Lucene search
K

2117 matches found

OSV
OSV
added 2026/06/08 10:31 p.m.21 views

MAL-2026-5340 Malicious code in xfoofoox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 94e46dfacc8ffb015e2258d96dedda0eebb7118144ace7021794c88b319ade14 During import, the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

5.8AI score
Exploits0References1
Amazon
Amazon
added 2026/06/08 12:0 a.m.11 views

Medium: vorbis-tools

Issue Overview: A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control functionality when processing malformed input, leading to a stack buffer underflow...

8.2CVSS5.8AI score0.00515EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.10 views

TencentOS Server 4: vorbis-tools (TSSA-2026:0408)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0408 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

8.2CVSS5.8AI score0.00515EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.9 views

Amazon Linux 2023 : vorbis-tools (ALAS2023-2026-1812)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1812 advisory. A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control...

8.2CVSS5.9AI score0.00515EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.8 views

CVE-2026-21785

A misconfigured Content Security Policy CSP in HCL BigFix Remote Control Server WebUI versions 10.1.0.0442 and earlier fails to define directives without fallbacks, allowing attackers to bypass intended security restrictions and load unauthorized resources...

4CVSS5.5AI score0.00148EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/06/03 6:16 a.m.21 views

Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content

Cybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gaining control of victims' systems. The Minecraft-focused malware-as-a-service MaaS campaign has been codenamed Weedhack by McAfee Labs, stating the activity has been active...

6.1AI score
Exploits0
Snyk
Snyk
added 2026/06/02 9:0 p.m.11 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that hides inside binary executable files triggered by a postinstall script. IronWorm is a sophisticated, Rust-based infostealer that functions as a self-replicating supply-chain attack. Its primary characteristi...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/02 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that hides inside binary executable files triggered by a postinstall script. IronWorm is a sophisticated, Rust-based infostealer that functions as a self-replicating supply-chain attack. Its primary characteristi...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/02 9:0 p.m.8 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that hides inside binary executable files triggered by a postinstall script. IronWorm is a sophisticated, Rust-based infostealer that functions as a self-replicating supply-chain attack. Its primary characteristi...

9.8CVSS5.8AI score
Exploits0References2
Rapid7 Blog
Rapid7 Blog
added 2026/06/01 1:0 p.m.28 views

CVE-2026-0826: How an Old Bug Can Feed AI-Powered Impersonation

One of the more persistent myths in security is that old bug classes become old problems. They don’t. They just show up in different places, under different conditions, and usually at the exact moment we’ve convinced ourselves not to pay attention to them. That’s part of what makes enterprise voi...

9.2CVSS6.3AI score0.26468EPSS
Exploits3
Snyk
Snyk
added 2026/05/31 9:0 p.m.10 views

Malicious Package

Overview @mlspace/inference-build is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/31 1:30 a.m.14 views

Malicious code in h4xupdate (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0de4da975d7b071824607be751a9ea0fb13e409eaef58d1cc0628263d5dea700 Package contains a remote control tool taking orders from a hardcoded Telegram bot. The authorship impersonate legitimate company. --- Category: MALICIOUS - Th...

6AI score
Exploits0References1
OSV
OSV
added 2026/05/29 1:34 p.m.9 views

OESA-2026-2486 vorbis-tools security update

Ogg Vorbis is a fully open, non-proprietary, patent-and-royalty-free, general-purpose compressed audio format for mid to high quality 8kHz-48.0kHz, 16+ bit, polyphonic audio and music at fixed and variable bitrates from 16 to 128 kbps/channel. This places Vorbis in the same competitive class as...

8.2CVSS5.9AI score0.00515EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/05/29 8:5 a.m.7 views

media: rc: xbox_remote: heed DMA restrictions

...

5.5CVSS5.4AI score0.00119EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Frontier 访问控制错误漏洞

Frontier is an Ethereum-compatible layer of Substrate. It is used to run unmodified Ethereum Dapps. Frontier X2 has a access control vulnerability that stems from the lack of mandatory pairing authentication or authorization, allowing unauthorized BLE reads and writes of critical GATT features...

8.8CVSS5.9AI score0.0028EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/28 5:50 p.m.32 views

Malicious code in telethon-pro-safe (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8bc2e515c2eb7bf73ea5d532cfb6701dcaf3dd95e9d8248ee3d426b1d0c1ed8c During installation, package executes obfuscated code that starts a RAT-like software allowing remote control and exfiltrating sensitive data. --- Category:...

6AI score
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/05/28 8:6 a.m.9 views

media: rc: igorplugusb: heed coherency rules

...

7.1CVSS5.4AI score0.00122EPSS
Exploits0
EUVD
EUVD
added 2026/05/27 8:15 p.m.12 views

EUVD-2026-32658

A misconfigured Content Security Policy CSP in HCL BigFix Remote Control Server WebUI versions 10.1.0.0442 and earlier fails to define directives without fallbacks, allowing attackers to bypass intended security restrictions and load unauthorized resources...

4CVSS5.8AI score0.00148EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 8:15 p.m.16 views

CVE-2026-21785

CVE-2026-21785 relates to a misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions ≤ 10.1.0.0442). The CSP failures occur because directives are defined without fallbacks, enabling attackers to bypass intended security restrictions and load unauthorized re...

4CVSS5.8AI score0.00148EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 8:15 p.m.40 views

CVE-2026-21785 HCL BigFix Remote Control Server WebUI is affected by a misconfigured Content Security Policy

A misconfigured Content Security Policy CSP in HCL BigFix Remote Control Server WebUI versions 10.1.0.0442 and earlier fails to define directives without fallbacks, allowing attackers to bypass intended security restrictions and load unauthorized resources...

4CVSS0.00148EPSS
Exploits0References1
Rows per page
Query Builder