Lucene search
K

7918 matches found

Vulnrichment
Vulnrichment
added 2026/02/03 2:28 a.m.5 views

CVE-2026-24935 An improper certificate validation vulnerability was found in a third-party NAT traversal module.

A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server. While subsequent access to device services requires additional authentication, a Man-in-the-Middle MitM attacker can intercept or redirect the NAT tunnel establishment. This could...

6.3CVSS5.5AI score0.00144EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/02 9:53 p.m.8 views

Malicious code in pipeline-poision-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9de6153f538cb8ccedf00f0f944128afb45f14522913cf398754fc4021f47e3e Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.6AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/02/02 10:10 a.m.8 views

kernel: net: use dst_dev_rcu() in sk_setup_caps()

In the Linux kernel, the following vulnerability has been resolved: net: use dstdevrcu in sksetupcaps Use RCU to protect accesses to dst-dev from sksetupcaps and skdstgsomaxsize. Also use dstdevrcu in ip6dstmtumaybeforward, and ipdstmtumaybeforward. ip4dsthoplimit can use dstdevnetrcu...

5.7AI score0.00167EPSS
Exploits0References5
CVE
CVE
added 2026/02/02 2:32 a.m.19 views

CVE-2026-1740

CVE-2026-1740 affects EFM ipTIME A8004T 14.18.2; the flaw is in httpcon_check_session_url inside /cgi/timepro.cgi in the Hidden login/setup interface, enabling remote improper authentication. Exploits are public per the sources; vendor did not respond to disclosure. Mitigation noted in PT-2026-55...

9.8CVSS6.7AI score0.00478EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.8 views

PT-2026-5599

Name of the Vulnerable Software and Affected Versions EFM ipTIME A8004T version 14.18.2 Description A flaw exists in the authentication process of the EFM ipTIME A8004T router. This issue stems from improper authentication within the httpcon check session url function, located in the...

7.5CVSS7AI score0.00478EPSS
Exploits0References10
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/01 7:14 p.m.10 views

Malicious code in base-local-planner (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c0cb640a181ee8e6c31d4f0f87e8768b7a67b70174dd65794e8d980909eac8a3 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/01 7:6 p.m.8 views

Malicious code in genvia-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 daedaaf2f945a1cc86a93f479d8284153533d387ddd7b00418991a7998a37e11 During installation, the package attempts to exfiltrate specific sensitive environment variables. --- Category: MALICIOUS - The campaign has clearly malicious...

6.1AI score
Exploits0References1
OSV
OSV
added 2026/02/01 7:6 p.m.6 views

MAL-2026-622 Malicious code in genvia-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 daedaaf2f945a1cc86a93f479d8284153533d387ddd7b00418991a7998a37e11 During installation, the package attempts to exfiltrate specific sensitive environment variables. --- Category: MALICIOUS - The campaign has clearly malicious...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/01 10:15 a.m.8 views

Malicious code in wandb-widget (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 055598effefa8c10844b4dd82763ed5786623a04789583ed67d9a32e9342d45c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
OSV
OSV
added 2026/02/01 10:15 a.m.5 views

MAL-2026-620 Malicious code in wandb-widget (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 055598effefa8c10844b4dd82763ed5786623a04789583ed67d9a32e9342d45c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
GithubExploit
GithubExploit
added 2026/02/01 3:41 a.m.199 views

nightfury

NightFury Framework Version 2.0 | Professional Red Team Ope...

5.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/30 10:14 a.m.11 views

Malicious code in userver-requires-at-least-python-3-10 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 482925eb73388f3c834ceef6db5714f819970521367f7129878e38afbaa08bf0 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
OSV
OSV
added 2026/01/30 10:14 a.m.6 views

MAL-2026-606 Malicious code in userver-requires-at-least-python-3-10 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 482925eb73388f3c834ceef6db5714f819970521367f7129878e38afbaa08bf0 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/29 3:18 p.m.16 views

CVE-2025-59891

Cross-Site request forgery CSRF vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of...

8.5CVSS5.9AI score0.00127EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/29 1:50 p.m.8 views

Malicious code in securedrop-workstation-dom0-config (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a496fb67ea100acce3d945e16e2d50d6d3181a322017f80cdf8c01006a49aade Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
OSV
OSV
added 2026/01/29 1:50 p.m.9 views

MAL-2026-604 Malicious code in securedrop-workstation-dom0-config (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a496fb67ea100acce3d945e16e2d50d6d3181a322017f80cdf8c01006a49aade Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
OSV
OSV
added 2026/01/28 4:28 p.m.6 views

MAL-2026-590 Malicious code in pytorch-mutex (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4959fc9ffb04b2e53d068fa3e6564a21dd3bd4b6374324416a643c3e58ebe330 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
NVD
NVD
added 2026/01/28 12:15 p.m.5 views

CVE-2025-59891

Cross-Site request forgery CSRF vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of...

8.5CVSS0.00127EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/28 11:52 a.m.6 views

CVE-2025-59891

Cross-Site request forgery CSRF vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of...

8.5CVSS5.9AI score0.00127EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2026/01/28 11:52 a.m.10 views

CVE-2025-59891

CVE-2025-59891 is a CSRF vulnerability affecting Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. The root cause is lack of proper CSRF token handling, enabling an authenticated attacker to coerce other users to perform actions in the app (e.g., via POST to /setup_login?...

8.5CVSS5.9AI score0.00127EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder