Lucene search
K

7923 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/04 10:3 p.m.10 views

Malicious code in databaserotacos (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 04d640be20e9d2ff55f7682d535f6fd56b67b50008307c2e41986d6b31d4bfa4 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

6AI score
Exploits0References9
OSV
OSV
added 2026/04/04 10:3 p.m.3 views

MAL-2026-2490 Malicious code in databaserotacos (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 04d640be20e9d2ff55f7682d535f6fd56b67b50008307c2e41986d6b31d4bfa4 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

6AI score
Exploits0References9
Github Security Blog
Github Security Blog
added 2026/04/04 6:8 a.m.4 views

Directus: Open Redirect in Admin 2FA Setup Page

Summary Directus is vulnerable to an Open Redirect via the redirect query parameter on the /admin/tfa-setup page. When an administrator who has not yet configured Two-Factor Authentication 2FA visits a crafted URL, they are presented with the legitimate Directus 2FA setup page. After completing t...

4.3CVSS5.9AI score0.00256EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/04/04 6:8 a.m.7 views

Open Redirect

Overview directus is a Directus is a real-time API and App dashboard for managing SQL database content. Affected versions of this package are vulnerable to Open Redirect via the redirect parameter on the /admin/tfa-setup page. An attacker can redirect users to an external, attacker-controlled URL...

5.3CVSS5.9AI score0.00256EPSS
Exploits0References2
OSV
OSV
added 2026/04/04 6:8 a.m.5 views

GHSA-Q75C-4GMV-MG9X Directus: Open Redirect in Admin 2FA Setup Page

Summary Directus is vulnerable to an Open Redirect via the redirect query parameter on the /admin/tfa-setup page. When an administrator who has not yet configured Two-Factor Authentication 2FA visits a crafted URL, they are presented with the legitimate Directus 2FA setup page. After completing t...

4.3CVSS5.9AI score0.00256EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/03 10:3 p.m.13 views

BentoML: Command Injection in cloud deployment setup script

Commit ce53491 March 24 fixed command injection via systempackages in Dockerfile templates and images.py by adding shlex.quote. However, the cloud deployment path in src/bentoml/internal/cloud/deployment.py was not included in the fix. Line 1648 interpolates systempackages directly into a shell...

7.8CVSS6.4AI score0.00315EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/04/03 10:3 p.m.1 views

Command Injection

Overview bentoml is a BentoML: Build Production-Grade AI Applications Affected versions of this package are vulnerable to Command Injection in the systempackages parameter of the deployment setup process. An attacker can execute arbitrary commands on the cloud build infrastructure by injecting...

8.5CVSS6.1AI score0.00315EPSS
Exploits1References2
OSV
OSV
added 2026/04/03 10:3 p.m.2 views

GHSA-FGV4-6JR3-JGFW BentoML: Command Injection in cloud deployment setup script

Commit ce53491 March 24 fixed command injection via systempackages in Dockerfile templates and images.py by adding shlex.quote. However, the cloud deployment path in src/bentoml/internal/cloud/deployment.py was not included in the fix. Line 1648 interpolates systempackages directly into a shell...

7.8CVSS6.5AI score0.00315EPSS
Exploits2References5
OSV
OSV
added 2026/04/03 9:37 p.m.4 views

GHSA-X8HC-FQV3-7GWF Signal K Server: Privilege Escalation by Admin Role Injection via /enableSecurity

Summary According to SignalK's security documentation, when a server is first initialized without security enabled, the /skServer/enableSecurity endpoint is intentionally exposed to allow the owner to set up the initial admin account. This initial open access is by design. However, the critical...

9.4CVSS6AI score0.00418EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/03 9:37 p.m.6 views

Signal K Server: Privilege Escalation by Admin Role Injection via /enableSecurity

Summary According to SignalK's security documentation, when a server is first initialized without security enabled, the /skServer/enableSecurity endpoint is intentionally exposed to allow the owner to set up the initial admin account. This initial open access is by design. However, the critical...

9.4CVSS6AI score0.00418EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/03 5:0 p.m.4 views

CVE-2026-5352

A security vulnerability has been detected in Trendnet TEW-657BRM 1.00.1. This impacts the function Edit of the file /setup.cgi. Such manipulation of the argument pcdblist leads to os command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used...

8.8CVSS6.4AI score0.04123EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/04/03 4:16 p.m.5 views

CVE-2026-23435

In the Linux kernel, the following vulnerability has been resolved: perf/x86: Move event pointer setup earlier in x86pmuenable A production AMD EPYC system crashed with a NULL pointer dereference in the PMU NMI handler: BUG: kernel NULL pointer dereference, address: 0000000000000198 RIP:...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References5
OSV
OSV
added 2026/04/03 4:16 p.m.5 views

UBUNTU-CVE-2026-23435

In the Linux kernel, the following vulnerability has been resolved: perf/x86: Move event pointer setup earlier in x86pmuenable A production AMD EPYC system crashed with a NULL pointer dereference in the PMU NMI handler: BUG: kernel NULL pointer dereference, address: 0000000000000198 RIP:...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References6
OSV
OSV
added 2026/04/03 11:40 a.m.4 views

MAL-2026-2448 Malicious code in supervisors (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c9f99997c1443b3be7bee7a7d490d05077e1d1c48bdd801f7357881ab1a73ca0 The setup.py contains a malicious code that skips execution if the system uses Russian language. Otherwise, it downloads the URL of the next stage payload from...

6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.7 views

PT-2026-35771

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.22 Description An issue exists where bootstrap setup codes are not bound to intended device roles and scopes during pairing. This allows attackers to escalate privileges beyond their intended role and scope...

9.8CVSS5.8AI score0.00328EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.5 views

PT-2026-30281

Commit ce53491 March 24 fixed command injection via system packages in Dockerfile templates and images.py by adding shlex.quote. However, the cloud deployment path in src/bentoml/ internal/cloud/deployment.py was not included in the fix. Line 1648 interpolates system packages directly into a shel...

7.8CVSS6.4AI score0.00315EPSS
Exploits2References5
Redos
Redos
added 2026/04/03 12:0 a.m.4 views

ROS-20260403-73-0002

A vulnerability in the smb2sesssetup function of the fs/smb/server/smb2pdu.c module of the ksmbd component of the Linux operating system kernel is related to the ability to use memory after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a...

7.8CVSS6.7AI score0.00354EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2026/04/02 9:52 p.m.5 views

CVE-2022-4986

Hirschmann EagleSDV version 05.4.01 prior to 05.4.02 contains a denial-of-service vulnerability that causes the device to crash during session establishment when using TLS 1.0 or TLS 1.1. Attackers can trigger a crash by initiating TLS connections with these protocol versions to disrupt service...

8.7CVSS5.9AI score0.00438EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/02 8:38 p.m.4 views

Malicious code in pycolorlib3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 22c84d1bcfac7d68fb2db1c9610d281372db5e2ef93edb1a90903c6a6b772e6c During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

6AI score
Exploits0References9
OSV
OSV
added 2026/04/02 8:38 p.m.3 views

MAL-2026-2433 Malicious code in pycolorlib3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 22c84d1bcfac7d68fb2db1c9610d281372db5e2ef93edb1a90903c6a6b772e6c During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

6AI score
Exploits0References9
Rows per page
Query Builder