Lucene search
K

1277 matches found

Nuclei
Nuclei
added yesterday37 views

Zoho ManageEngine - Access Control Bypass

Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize via the ../RestAPI...

9.8CVSS7.1AI score0.83321EPSS
Exploits1References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 12:0 a.m.19 views

Malicious code in log-taker1 (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign. log-taker1 embeds a full infostealer 2800 lines directly in index.js, executed at install time via postinstall: node test.js. The payload harvests cryptocurrency wallet vaults MetaMask, Phantom, Solflare,...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 12:0 a.m.8 views

Malicious code in polymarket-clob-maths (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign targeting Polymarket developers. polymarket-clob-maths uses a dropper technique: a postinstall hook fetches a remote bundle from trabalhos-flax.vercel.app and executes a syncSession function that runs a...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 12:0 a.m.8 views

Malicious code in ts-bn-proto (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign. ts-bn-proto embeds an infostealer payload directly in index.js with a base64-encoded C2 address data-stream.space, executed at install time via a postinstall hook. The payload harvests cryptocurrency wallet...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 12:0 a.m.9 views

Malicious code in console-fmt-cli (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign. console-fmt-cli uses a side-loader technique: it declares decimal-format-core =3.0 as a dependency, which contains a dropper that executes at install time via a postinstall hook. The dropper fetches a...

6.3AI score
Exploits0References12
OSV
OSV
added 2026/06/30 12:0 a.m.5 views

MAL-2026-6692 Malicious code in polymarket-trading-developer-tools (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign targeting Polymarket developers. polymarket-trading-developer-tools uses a dropper technique: a postinstall hook downloads configuration from pm-trading-dev-tools-be.vercel.app and exfiltrates data to the...

6AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/25 8:16 a.m.11 views

CVE-2026-12320

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure in the Password Manager component...

4.3CVSS5.8AI score0.00179EPSS
Exploits0References5
Nuclei
Nuclei
added 2026/06/19 11:10 a.m.130 views

Zoho ManageEngine - Remote Code Execution

Zoho ManageEngine Password Manager Pro, PAM 360, and Access Manager Plus are susceptible to unauthenticated remote code execution via XML-RPC. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary...

9.8CVSS8.1AI score0.9994EPSS
Exploits5References5
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.16 views

SUSE CVE-2026-12320

Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

4.3CVSS5.8AI score0.00179EPSS
Exploits0References3
CVE
CVE
added 2026/06/17 11:11 a.m.18 views

CVE-2026-10839

CVE-2026-10839 describes an open redirect in the Password Manager authentication system. The vulnerability arises from manipulation of the X-Forwarded-Host header to alter generated URLs, potentially redirecting authenticated users to malicious sites after login. Impact is limited to confidential...

5.1CVSS5.3AI score0.0042EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 11:11 a.m.17 views

CVE-2026-10837

CVE-2026-10837 describes an open redirection vulnerability in a Password Manager caused by insufficient validation of the X-Forwarded-Host header. The issue allows an attacker to craft links that, when clicked by a victim, redirect to attacker-controlled domains, enabling phishing or deception wh...

5.1CVSS5.3AI score0.00315EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 11:10 a.m.16 views

CVE-2026-10836

The CVE-2026-10836 entry concerns a vulnerability in Password Manager where improper neutralization of HTTP headers allows an attacker to manipulate the Host header via crafted requests. This can lead to generation of manipulated links or responses and potentially cause limited information disclo...

5.1CVSS5.3AI score0.00308EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 1:16 p.m.14 views

CVE-2026-12320

Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

4.3CVSS0.00179EPSS
Exploits0References3
OSV
OSV
added 2026/06/16 1:16 p.m.6 views

UBUNTU-CVE-2026-12320

Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

4.3CVSS5.8AI score0.00179EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/16 11:52 a.m.11 views

EUVD-2026-37111

Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

4.3CVSS5.2AI score0.00179EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/16 11:52 a.m.7 views

CVE-2026-12320 Information disclosure in the Password Manager component

Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.2AI score0.00179EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/16 11:52 a.m.33 views

CVE-2026-12320 Information disclosure in the Password Manager component

Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

0.00179EPSS
Exploits0References3
CVE
CVE
added 2026/06/16 11:52 a.m.22 views

CVE-2026-12320

CVE-2026-12320 affects the Password Manager component in Firefox and Thunderbird. The vulnerability enables information disclosure and is documented with a CVSS v3.1 base score of 4.3 (Medium) with network attack vector, low attack complexity, no privileges required, but user interaction is requi...

4.3CVSS5.2AI score0.00179EPSS
Exploits0References3Affected Software2
AlpineLinux
AlpineLinux
added 2026/06/16 11:52 a.m.9 views

CVE-2026-12320

Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

4.3CVSS5.3AI score0.00179EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.8 views

PT-2026-49689

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 152 Thunderbird versions prior to 152 Description Information disclosure occurs within the Password Manager component. Recommendations Update Firefox to version 152. Update Thunderbird to version 152...

9.8CVSS5.8AI score0.00476EPSS
Exploits0References48
Rows per page
Query Builder