score0.00186EPSS
Exploits0References2
OSV
OSV
added 2026/05/15 2:1 p.m.7 views

OESA-2026-2322 gvfs security update

Gvfs is a userspace virtual filesystem implementation for GIO a library available in GLib. It comes with a set of backends, including trash support, SFTP, SMB, HTTP, DAV, and many others. Gvfs also contains modules for GIO that implement volume monitors and persistent metadata storage. Security...

4.3CVSS5.9AI score0.00186EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/05/15 8:2 a.m.12 views

Openvswitch: open vswitch: denial of service via malformed ftp epasv command

...

5.9CVSS5.8AI score0.00405EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-8328

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ftpcp function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv was patched to replace server-supplied PASV host addresses with...

5.9CVSS6.7AI score0.02511EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/13 8:14 p.m.10 views

CVE-2026-8328 FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address

The ftpcp function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv was patched to replace server-supplied PASV host addresses with the actual peer address getpeername0, ftpcp still calls parse227 directly and passes the raw attacker-controllable IP address and port t...

5.9CVSS5.8AI score0.00476EPSS
Exploits0References10
CVE
CVE
added 2026/05/13 8:14 p.m.37 views

CVE-2026-8328

The connected documents identify CVE-2026-8328 as a Python Lib/ftplib.py issue: ftpcp() was not updated when CVE-2021-4189 was fixed. While makepasv() now replaces server-supplied PASV host addresses with the actual peer address (getpeername()[0]), ftpcp() still calls parse227() directly and forw...

5.9CVSS5.8AI score0.00476EPSS
Exploits0References10
Packet Storm News
Packet Storm News
added 2026/05/13 12:0 a.m.10 views

Characterizing AI-Assisted Bot Traffic in Darknet Data: Implications for ICS and IIoT Security

The rise of automated scanning tools and AI assisted reconnaissance agents has significantly altered internet background traffic patterns, threatening the baseline assumptions underlying intrusion detection systems IDS deployed in critical infrastructure networks. This paper characterizes the...

5.8AI score
Exploits0
CVE
CVE
added 2026/05/05 3:45 p.m.17 views

CVE-2026-34956

CVE-2026-34956 affects Open vSwitch: the vulnerability is in the userspace conntrack FTP ALG handler where a crafted FTP payload (EPASV/FTP substrings) can trigger an invalid memory access due to type narrowing when copying FTP substrings. This memory access can crash the process, causing Denial ...

5.9CVSS5.8AI score0.00405EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/05/03 12:0 a.m.8 views

Observability for Post-Quantum TLS Readiness: A Multi-Surface Evidence Framework

Post-quantum migration in Transport Layer Security TLS requires evidence-aware measurements that distinguish session negotiation, endpoint capability, certificate-chain evidence, and the provenance of missing observations. This distinction is essential under TLS 1.3 encryption, resumption, mutual...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/02 6:22 p.m.112 views

Lyussfyuring002

lyussfyuring002 web exploitation + OSINT toolkit for people...

6.7CVSS5.9AI score0.0024EPSS
Exploits4
GithubExploit
GithubExploit
added 2026/04/30 11:4 a.m.112 views

Exploit for CVE-2026-31431

copy-fail-cve-2026-31431 Passive detection tooling and techni...

7.8CVSS5.9AI score0.96267EPSS
Exploits230
BDU FSTEC
BDU FSTEC
added 2026/04/21 12:0 a.m.5 views

The command-line interface of the Cisco Identity Services Engine (ISE) management platform, as well as the Cisco ISE Passive Identity Connector (ISE-PIC) virtual authentication data collection device, are vulnerable. This vulnerability allows attackers to escalate their privileges.

The vulnerability of the command-line interface of the Cisco Identity Services Engine ISE management platform and the Cisco ISE Passive Identity Connector ISE-PIC virtual authentication data collection device is related to improper encoding or filtering of output data. Exploiting this vulnerabili...

6.2CVSS5.9AI score0.00499EPSS
Exploits0References2
Rows per page
Query Builder