Lucene search
K

2124 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/13 3:25 p.m.5 views

Malicious code in @guards-lib/auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b72a9569fc4d43fe6d130bd5ecad08b4e9442b7ca7d8b03c4bfc8a44916d3e6 The package @guards-lib/auth was found to contain malicious code. Source: ghsa-malware 47112682da1426da21d8164ed1b9dd3a0dfa3e989e43b8143aad8831987f65...

5.7AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/07 6:15 p.m.11 views

OpenClaw: Trailing-dot localhost CDP hosts could bypass remote loopback protections

Summary Before OpenClaw 2026.4.2, remote CDP discovery could return a trailing-dot localhost host such as localhost. and bypass OpenClaw's loopback-host normalization. That let a non-loopback remote CDP profile pivot the follow-up connection back onto localhost. Impact A hostile discovery respons...

6.9CVSS6AI score0.00251EPSS
Exploits0References5Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2026/04/07 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-43542

This issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Tahoe 26.2, visionOS 26.2. Password fields may be unintentionally revealed when remotely controlling a device over FaceTime...

7.5CVSS5.7AI score0.00848EPSS
In wildExploits0References2
RedhatCVE
RedhatCVE
added 2026/04/06 10:57 a.m.6 views

CVE-2026-5544

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit h...

9CVSS7.7AI score0.00472EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/05 6:32 a.m.14 views

EUVD-2026-19038

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit h...

9CVSS6.3AI score0.00472EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/05 4:45 a.m.31 views

CVE-2026-5544 UTT HiPER 1250GW formRemoteControl stack-based overflow

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit h...

9CVSS0.00472EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/05 4:45 a.m.4 views

CVE-2026-5544 UTT HiPER 1250GW formRemoteControl stack-based overflow

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit h...

9CVSS7.7AI score0.00472EPSS
Exploits0References4
CVE
CVE
added 2026/04/05 4:45 a.m.21 views

CVE-2026-5544

CVE-2026-5544 affects UTT HiPER 1250GW, up to version 3.2.7-210907-180535. The vulnerability exists in an unknown function of the file /goform/formRemoteControl where manipulating the Profile argument causes a stack-based buffer overflow. It can be exploited remotely, and public exploits are avai...

9CVSS7.7AI score0.00472EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.10 views

UTT HiPER 1250GW 安全漏洞

UTT HiPER 1250GW is a wireless gateway device developed by UTT Corporation. Versions of UTT HiPER 1250GW prior to 3.2.7-210907-180535 contained security vulnerabilities. These vulnerabilities were caused by incorrect handling of parameters in the file/goform/formRemoteControl, which could lead to...

9CVSS7.7AI score0.00472EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.15 views

PT-2026-30416

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit h...

9CVSS7.7AI score0.00472EPSS
Exploits0References5
OSV
OSV
added 2026/03/31 11:7 p.m.3 views

GHSA-6FPF-248C-M7WM Sliver One-Click Remote Access: Insecure CORS & Unauthenticated MCP Interface

A single click on a malicious link gives an unauthenticated attacker immediate, silent control over every active C2 session or beacon, capable of exfiltrating all collected target data e.g. SSH keys, ntds.dit or destroying the entire compromised infrastructure, entirely through the operator's own...

5.9CVSS5.9AI score0.00396EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/31 5:1 p.m.6 views

CVE-2026-28526

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller LISTPLAYERAPPLICATIONSETTINGATTRIBUTES and LISTPLAYERAPPLICATIONSETTINGVALUES handlers that allows attackers to read beyond buffer boundaries. A nearby attacker with a paired Bluetooth...

3.5CVSS6AI score0.00143EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/30 2:8 p.m.9 views

CVE-2026-28528 BlueKitchen BTstack < 1.8.1 AVRCP Browsing Target GET_FOLDER_ITEMS Handler OOB Read / Undefined Behavior

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Browsing Target GETFOLDERITEMS handler that fails to validate packet boundaries and attribute count data. An attacker with a paired Bluetooth Classic connection can exploit insufficient bounds...

4.6CVSS5.9AI score0.00135EPSS
Exploits0References2
OSV
OSV
added 2026/03/30 2:8 p.m.4 views

CVE-2026-28528 BlueKitchen BTstack < 1.8.1 AVRCP Browsing Target GET_FOLDER_ITEMS Handler OOB Read / Undefined Behavior

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Browsing Target GETFOLDERITEMS handler that fails to validate packet boundaries and attribute count data. An attacker with a paired Bluetooth Classic connection can exploit insufficient bounds...

2.1CVSS6AI score0.00135EPSS
Exploits0References5
Schneier on Security
Schneier on Security
added 2026/03/19 9:47 a.m.13 views

Hacking a Robot Vacuum

Someone tries to remote control his own DJI Romo vacuum, and ends up controlling 7,000 of them from all around the world. The IoT is horribly insecure, but we already knew that...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/16 2:49 p.m.6 views

Malicious code in n8n-nodes-csv-parse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 011372ed1f40a4259802291679f8db573c8435e904c38e02482b4589d16c60c7 The package n8n-nodes-csv-parse was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
ICS
ICS
added 2026/03/13 12:30 a.m.9 views

ABB AWIN Gateways

SUMMARY ABB became aware of vulnerability in the products versions listed as affected in the advisory. An update is available that resolves the reported vulnerabilities. AWIN gateways are not intended to be internet-facing. An attacker who successfully exploited this vulnerability could take...

5.8AI score
Exploits0References12
OSV
OSV
added 2026/03/12 2:18 a.m.4 views

MAL-2026-1355 Malicious code in @dappaoffc/baileys-mod (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee2d90dce9a6d45cb24a57cb738764c3675c7b5e6a594a15f8130938bcf5a886 The package @dappaoffc/baileys-mod was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/09 8:2 a.m.9 views

CVE-2026-3699

A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-171114. This impacts the function strcpy of the file /goform/formRemoteControl. The manipulation results in buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attac...

9CVSS6.1AI score0.00655EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/08 3:30 a.m.7 views

EUVD-2026-10206

A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-171114. This impacts the function strcpy of the file /goform/formRemoteControl. The manipulation results in buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attac...

9CVSS7.6AI score0.00655EPSS
Exploits1References5
Rows per page
Query Builder