Lucene search
+L

2554 matches found

nuclei
nuclei
added yesterday14 views

IBM BigFix Platform - Information Disclosure

IBM BigFix Platform 9.2 and 9.5 contains an information disclosure vulnerability caused by not enabling authenticated access in relay, letting remote attackers query and gather update and fixlet information, exploit requires no authentication. id: CVE-2019-4061 info: name: IBM BigFix Platform -...

5.3CVSS6.2AI score0.22547EPSS
Exploits2References3
ossf
ossf
added 2026/07/09 10:16 p.m.10 views

Malicious code in proxy-check-i (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2da390c130eb840eb129a5d43faf0a64a0f0f602070243613aa0e2f8ea8f6d04 The package advertises itself as a wrapper for a 'qsshd executable' but the bundled Go binary is a reverse-SSH daemon that grants a remote operator...

6.3AI score
Exploits0References3
ossf
ossf
added 2026/07/06 3:6 a.m.9 views

Malicious code in zod-pino434 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 599a5d533bf699156b78f5296f643227bf3e43d8e46f2adabfe250205a05bd26 Package name zod-pino434 and package.json description Node.js integration layer for Autodesk Forge do not match the shipped code. On npm install, the...

6AI score
Exploits0References3
ossf
ossf
added 2026/07/06 3:6 a.m.9 views

Malicious code in zod-pino444 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 560c3d47344d4da5dffac230236b5248d2f1856c221ffac7ff72d4e3b197957b Package [email protected] is a credential/secret harvester disguised behind a benign-sounding name. scripts/postinstall-agent.mjs is a...

6AI score
Exploits0References5
osv
osv
added 2026/07/06 3:6 a.m.7 views

MAL-2026-6795 Malicious code in zod-pino444 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 560c3d47344d4da5dffac230236b5248d2f1856c221ffac7ff72d4e3b197957b Package [email protected] is a credential/secret harvester disguised behind a benign-sounding name. scripts/postinstall-agent.mjs is a...

6AI score
Exploits0References5
ptsecurity
ptsecurity
added 2026/07/06 12:0 a.m.8 views

PT-2026-55904

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An injection issue exists in the Apache Camel IRC component due to improper input validation and...

6.5CVSS6.2AI score0.00428EPSS
Exploits0References7
patchstack
patchstack
added 2026/07/01 7:59 p.m.5 views

WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.11 - Missing Authorization to Unauthenticated Arbitrary Email Content Injection (Mail Relay / Phishing) vulnerability

Missing Authorization to Unauthenticated Arbitrary Email Content Injection Mail Relay / Phishing vulnerability discovered by ? in WordPress Plugin Kirki versions = 6.0.11...

5.3CVSS5.8AI score0.00283EPSS
Exploits0References1Affected Software1
cgr
cgr
added 2026/06/26 8:22 p.m.16 views

GHSA-MPWR-8VM7-H73F vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure-operationalinsights, crossplane-provider-azure-servicefabric, crossplane-provider-azure-sql, x509-certificate-exporter, crossplane-provider-azure-resources, crossplane-provider-azure-policyinsights, nfpm, crossplane-provider-azure-synapse,...

6.1AI score
Exploits0
cgr
cgr
added 2026/06/26 8:22 p.m.9 views

GHSA-RM3J-F69W-WQMQ vulnerabilities

Vulnerabilities for packages: backup-restore-operator, crossplane-provider-azure-operationalinsights, crossplane-provider-azure-servicefabric, zot, crossplane-provider-azure-synapse, agentbeat-fips, crossplane-provider-aws-appflow-fips, rancher-machine, cilium, docker-cli-buildx-fips,...

6.1AI score
Exploits0
cgr
cgr
added 2026/06/26 8:22 p.m.20 views

GHSA-Q4H4-GMJ2-QVW2 vulnerabilities

Vulnerabilities for packages: backup-restore-operator, crossplane-provider-azure-operationalinsights, crossplane-provider-azure-servicefabric, zot, crossplane-provider-azure-synapse, agentbeat-fips, crossplane-provider-aws-appflow-fips, rancher-machine, cilium, docker-cli-buildx-fips,...

6.1AI score
Exploits0
cgr
cgr
added 2026/06/26 8:22 p.m.8 views

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: backup-restore-operator, crossplane-provider-azure-operationalinsights, crossplane-provider-azure-servicefabric, zot, kyverno-policy-reporter-plugins-kyverno-fips, go-discover-fips, flux-operator-fips, crossplane-provider-azure-resources,...

6.1AI score
Exploits0
ossf
ossf
added 2026/06/26 11:16 a.m.8 views

Malicious code in ai-node-relay (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae845382ff29756db63bf611b9b6bdbd49c44be3bcc8b283512e6590182ac48b ai-node-relay ships dist/index.js as its npm main entry, processed with javascript-obfuscator string-array rotation, 0x-prefixed identifiers, base64...

6AI score
Exploits0References3
osv
osv
added 2026/06/26 11:16 a.m.6 views

MAL-2026-6518 Malicious code in ai-node-relay (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae845382ff29756db63bf611b9b6bdbd49c44be3bcc8b283512e6590182ac48b ai-node-relay ships dist/index.js as its npm main entry, processed with javascript-obfuscator string-array rotation, 0x-prefixed identifiers, base64...

6.1AI score
Exploits0References3
euvd
euvd
added 2026/06/25 8:39 a.m.34 views

EUVD-2026-39219

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrackirc: fix possible out-of-bounds read When parsing fails after we've matched the command string we should bail out instead of trying to match a different command. This helper should be deprecated, given...

5.7AI score0.00364EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.12 views

PT-2026-52363

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read exists in the netfilter conntrack irc helper. The issue occurs when parsing fails after a command string has been matched; the system attempts to match a different...

8.2CVSS6AI score0.00364EPSS
Exploits0References22
cgr
cgr
added 2026/06/23 8:16 a.m.12 views

GHSA-5WRP-CWCJ-Q835 vulnerabilities

Vulnerabilities for packages: backup-restore-operator, crossplane-provider-azure-operationalinsights, crossplane-provider-azure-servicefabric, temporal-server, zot, crossplane-provider-azure-synapse, agentbeat-fips, rancher-machine, cilium, beats-fips, apply-cve-bump, falcosidekick,...

6.1AI score
Exploits0
cgr
cgr
added 2026/06/23 8:16 a.m.12 views

CVE-2026-41178 vulnerabilities

Vulnerabilities for packages: backup-restore-operator, crossplane-provider-azure-operationalinsights, crossplane-provider-azure-servicefabric, temporal-server, zot, crossplane-provider-azure-synapse, agentbeat-fips, rancher-machine, cilium, beats-fips, apply-cve-bump, falcosidekick,...

5.3CVSS6.1AI score0.00237EPSS
Exploits0
ossf
ossf
added 2026/06/22 9:53 p.m.15 views

Malicious code in zod-pino (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c536e5a7ee3d5542e1ac822b30ba4525e52b2ae0c964d0c2470468d91b9b41c8 The package is published under a name suggesting a Pino logger integration for Zod, but the tarball contents do not match that purpose and exhibit...

5.9AI score
Exploits0References7
osv
osv
added 2026/06/22 9:53 p.m.12 views

MAL-2026-6273 Malicious code in zod-pino (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c536e5a7ee3d5542e1ac822b30ba4525e52b2ae0c964d0c2470468d91b9b41c8 The package is published under a name suggesting a Pino logger integration for Zod, but the tarball contents do not match that purpose and exhibit...

5.9AI score
Exploits0References7
packetstorm
packetstorm
added 2026/06/22 12:0 a.m.53 views

📄 N-able Mail Assure Authentication Bypass

N-able Mail Assure appears to suffer from a cross-tenant authentication bypass vulnerability via spoofing. CVE-2025-68624: Cross-Tenant Authentication Bypass by Spoofing in N-able Mail Assure CVE ID: CVE-2025-68624 Status: DISPUTED CWE: CWE-290 Authentication Bypass by Spoofing Affected Product:...

5.9AI score
Exploits1
Rows per page
Query Builder