Lucene search
K

238 matches found

RedhatCVE
RedhatCVE
added 2026/02/28 7:45 p.m.13 views

CVE-2026-27757

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authenticated users to change account passwords without verifying the current password. Attackers who gain access to an authenticated session can modify credentials to maintain persisten...

7.2CVSS5.9AI score0.00252EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/28 1:59 a.m.3 views

Weak Password Recovery Mechanism for Forgotten Password

Overview Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password via the ResetPassword function and the background token cleanup process. An attacker can gain persistent unauthorized access to user accounts by reusing intercepted password reset...

9.8CVSS6AI score0.00673EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/27 9:31 p.m.6 views

EUVD-2026-9047

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authenticated users to change account passwords without verifying the current password. Attackers who gain access to an authenticated session can modify credentials to maintain persisten...

7.1CVSS5.9AI score0.00252EPSS
Exploits0References3
OSV
OSV
added 2026/02/27 7:16 p.m.4 views

CVE-2026-27757

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authenticated users to change account passwords without verifying the current password. Attackers who gain access to an authenticated session can modify credentials to maintain persisten...

7.2CVSS5.8AI score0.00252EPSS
Exploits0References2
CVE
CVE
added 2026/02/27 6:11 p.m.7 views

CVE-2026-27757

The CVE-2026-27757 affects SODOLA SL902-SWTGW124AS firmware up to version 200.1.20. An authentication vulnerability allows any authenticated user to change account passwords without verifying the current password, enabling persistent access to the management interface. The issue, described in the...

7.2CVSS5.9AI score0.00252EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/27 7:30 a.m.5 views

CVE-2025-9909 Aap-gateway: improper path validation in gateway allows credential exfiltration

A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash // prefix in the gatewaypath. A malicious or socially engineered administrator can configure a...

6.7CVSS5.8AI score0.00167EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/27 7:30 a.m.14 views

CVE-2025-9909

A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash // prefix in the gatewaypath. A malicious or socially engineered administrator can configure a...

6.7CVSS5.8AI score0.00167EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.8 views

SODOLA SL902-SWTGW124AS 安全漏洞

SODOLA SL902-SWTGW124AS is an industrial switch manufactured by the Spanish company SODOLA. Versions of SODOLA SL902-SWTGW124AS prior to version 200.1.20 contain security vulnerabilities. These vulnerabilities stem from the ability for authenticated users to change their account passwords without...

7.2CVSS5.8AI score0.00252EPSS
Exploits0References3
HackRead
HackRead
added 2026/02/26 2:34 p.m.4 views

Entra ID OAuth Consent Can Grant ChatGPT Access to Emails

OAuth consent in Entra ID can grant apps like ChatGPT email access after approval, exposing hidden risks that may bypass MFA and enable persistent access...

5.4AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/24 2:18 p.m.10 views

Malicious code in modify-setting (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48505e42b99b10152a5e8587fc88350de886a6ff02ca5b70ada3d90c9a7e980f The package modify-setting was found to contain malicious code. Source: ghsa-malware 3420a3d9050f94ba247ff8853e7a7f98ee33ca16a7beda959c53463992b65c24...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/02/20 4:59 p.m.5 views

MAL-2026-967 Malicious code in parse-compat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f14189ba3007a51617df87911f83c0c765d38bf6abe23b5aecbbe60cd8646c0a The package parse-compat was found to contain malicious code. Source: ghsa-malware 90a657719347c80f56dab387dd9beb25be7af98e9580382365a65feb0fd53243 A...

5.6AI score
Exploits0References1
Veracode
Veracode
added 2026/01/28 8:31 a.m.12 views

Arbitrary File Write

Shopware is vulnerable to Arbitrary file write. The vulnerability is due to insufficient validation of uploaded plugin files, which allows an attacker to write files to arbitrary directories and upload a PHP shell, resulting in persistent shell access on on-premises installations...

6AI score
Exploits0
OSV
OSV
added 2026/01/27 8:11 a.m.5 views

MAL-2026-542 Malicious code in stylus.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da337331b168fe53efb22dcc1d3a935e35010e59a40d5d222ee18aa89fe82e42 The package stylus.js was found to contain malicious code. Source: ghsa-malware 228752dfb0c639ecaabfe0fc0189046c016a56e66ffae8ebb59eaeb675d9d935 Any...

5.8AI score
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/01/27 12:0 a.m.5 views

SSH Key Persistence

This Metasploit module will add an SSH key to a specified user or all, to allow remote login via SSH at any time. No payload is required for this module to work. If an SSH key is not provided, a new 4096 bit RSA keypair will be generated. The private key will be stored as loot for later use...

5.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/19 12:43 a.m.13 views

Malicious code in tailwin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c6f42d8ac771f7de2a89b36d91afb6db0c0445c7c3b9c4c094cf74b1448343d The package tailwin was found to contain malicious code. Source: ghsa-malware 25f1e8ebfcada6d9b8288179365d666ecc4679a549f815f6715e35fc614e03e2 Any...

5.5AI score
Exploits0References3
OSV
OSV
added 2026/01/12 1:26 a.m.3 views

MAL-2026-210 Malicious code in @workleap-ai/shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2800f2cfba8ac6e7a16ef977484e4da4d360c859848daedb5220c7d3595653e1 The package @workleap-ai/shared was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/06 2:33 a.m.6 views

Malicious code in oj-sp-css-additions (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 76f44dd1651a643e28e082a676732a19e8a8a8fcf5b2f88264aa47c7f5e31dce The package oj-sp-css-additions was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References1
Packet Storm
Packet Storm
added 2025/12/26 12:0 a.m.198 views

📄 Netbus Backdoor 1.7 Remote Code Execution

Netbus Backdoor version 1.7 Metasploit module that leverages an insecure credential storage vulnerability that then performs command injection. ============================================================================================================================================= | Title :...

7.3AI score
Exploits0
OSV
OSV
added 2025/12/12 6:34 a.m.5 views

MAL-2025-192556 Malicious code in cms_comp_static (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e057568833f54e2250c5364e595d7a3046f4eb94f2484b9a0a2236b948cb10f The package cmscompstatic was found to contain malicious code. Source: ghsa-malware 38ce02191cf2d82246d56083ba8f7c2c4c0f14a71060bf8beaea95851f3c7a1e...

6.8AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/12/10 6:0 p.m.7 views

aap-gateway: Improper Path Validation in Gateway Allows Credential Exfiltration

A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash // prefix in the gatewaypath. A malicious or socially engineered administrator can configure a...

6.7CVSS5.7AI score0.00167EPSS
Exploits0References4
Rows per page
Query Builder