Lucene search
K

2121 matches found

Nuclei
Nuclei
added yesterday19 views

KevinLAB BEMS (Building Energy Management System) - Backdoor Account

KevinLAB BEMS has an undocumented backdoor account, and these sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution through the RMI. An attacker could exploit this vulnerability by logging in using the backdoor account with highes...

9CVSS6.9AI score0.06719EPSS
Exploits2References2
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-43008

RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type FileTransfer, PortForward, ViewCamera, or Terminal can send control messages and login options reserved for a full Remote session. An authenticated remote pe...

8.7CVSS6.1AI score0.00334EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago6 views

Malicious code in proxy-check-i (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2da390c130eb840eb129a5d43faf0a64a0f0f602070243613aa0e2f8ea8f6d04 The package advertises itself as a wrapper for a 'qsshd executable' but the bundled Go binary is a reverse-SSH daemon that grants a remote operator...

6.3AI score
Exploits0References3
EUVD
EUVD
added last week7 views

EUVD-2026-42038

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory 'Path...

9.8CVSS6AI score0.00632EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 12:0 a.m.8 views

Malicious code in console-fmt-cli (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign. console-fmt-cli uses a side-loader technique: it declares decimal-format-core =3.0 as a dependency, which contains a dropper that executes at install time via a postinstall hook. The dropper fetches a...

6.3AI score
Exploits0References12
NVD
NVD
added 2026/06/28 2:16 a.m.12 views

CVE-2026-58056

RustDesk gates incoming control messages on per-capability flags rather than on the session's authorized connection type, and a file-transfer session does not clear those flags. A peer holding only a valid FileTransfer authorization can inject keyboard and mouse input and reach the unguarded...

7.6CVSS0.00191EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 3:16 p.m.14 views

CVE-2016-20095

Matrix42 Remote Control Host 3.20.0031 contains an unquoted service path vulnerability in the FastViewerRemoteService and FastViewerRemoteProxy services that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can place a malicious executable in the Program Files...

8.5CVSS0.00119EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/19 2:16 p.m.5 views

CVE-2016-20095

Matrix42 Remote Control Host 3.20.0031 contains an unquoted service path vulnerability in the FastViewerRemoteService and FastViewerRemoteProxy services that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can place a malicious executable in the Program Files...

8.5CVSS6.2AI score0.00119EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/19 2:16 p.m.31 views

CVE-2016-20095 Matrix42 Remote Control Host 3.20.0031 Unquoted Path Privilege Escalation

Matrix42 Remote Control Host 3.20.0031 contains an unquoted service path vulnerability in the FastViewerRemoteService and FastViewerRemoteProxy services that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can place a malicious executable in the Program Files...

8.5CVSS0.00119EPSS
Exploits0References3
CVE
CVE
added 2026/06/19 2:16 p.m.14 views

CVE-2016-20095

The CVE-2016-20095 entry affects Matrix42 Remote Control Host 3.20.0031, due to an unquoted service path in the FastViewerRemoteService and FastViewerRemoteProxy. This allows local attackers to escalate privileges to SYSTEM by placing a crafted-named executable in the Program Files directory that...

8.5CVSS6.2AI score0.00119EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/19 2:16 p.m.9 views

EUVD-2016-10908

Matrix42 Remote Control Host 3.20.0031 contains an unquoted service path vulnerability in the FastViewerRemoteService and FastViewerRemoteProxy services that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can place a malicious executable in the Program Files...

8.5CVSS6.2AI score0.00119EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.21 views

PT-2026-50913

Name of the Vulnerable Software and Affected Versions Matrix42 Remote Control Host version 3.20.0031 Description An unquoted service path issue exists in the FastViewerRemoteService and FastViewerRemoteProxy services. This allows local users to execute arbitrary code with SYSTEM privileges by...

8.5CVSS6.1AI score0.00119EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50362

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric Room Air Conditioners affected versions not specified Mitsubishi Electric Wireless LAN Adapters for Room Air Conditioners affected versions not specified Mitsubishi Electric Wireless LAN Adapters for Packaged Air Conditione...

7.2CVSS5.3AI score0.00151EPSS
Exploits0References8
NVD
NVD
added 2026/06/12 6:16 p.m.15 views

CVE-2026-53406

Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...

7.8CVSS0.0008EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 5:52 p.m.12 views

EUVD-2026-36521

Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...

7.8CVSS5.3AI score0.0008EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 5:52 p.m.67 views

CVE-2026-53406

CVE-2026-53406 affects the Zoom Contact Center for Windows prior to version 7.0.0. The root cause is Insufficient Verification of Data Authenticity in the Remote Control feature, which may allow an authenticated user to perform a local privilege escalation. Impact, per the entry, is elevated priv...

7.8CVSS5.3AI score0.0008EPSS
Exploits0References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 7:16 a.m.14 views

Malicious code in 0x2ai-demo7x (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7e956073a7db6057e4d42af462dba0299152ca992c113d74c715e90574d0efb On npm install, scripts/postinstall.cjs copies the package's payload/ tree into the installer's project root process.env.INITCWD, placing...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/11 7:16 a.m.20 views

MAL-2026-5599 Malicious code in 0x2ai-ivo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e78c039ee7ad67b1a20ef30b37ce03178f6c2181b1e330db69e04dabd0a28686 On install, the postinstall script copies the package's payload/ tree CLAUDE.md,.claude/settings.json,.mcp.json, and several.cjs MCP scripts into the...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 7:16 a.m.14 views

Malicious code in 0x2ai-demo9x (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e796c3398589b92ecd70f45bc41128101313dd07adeb0634199ac3fef59d19d On npm install, scripts/postinstall.cjs copies the package's payload/ tree into the installer's project root process.env.INITCWD without consent,...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 12:19 a.m.14 views

Malicious code in hex-type (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7d0271fe97ea66e9ff2ba3a0ea225364324f28138af32c337d6ed8b2b99e5ad Package metadata description "A universally-unique, lexicographically-sortable, identifier generator", homepage github.com/ulid/javascript, build...

5.5AI score
Exploits0References2
Rows per page
Query Builder