Lucene search
K

2299 matches found

OSV
OSV
added 2026/04/11 10:55 p.m.6 views

MAL-2026-2824 Malicious code in unisys-uka (npm)

Package is malware. Collects sensitive info, reads files, executes commands, and exfiltrates data to a remote server via postinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25745bb1be4d673e8e465091f55bfdad6ad5cd5740583fd9a9f38fd7dd3e5d57 The...

5.8AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 2:36 p.m.6 views

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

5.5CVSS5.8AI score0.00216EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2026/04/09 1:4 p.m.12 views

undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter

A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid servermaxwindowbits parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate,...

7.5CVSS7.1AI score0.00874EPSS
Exploits0References9
NVD
NVD
added 2026/04/06 10:16 p.m.8 views

CVE-2026-35452

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/CloneSite/client.log.php endpoint serves the clone operation log file without any authentication. Every other endpoint in the CloneSite plugin directory enforces User::isAdmin. The log contains internal filesyste...

5.3CVSS0.00367EPSS
Exploits1References1
CVE
CVE
added 2026/04/06 9:47 p.m.15 views

CVE-2026-35452

WWBN AVideo (versions 26.0 and prior) is affected by CVE-2026-35452 due to unauthenticated access to CloneSite/plugin/CloneSite/client.log.php, which serves clone operation logs containing internal filesystem paths, remote server URLs, and SSH metadata. The vulnerability arises because this endpo...

5.3CVSS5.9AI score0.00367EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/06 9:47 p.m.8 views

CVE-2026-35452

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/CloneSite/client.log.php endpoint serves the clone operation log file without any authentication. Every other endpoint in the CloneSite plugin directory enforces User::isAdmin. The log contains internal filesyste...

5.3CVSS5.9AI score0.00367EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/06 9:46 p.m.3 views

CVE-2026-35450 WWBN AVideo has Unauthenticated FFmpeg Remote Server Status Disclosure via check.ffmpeg.json.php

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/API/check.ffmpeg.json.php endpoint probes the FFmpeg remote server configuration and returns connectivity status without any authentication. All sibling FFmpeg management endpoints kill.ffmpeg.json.php,...

5.3CVSS5.9AI score0.0037EPSS
Exploits1References1
CVE
CVE
added 2026/04/06 9:46 p.m.24 views

CVE-2026-35450

CVE-2026-35450 affects WWBN AVideo (versions 26.0 and earlier). The plugin/API/check.ffmpeg.json.php endpoint exposes FFmpeg remote server configuration and connectivity status without authentication, while sibling endpoints (kill.ffmpeg.json.php, list.ffmpeg.json.php, ffmpeg.php) require admin a...

5.3CVSS5.9AI score0.0037EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/04/06 9:31 a.m.3 views

EUVD-2026-19190

A vulnerability was determined in assafelovic gpt-researcher up to 3.4.3. Affected is an unknown function of the component ws Endpoint. Executing a manipulation of the argument sourceurls can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS6.7AI score0.00284EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/06 4:45 a.m.8 views

CVE-2026-5623

A vulnerability was identified in hcengineering Huly Platform 0.7.382. This affects an unknown part of the file server/front/src/index.ts of the component Import Endpoint. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit is publicly availabl...

6.5CVSS6.2AI score0.00199EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/04 6:17 a.m.10 views

AVideo: Unauthenticated Information Disclosure via Missing Auth on CloneSite client.log.php

Summary The plugin/CloneSite/client.log.php endpoint serves the clone operation log file without any authentication. Every other endpoint in the CloneSite plugin directory enforces User::isAdmin. The log contains internal filesystem paths, remote server URLs, and SSH connection metadata. Details...

5.3CVSS5.9AI score0.00367EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/04 12:0 a.m.7 views

PT-2026-30336

Name of the Vulnerable Software and Affected Versions AVideo versions 26.0 and prior Description The plugin/CloneSite/client.log.php endpoint serves the clone operation log file without authentication. Other endpoints in the CloneSite plugin directory enforce User::isAdmin. The log contains...

5.3CVSS6AI score0.00367EPSS
Exploits1References5
OSV
OSV
added 2026/04/03 7:5 p.m.4 views

MAL-2026-2477 Malicious code in strapi-plugin-nordica-stage (npm)

strapi-plugin-nordica-stage is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/03 5:27 p.m.9 views

Malicious code in strapi-plugin-api (npm)

strapi-plugin-api is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology. It...

6AI score
Exploits0References2
Metasploit
Metasploit
added 2026/04/02 7:2 p.m.208 views

HTTPS Fetch, Reverse Ordinal TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/patchupmeterpreter/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf payloadreverseordtcp show options...

6AI score
Exploits0
EUVD
EUVD
added 2026/03/30 6:31 p.m.3 views

EUVD-2026-17166

A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affected by this issue is the function filegetcontents. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used...

6.5CVSS6.3AI score0.00267EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.5 views

CVE-2026-4907

A vulnerability was identified in Page-Replica Page Replica up to e4a7f52e75093ee318b4d5a9a9db6751050d2ad0. The impacted element is the function sitemap.fetch of the file /sitemap of the component Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack is...

6.5CVSS6.3AI score0.00206EPSS
Exploits0References1
OSV
OSV
added 2026/03/26 8:33 p.m.4 views

GO-2026-4841 NATS: Pre-auth remote server crash via WebSocket frame length overflow in wsRead in github.com/nats-io/nats-server

NATS: Pre-auth remote server crash via WebSocket frame length overflow in wsRead in github.com/nats-io/nats-server...

7.5CVSS5.9AI score0.00582EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:18 p.m.8 views

CVE-2026-3966

A vulnerability was detected in 648540858 wvp-GB28181-pro up to 2.7.4-20260107. Affected by this vulnerability is the function getDownloadFilePath of the file /src/main/java/com/genersoft/iot/vmp/media/abl/ABLMediaNodeServerService.java of the component IP Address Handler. The manipulation of the...

6.5CVSS6.2AI score0.00206EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/21 6:24 p.m.3 views

Malicious code in thisismytest (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a1c269bbb834081025da993697e3e2e44db4a97e16e21f4c792ed85391772fa9 During installation, the package downloads and runs a remote executable, which is identified as a backdoor. It connects with a remote server and executes basic...

5.9AI score
Exploits0References4
Rows per page
Query Builder