Lucene search
K

27 matches found

OSV
OSV
added 2026/05/25 5:38 p.m.25 views

MAL-2026-4348 Malicious code in api-rs-node (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

5.5AI score
Exploits0References4
OSV
OSV
added 2026/05/25 12:3 p.m.13 views

MAL-2026-4350 Malicious code in clobprice.api (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

5.8AI score
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-32361

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.00201EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-1815

Malicious code in bioql PyPI...

8.2CVSS9.5AI score0.00763EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 11:41 a.m.11 views

CVE-2025-0683

In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device with that IP address or an attacker in a...

8.2CVSS6.9AI score0.00763EPSS
Exploits0References1
NVD
NVD
added 2025/01/30 7:15 p.m.17 views

CVE-2025-0683

In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device with that IP address or an attacker in a...

8.2CVSS0.00763EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/01/30 6:17 p.m.21 views

CVE-2025-0683 Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Contec Health CMS8000 Patient Monitor

In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device with that IP address or an attacker in a...

8.2CVSS0.00763EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/30 12:0 a.m.4 views

Contec Health CMS8000 Patient Monitor 安全漏洞

Contec Health CMS8000 Patient Monitor is a vital signs patient monitor from Contec Japan. A security vulnerability exists in the Contec Health CMS8000 Patient Monitor that originates from allowing the transmission of plain text patient data to a hard-coded public IP address...

8.2CVSS9.4AI score0.00763EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/01/23 12:0 a.m.6 views

PT-2025-4002 · Contec Health · Contec Health Cms8000 Patient Monitor

Name of the Vulnerable Software and Affected Versions: Contec Health CMS8000 Patient Monitor version Description: The issue involves the transmission of plain-text patient data to a hard-coded public IP address when a patient is connected to the monitor. This could lead to a leakage of confidenti...

8.2CVSS9.5AI score0.00763EPSS
Exploits0References17
Github Security Blog
Github Security Blog
added 2024/07/05 8:7 p.m.69 views

Server Side Request Forgery (SSRF) attack in Fedify

Summary At present, when Fedify needs to retrieve an object or activity from a remote activitypub server, it makes a HTTP request to the @id or other resources present within the activity it has received from the web. This activity could reference an @id that points to an internal IP address,...

7.2CVSS6.9AI score0.006EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/07/05 8:7 p.m.63 views

GHSA-P9CG-VQCC-GRCX Server Side Request Forgery (SSRF) attack in Fedify

Summary At present, when Fedify needs to retrieve an object or activity from a remote activitypub server, it makes a HTTP request to the @id or other resources present within the activity it has received from the web. This activity could reference an @id that points to an internal IP address,...

7.2CVSS7.1AI score0.006EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/03/21 6:59 p.m.50 views

Path traversal in webpack-dev-middleware

Summary The webpack-dev-middleware middleware does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer's machine. Details The middleware can either work with the physical filesystem when reading the files or it can...

7.5CVSS6.4AI score0.01209EPSS
Exploits1References11Affected Software1
Malwarebytes
Malwarebytes
added 2023/08/09 2:0 a.m.32 views

Cloudflare Tunnel increasingly abused by cybercriminals

Cloudflare Tunnel provides you with a secure way to connect your resources to Cloudflare without a publicly routable IP address. Cybercriminals are increasingly using this service to keep their activities from being detected. Cloudflare Tunnel, also known by its executable name, Cloudflared,...

7.3AI score
Exploits0
Prion
Prion
added 2021/08/26 3:15 p.m.17 views

Design/Logic Flaw

Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTT...

5CVSS5.2AI score0.01172EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2019/06/06 8:29 p.m.15 views

CVE-2019-11523

Anviz Global M3 Outdoor RFID Access Control executes any command received from any source. No authentication/encryption is done. Attackers can fully interact with the device: for example, send the "open door" command, download the users list which includes RFID codes and passcodes in cleartext, o...

9.8CVSS9.3AI score0.01208EPSS
Exploits2References1
Prion
Prion
added 2019/06/06 8:29 p.m.18 views

Design/Logic Flaw

Anviz Global M3 Outdoor RFID Access Control executes any command received from any source. No authentication/encryption is done. Attackers can fully interact with the device: for example, send the "open door" command, download the users list which includes RFID codes and passcodes in cleartext, o...

7.5CVSS9.2AI score0.01208EPSS
Exploits2References1
Cvelist
Cvelist
added 2019/06/06 7:39 p.m.16 views

CVE-2019-11523

Anviz Global M3 Outdoor RFID Access Control executes any command received from any source. No authentication/encryption is done. Attackers can fully interact with the device: for example, send the "open door" command, download the users list which includes RFID codes and passcodes in cleartext, o...

9.3AI score0.01208EPSS
Exploits2References1
Prion
Prion
added 2019/03/08 9:29 p.m.19 views

Design/Logic Flaw

A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent...

4CVSS4.5AI score0.00914EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2019/03/08 9:29 p.m.17 views

CVE-2019-1003036

A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent...

4.3CVSS6.5AI score
Exploits0References2
NVD
NVD
added 2019/03/08 9:29 p.m.26 views

CVE-2019-1003036

A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent...

4.3CVSS4.4AI score0.00914EPSS
Exploits0References2
Rows per page
Query Builder