Lucene search
+L

2556 matches found

NVD
NVD
added 2026/05/22 4:16 p.m.15 views

CVE-2026-7325

Improper authorization in the Active Directory browsing feature in Devolutions Server allows a low-privileged authenticated user to obtain authentication material associated with a stored PAM provider service account via authentication relay to an attacker-controlled server. This issue affects :...

7.1CVSS0.00176EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/22 3:30 p.m.27 views

CVE-2026-7325

Improper authorization in the Active Directory browsing feature in Devolutions Server allows a low-privileged authenticated user to obtain authentication material associated with a stored PAM provider service account via authentication relay to an attacker-controlled server. This issue affects :...

5.8AI score0.00176EPSS
Exploits0References1
CVE
CVE
added 2026/05/22 3:30 p.m.28 views

CVE-2026-7325

The CVE-2026-7325 entry applies to Devolutions Server, with affected versions 2026.1.6.0–2026.1.16.0 and 2025.3.20.0 and earlier. The issue is an improper authorization in the Active Directory browsing feature that lets a low-privileged authenticated user obtain authentication material associated...

7.1CVSS5.8AI score0.00176EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/22 3:30 p.m.10 views

CVE-2026-7325

Improper authorization in the Active Directory browsing feature in Devolutions Server allows a low-privileged authenticated user to obtain authentication material associated with a stored PAM provider service account via authentication relay to an attacker-controlled server. This issue affects :...

7.1CVSS5.8AI score0.00176EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/22 3:30 p.m.13 views

EUVD-2026-31462

Improper authorization in the Active Directory browsing feature in Devolutions Server allows a low-privileged authenticated user to obtain authentication material associated with a stored PAM provider service account via authentication relay to an attacker-controlled server. This issue affects :...

7.1CVSS5.8AI score0.00176EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 11:16 a.m.12 views

Malicious code in codebuff-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bdf777f03e4dc44a9956401136a42f099638025ef7d2197dec630525ad26727d The package name codebuff-cli impersonates the legitimate codebuff npm package; the README is copy-pasted from the official CodebuffAI project it eve...

5.9AI score
Exploits0References26
OSV
OSV
added 2026/05/22 11:16 a.m.13 views

MAL-2026-4533 Malicious code in codebuff-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bdf777f03e4dc44a9956401136a42f099638025ef7d2197dec630525ad26727d The package name codebuff-cli impersonates the legitimate codebuff npm package; the README is copy-pasted from the official CodebuffAI project it eve...

5.9AI score
Exploits0References26
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 8:31 a.m.13 views

Malicious code in kurumi-fca (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f90450e6ca1502bf6287d945c37c4c64f59e624a4269ab8e07600a9db5e755d0 kurumi-fca is a Facebook Chat API library whose advertised purpose is to listen to Messenger events for the caller. Two undisclosed behaviors make it...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/22 8:31 a.m.11 views

MAL-2026-4597 Malicious code in kurumi-fca (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f90450e6ca1502bf6287d945c37c4c64f59e624a4269ab8e07600a9db5e755d0 kurumi-fca is a Facebook Chat API library whose advertised purpose is to listen to Messenger events for the caller. Two undisclosed behaviors make it...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/22 7:56 a.m.21 views

MAL-2026-4768 Malicious code in sklern (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1495d93dccc77a422f70d192ef4d8dcd53b0c990fff43e68bc2a0eca301e5d10 Package name 'sklern' is a one-character deletion from the top-tier ML package 'sklearn', and its public API linearregression, logisticregression,...

5.9AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 7:56 a.m.14 views

Malicious code in sklern (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1495d93dccc77a422f70d192ef4d8dcd53b0c990fff43e68bc2a0eca301e5d10 Package name 'sklern' is a one-character deletion from the top-tier ML package 'sklearn', and its public API linearregression, logisticregression,...

5.9AI score
Exploits0References6
OSV
OSV
added 2026/05/22 6:30 a.m.22 views

MAL-2026-4735 Malicious code in xy-ai-chat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f9025a3fddb0d31a5cd9114850b0ca859acf96e54649d4d2a9fe286b7ca015c xy-ai-chat ships a Lit web component whose bundled main entry hardcodes two plain-HTTP endpoints on a bare IPv4 address:...

5.7AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 5:16 a.m.19 views

Malicious code in wrld-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58965a325ad88c872b7c01668e4c08ca337b5fa022c15e626e23697d23fb594c The package exposes a public authentication API auth.user.login, auth.user.register, auth.user.get, auth.user.delete, plus an auth.system RPC surface...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/22 3:25 a.m.18 views

MAL-2026-4774 Malicious code in vulndify-mcp-server (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6110bfbfb3eac275094aefd342ef273350829f83c53c480e29df1f872b335650 The package advertises itself in the README as offering only a benign hello MCP tool, but src/vulndifymcpserver/server.py registers two additional,...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.18 views

PT-2026-42786

Improper authorization in the Active Directory browsing feature in Devolutions Server allows a low-privileged authenticated user to obtain authentication material associated with a stored PAM provider service account via authentication relay to an attacker-controlled server. This issue affects :...

5.8AI score0.00176EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 10:51 p.m.12 views

Malicious code in mathepy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 268eeb8db2d704a5b34b2007a25477fdd9f2de3525462f3dd78192aa5d2f95a1 Package metadata advertises mathepy as a 'Module for Quick Calculations', but the package's importable init.py exposes 13 top-level functions askllm,...

5.9AI score
Exploits0References14
OSV
OSV
added 2026/05/21 10:51 p.m.16 views

MAL-2026-4755 Malicious code in mathepy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 268eeb8db2d704a5b34b2007a25477fdd9f2de3525462f3dd78192aa5d2f95a1 Package metadata advertises mathepy as a 'Module for Quick Calculations', but the package's importable init.py exposes 13 top-level functions askllm,...

5.9AI score
Exploits0References14
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 6:31 p.m.10 views

Malicious code in maxixy-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b8df03da54eaa00b887a27395e7b7c42b02a982b1e9df9d82a5b0c243d0ba95 maxixy-cli is a wholesale rebrand of QwenLM/qwen-code itself a fork of google-gemini/gemini-cli with the Qwen OAuth device-flow base URL hardcoded to...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/21 6:31 p.m.9 views

MAL-2026-4607 Malicious code in maxixy-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b8df03da54eaa00b887a27395e7b7c42b02a982b1e9df9d82a5b0c243d0ba95 maxixy-cli is a wholesale rebrand of QwenLM/qwen-code itself a fork of google-gemini/gemini-cli with the Qwen OAuth device-flow base URL hardcoded to...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/21 2:34 p.m.9 views

MAL-2026-4380 Malicious code in @dekuzxc/nexca (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35a4db02ce3d3ea022c8a6b5349975b4721d3f2c5b516b6c3dd3dddbfa802271 When a consumer uses the advertised api.listen/listenE2EE flow, every incoming message attachment of type "photo" is auto-uploaded to imgbb.com using...

5.8AI score
Exploits0References3
Rows per page
Query Builder