Lucene search
K

45 matches found

NVD
NVD
added 2026/02/27 8:17 a.m.6 views

CVE-2025-9909

A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash // prefix in the gatewaypath. A malicious or socially engineered administrator can configure a...

6.7CVSS0.00167EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2026/01/23 11:18 a.m.7 views

Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access

Cybersecurity researchers have disclosed details of a new dual-vector campaign that leverages stolen credentials to deploy legitimate Remote Monitoring and Management RMM software for persistent remote access to compromised hosts. "Instead of deploying custom viruses, attackers are bypassing...

6AI score
Exploits0
HackRead
HackRead
added 2025/12/26 2:58 p.m.7 views

Popular NPM Package lotusbail Exposed as Trojan Stealing WhatsApp Chats

Koi Security uncovers lotusbail, a malicious npm package with 56K downloads that steals WhatsApp messages and installs a persistent backdoor. Learn how to protect your data...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.11 views

EUVD-2017-3670

Malware in sbrugna...

8CVSS7.2AI score0.00973EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-7348

Malicious code in bioql PyPI...

9.8CVSS8.1AI score0.03954EPSS
Exploits1References3
Packet Storm News
Packet Storm News
added 2025/06/25 12:0 a.m.3 views

SPA: Towards More Stealth and Persistent Backdoor Attacks in Federated Learning

Federated Learning FL has emerged as a leading paradigm for privacy-preserving distributed machine learning, yet the distributed nature of FL introduces unique security challenges, notably the threat of backdoor attacks. Existing backdoor strategies predominantly rely on end-to-end label...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:9 a.m.7 views

CVE-2019-19642

On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or...

9CVSS7.2AI score0.19039EPSS
Exploits1References1
OSV
OSV
added 2025/04/03 2:6 p.m.6 views

BIT-DOLIBARR-2022-4093 SQL Injection in dolibarr/dolibarr

SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In...

9.8CVSS9AI score0.03954EPSS
Exploits1References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/02/03 8:39 a.m.3 views

Malicious code in ethchained (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ec2d7a0486fc07b92c872693b5b7ff68caeb51129ed60fdeb32a6913811a91df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
The Hacker News
The Hacker News
added 2024/04/06 9:43 a.m.82 views

Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites

Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 CVSS score: 9.1, which has been described by Adobe as a case of "improper neutralization of special elements" that could pave the way f...

9.1CVSS8.3AI score0.03687EPSS
Exploits0
The Hacker News
The Hacker News
added 2023/04/11 9:16 a.m.2 views

Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages

Cybersecurity researchers have detailed the inner workings of the cryptocurrency stealer malware that was distributed via 13 malicious NuGet packages as part of a supply chain attack targeting .NET developers. The sophisticated typosquatting campaign, which was uncovered by JFrog late last month,...

7.2AI score
Exploits0
OSV
OSV
added 2022/11/21 12:0 a.m.19 views

CVE-2022-4093 SQL Injection in dolibarr/dolibarr

SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In...

8.1CVSS8.2AI score0.03954EPSS
Exploits1References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/08/19 3:55 a.m.3 views

Malicious code in irmraf (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 79003d7e88777d58f2bf060d4f054d2527e6c4ff77d970645be62920969ee1ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:25 p.m.3 views

Malicious code in acs-ui-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7eb198d76eddd8c49bac72bea49559b8d349e2d762170f0312a5ff9736969a0b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Microsoft Secure
Microsoft Secure
added 2022/05/27 4:0 p.m.30 views

Android apps with millions of downloads exposed to high-severity vulnerabilities

Microsoft uncovered high-severity vulnerabilities in a mobile framework owned by mce Systems and used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote albeit complex or local attacks. The vulnerabilities, which affected apps...

7.2AI score
Exploits0
CNVD
CNVD
added 2019/12/09 12:0 a.m.4 views

SuperMicro X8STi-F Operating System Command Injection Vulnerability

The SuperMicro X8STi-F is a computer motherboard from SuperMicro USA. An operating system command injection vulnerability exists in the Virtual Media feature in the SuperMicro X8STi-F with IPMI firmware version 2.06 and BIOS version 02.68. An attacker can exploit this vulnerability to obtain a...

9CVSS7.6AI score0.19039EPSS
Exploits1References1
Prion
Prion
added 2019/12/08 4:15 a.m.22 views

Command injection

On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or...

9CVSS8.8AI score0.19039EPSS
Exploits1References1Affected Software2
Cvelist
Cvelist
added 2019/12/08 3:39 a.m.31 views

CVE-2019-19642

On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or...

8.8AI score0.19039EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2019/05/14 8:54 a.m.3 views

Flaw Affecting Millions of Cisco Devices Let Attackers Implant Persistent Backdoor

Researchers have discovered a severe vulnerability in Cisco products that could allow attackers to implant persistent backdoor on wide range devices used in enterprises and government networks, including routers, switches, and firewalls. Dubbed Thrangrycat or 😾😾😾, the vulnerability, discovered by...

9CVSS7.9AI score0.05516EPSS
Exploits0
The Hacker News
The Hacker News
added 2019/05/14 8:54 a.m.103 views

Flaw Affecting Millions of Cisco Devices Let Attackers Implant Persistent Backdoor

Researchers have discovered a severe vulnerability in Cisco products that could allow attackers to implant persistent backdoor on wide range devices used in enterprises and government networks, including routers, switches, and firewalls. Dubbed Thrangrycat or 😾😾😾, the vulnerability, discovered by...

9CVSS1.5AI score0.05516EPSS
Exploits0
Rows per page
Query Builder