Lucene search
K

362689 matches found

Fedora
Fedora
added 39 minutes ago2 views

[SECURITY] Fedora 43 Update: attr-2.6.0-1.fc43

A set of tools for manipulating extended attributes on filesystem objects, in particular getfattr1 and setfattr1. An attr1 command is also provided which is largely compatible with the SGI IRIX tool of the same name...

8.4CVSS6.1AI score0.00136EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday8 views

Malicious code in fast-dotenv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cc334bd438168239b92c3ca3bbaaeeeab56e9b325efa8e7be20ef87356e4f638 When using the library, it schedules a delayed malware activation. Malicious code contacts remote URLs to get C2 location, then performs machine fingerprinting...

6.2AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday6 views

Malicious code in pipspeed (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1037d713fe94f92e9f1302a1c8fdfcd03ee290e1f2076e7c01cbd1305499e91 The package's advertised public entry point pipspeed.optimize GETs a JSON document from https://www.jsonkeeper.com/b/53XMN an anonymous, mutable past...

6.6AI score
Exploits0References2
GithubExploit
GithubExploit
added yesterday26 views

Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2025-24813 Apache Tomcat - Remote Code Execution via Sessi...

10CVSS7.2AI score0.99945EPSS
Exploits47
GithubExploit
GithubExploit
added yesterday29 views

Exploit for Deserialization of Untrusted Data in Apache Camel

camel-jms Forged DefaultExchangeHolder Filter-Bypass Reproduce...

9.8CVSS6.2AI score0.00881EPSS
Exploits2
NVD
NVD
added yesterday7 views

CVE-2026-56271

Flowise before 3.1.0 affected versions 3.0.13 and earlier uses weak hardcoded default JWT secrets 'authtoken', 'refreshtoken' and default audience and issuer values 'AUDIENCE', 'ISSUER' in the enterprise passport authentication middleware packages/server/src/enterprise/middleware/passport/index.t...

9.8CVSS
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-56260

Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The outputpath parameter accepts arbitrary filesystem paths without validation, allowing an attacker to supply absolute or path-traversal values to write to any location...

9.1CVSS
Exploits0References3
Cvelist
Cvelist
added yesterday11 views

CVE-2026-56271 Flowise - Weak Default JWT Secrets in Authentication Middleware

Flowise before 3.1.0 affected versions 3.0.13 and earlier uses weak hardcoded default JWT secrets 'authtoken', 'refreshtoken' and default audience and issuer values 'AUDIENCE', 'ISSUER' in the enterprise passport authentication middleware packages/server/src/enterprise/middleware/passport/index.t...

9.8CVSS
Exploits0References2
CVE
CVE
added yesterday13 views

CVE-2026-56271

Flowise prior to 3.1.0 (versions

9.8CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added yesterday7 views

EUVD-2026-43228

Flowise before 3.1.0 affected versions 3.0.13 and earlier uses weak hardcoded default JWT secrets 'authtoken', 'refreshtoken' and default audience and issuer values 'AUDIENCE', 'ISSUER' in the enterprise passport authentication middleware packages/server/src/enterprise/middleware/passport/index.t...

9.8CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added yesterday10 views

CVE-2026-56260 Crawl4AI - Arbitrary File Write via output_path Parameter

Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The outputpath parameter accepts arbitrary filesystem paths without validation, allowing an attacker to supply absolute or path-traversal values to write to any location...

9.1CVSS
Exploits0References3
CVE
CVE
added yesterday12 views

CVE-2026-56260

CVE-2026-56260 affects Crawl4AI

9.1CVSS6.2AI score
Exploits0References3
EUVD
EUVD
added yesterday7 views

EUVD-2026-43227

Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The outputpath parameter accepts arbitrary filesystem paths without validation, allowing an attacker to supply absolute or path-traversal values to write to any location...

9.1CVSS6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in jupiter-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8e0901ca45da110106c60f288b0166fc51c348a44569d7e7ff22af3d19deafe On import jupitersdk, the package's top-level init.py fetches a payload over HTTPS from a public IPFS gateway...

6.6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in eth-agent (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3131490d64c4ae90de2926ca90f6fce23e6a113d1e6538db5ce98ffcf06983d1 The top-level ethagent/init.py performs an outbound HTTP fetch to a hardcoded IPFS gateway URL...

6.3AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in metemask-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a99855c93b46f7b996a005065c319bbb24c9d1f497d05dfd38fc83d1b21facdd metemask-sdk is a typosquat of the legitimate metamask-sdk package. On import, the top-level init.py performs an outbound HTTP fetch to...

6.3AI score
Exploits0References3
GithubExploit
GithubExploit
added yesterday31 views

Exploit for Deserialization of Untrusted Data in Apache Camel

camel-hazelcast Default-Instance Unsafe Deserialization Reprod...

8.1CVSS6.3AI score0.00804EPSS
Exploits1
GithubExploit
GithubExploit
added yesterday38 views

Exploit for CVE-2026-4631

CVE-2026-4631 — Cockpit Mass Exploit Tool Unauthenticated...

9.8CVSS6.8AI score0.142EPSS
Exploits4
GithubExploit
GithubExploit
added yesterday45 views

Exploit for Improper Authentication in Cisco Catalyst_Sd-Wan_Manager

Executive Summary The CVE-2026-20127 Defensive Companion is a...

10CVSS7.1AI score0.57793EPSS
Exploits10
Nuclei
Nuclei
added yesterday23 views

WP Content Copy Protection & No Right Click - Open Redirect

The WP Content Copy Protection & No Right Click plugin before version 15.3 contains an open-redirect vulnerability via the referrer parameter in no-js.php, allowing redirection of users to external sites. id: CVE-2024-6690 info: name: WP Content Copy Protection & No Right Click - Open Redirect...

6.1CVSS6.1AI score0.00473EPSS
Exploits1References2
Rows per page
Query Builder