Lucene search
+L

172 matches found

The Hacker News
The Hacker News
added yesterday7 views

New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands

Cybersecurity researchers have called attention to a new modular malware called TELEPUZ that's been spreading via websites infected with ClickFix lures since late April 2026. "The malware is full-featured, lightweight, and modular," Elastic Security Labs researcher Cyril François said in a...

6.4AI score
Exploits0
NVD
NVD
added 2 days ago6 views

CVE-2026-54562

Cloudreve is a self-hosted file management and sharing system. Prior to 4.16.1, Cloudreve's remote download workflow accepts user-supplied URLs at POST /api/v4/workflow/download and passes them to the configured downloader without blocking loopback, localhost, IPv6 localhost, or...

6.5CVSS0.00231EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-54562 Cloudreve: Non-admin remote download users can SSRF loopback/internal services and read imported responses

Cloudreve is a self-hosted file management and sharing system. Prior to 4.16.1, Cloudreve's remote download workflow accepts user-supplied URLs at POST /api/v4/workflow/download and passes them to the configured downloader without blocking loopback, localhost, IPv6 localhost, or...

6.5CVSS0.00231EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-44687

Cloudreve is a self-hosted file management and sharing system. Prior to 4.16.1, Cloudreve's remote download workflow accepts user-supplied URLs at POST /api/v4/workflow/download and passes them to the configured downloader without blocking loopback, localhost, IPv6 localhost, or...

6.5CVSS6.2AI score0.00231EPSS
Exploits0References3
OSV
OSV
added 2 days ago4 views

CVE-2026-54562 Cloudreve: Non-admin remote download users can SSRF loopback/internal services and read imported responses

Cloudreve is a self-hosted file management and sharing system. Prior to 4.16.1, Cloudreve's remote download workflow accepts user-supplied URLs at POST /api/v4/workflow/download and passes them to the configured downloader without blocking loopback, localhost, IPv6 localhost, or...

6.5CVSS6.2AI score0.00231EPSS
Exploits0References5
OSV
OSV
added 2026/06/22 12:0 p.m.18 views

MAL-2026-6312 Malicious code in @tinyfox/shapecheck (npm)

@tinyfox/shapecheck malicious version 0.8.7, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern...

5.9AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 8:47 a.m.12 views

Malicious code in aaaazzzzaz (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c1698c50a4706300296a442bbb0ae57280e870d8c83575d68218143e4ffd6645 During installation, the code attempts to download and start a malicious executable. Likely related to 2025-08-raknet-testing-package. --- Category: MALICIOUS ...

5.5AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.17 views

PT-2026-42752

Name of the Vulnerable Software and Affected Versions Sync-in versions prior to 2.3 Description An issue exists in the URL download feature where the private IP blocklist regex fails to match IPv4-mapped IPv6 addresses, such as ::ffff:127.0.0.1. On dual-stack systems, Node.js may report a socket'...

7.7CVSS5.5AI score0.00221EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 4:28 p.m.15 views

Malicious code in veteran (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70a20dd9f8d6a9df01d766c25693711d90e4303e3c68fa371f0b842f83c485b4 On npm install, the package's postinstall hook install.js, registered via package.json line 10 "postinstall": "node install.js" downloads a...

6AI score
Exploits0References3
OSV
OSV
added 2026/04/16 8:36 p.m.15 views

MAL-2026-2890 Malicious code in chai-as-ide (npm)

chai-as-ide is a malicious npm package that when imported downloads a C2 dropper from https://api.npoint.io/244f4de235f04fbcd51a and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

5.5AI score
Exploits0References2
OSV
OSV
added 2026/04/15 11:43 p.m.6 views

MAL-2026-2912 Malicious code in trgrip (npm)

trgrip is a malicious npm package that when imported downloads a C2 dropper from https://44.206.172.239:7443/direct/download/97900a0e-c691-483a-a988-97b76f205c0f and executes it. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/04/15 11:21 p.m.7 views

MAL-2026-2905 Malicious code in simple-auth-basic (npm)

simple-auth-basic is a malicious npm package that when imported downloads a C2 dropper from https://coingecko-liard.vercel.app and executes it. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8802844b712eedf88f3862f4e836efd3a767ee4944f6ec3b8c3fbe849fd741b The...

5.4AI score
Exploits0References2
NVD
NVD
added 2026/04/12 1:16 p.m.4 views

CVE-2019-25706

Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET request. Attackers can access the rom-0 endpoint without authentication to retrieve and decompress the...

8.7CVSS0.00535EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/12 12:28 p.m.3 views

CVE-2019-25706 Across DR-810 ROM-0 Unauthenticated File Disclosure

Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET request. Attackers can access the rom-0 endpoint without authentication to retrieve and decompress the...

8.7CVSS5.8AI score0.00535EPSS
Exploits0References3
OSV
OSV
added 2026/04/04 10:3 p.m.4 views

MAL-2026-2490 Malicious code in databaserotacos (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 04d640be20e9d2ff55f7682d535f6fd56b67b50008307c2e41986d6b31d4bfa4 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

6AI score
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.5 views

CVE-2026-33314

pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, a Host Header Spoofing vulnerability in the @localcheck decorator allows unauthenticated external attackers to bypass local-only restrictions. This grants access to the Click'N'Load API endpoints,...

6.5CVSS5.9AI score0.00183EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.13 views

PT-2026-23782

Name of the Vulnerable Software and Affected Versions XikeStor SKS8310-8X Network Switch versions prior to 1.04.B07 Description The XikeStor SKS8310-8X Network Switch firmware contains a missing authentication issue. An unauthenticated attacker can access the /switch config.src API endpoint to...

8.7CVSS5.8AI score0.00512EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/03/02 5:59 a.m.6 views

CVE-2026-2999

IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary executable files from a remote source and execute them...

9.8CVSS6.2AI score0.00508EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/02 5:59 a.m.26 views

CVE-2026-2999 Changing|IDExpert Windows Logon Agent - Remote Code Execution

IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary executable files from a remote source and execute them...

9.8CVSS0.00508EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.9 views

PT-2026-22547

Name of the Vulnerable Software and Affected Versions IDExpert Windows Logon Agent affected versions not specified Description IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution issue. Unauthenticated remote attackers can force the system to download arbitrary DLL file...

9.8CVSS6.3AI score0.00507EPSS
Exploits0References18
Rows per page
Query Builder