Lucene search
K

7924 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/26 7:50 p.m.9 views

Malicious code in radishwxm5 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4cbabb01d98bcad5705b98f5aac22b9d8f53e8c97e2fe5ab8bca66661e6c0644 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
OSV
OSV
added 2026/01/26 7:50 p.m.8 views

MAL-2026-510 Malicious code in radishwxm5 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4cbabb01d98bcad5705b98f5aac22b9d8f53e8c97e2fe5ab8bca66661e6c0644 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/26 3:10 p.m.6 views

CVE-2026-24421

phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization logic which exposes the /api/setup/backup endpoint to any authenticated user despite their permissions. SetupController.php uses userIsAuthenticated but does not verify that the requester has...

6.5CVSS5.9AI score0.01734EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.8 views

PT-2026-4834

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...

8.7CVSS5.9AI score0.01566EPSS
Exploits1References2
OSV
OSV
added 2026/01/25 11:13 a.m.8 views

MAL-2026-505 Malicious code in flask-hookserver (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4d5afd1538994efa55632d3ed6d7c9fa419fb26c542b641a3efbd7b35501ea58 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/25 10:8 a.m.12 views

Malicious code in test-poc-package-for-session (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9f768feb5a11add4d0ac64d8f24777461d3586e719a57d4432711ee6aae4f112 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/01/25 10:8 a.m.8 views

MAL-2026-502 Malicious code in test-poc-package-for-session (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9f768feb5a11add4d0ac64d8f24777461d3586e719a57d4432711ee6aae4f112 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/01/25 10:4 a.m.9 views

MAL-2026-503 Malicious code in test-poc-package-for-session-2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0b7003b7bd9585bbb25ce1f957ffef83603883d550f07f77443780a7d47a7f20 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/25 10:4 a.m.12 views

Malicious code in test-poc-package-for-session-2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0b7003b7bd9585bbb25ce1f957ffef83603883d550f07f77443780a7d47a7f20 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

5.8AI score
Exploits0References1
EUVD
EUVD
added 2026/01/24 1:43 a.m.6 views

EUVD-2026-4258

phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization logic which exposes the /api/setup/backup endpoint to any authenticated user despite their permissions. SetupController.php uses userIsAuthenticated but does not verify that the requester has...

6.5CVSS5.6AI score0.01734EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2026/01/24 1:43 a.m.5 views

CVE-2026-24421

phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization logic which exposes the /api/setup/backup endpoint to any authenticated user despite their permissions. SetupController.php uses userIsAuthenticated but does not verify that the requester has...

6.5CVSS5.9AI score0.01734EPSS
Exploits3References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/24 1:43 a.m.5 views

CVE-2026-24421 phpMyFAQ missing authorization exposes /api/setup/backup to any authenticated user

phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization logic which exposes the /api/setup/backup endpoint to any authenticated user despite their permissions. SetupController.php uses userIsAuthenticated but does not verify that the requester has...

6.5CVSS5.9AI score0.01734EPSS
Exploits3References1
OSV
OSV
added 2026/01/24 1:43 a.m.3 views

CVE-2026-24421 phpMyFAQ missing authorization exposes /api/setup/backup to any authenticated user

phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization logic which exposes the /api/setup/backup endpoint to any authenticated user despite their permissions. SetupController.php uses userIsAuthenticated but does not verify that the requester has...

6.5CVSS5.8AI score0.01734EPSS
Exploits3References3
CVE
CVE
added 2026/01/24 1:43 a.m.28 views

CVE-2026-24421

Summary: CVE-2026-24421 affects phpMyFAQ before 4.0.17. Versions 4.0.16 and earlier have flawed authorization logic that exposes the /api/setup/backup endpoint to any authenticated user. The code uses userIsAuthenticated() without verifying configuration/admin permissions, allowing non-admin user...

6.5CVSS5.6AI score0.01734EPSS
Exploits3References1Affected Software1
Snyk
Snyk
added 2026/01/23 8:17 p.m.6 views

Improper Authorization

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Improper Authorization via the backup endpoint in the setup API. An attacker can access sensitive configuration backups by sending authenticated request...

7.1CVSS5.5AI score0.01734EPSS
Exploits3References2
OSV
OSV
added 2026/01/23 8:17 p.m.5 views

GHSA-WM8H-26FV-MG7G phpMyFAQ: /api/setup/backup accessible to any authenticated user (authz missing)

Summary Authenticated non‑admin users can call /api/setup/backup and trigger a configuration backup. The endpoint only checks authentication, not authorization, and returns a link to the generated ZIP. Details SetupController.php uses userIsAuthenticated but does not verify that the requester has...

6.5CVSS5.5AI score0.01734EPSS
Exploits3References3
OSV
OSV
added 2026/01/23 4:15 p.m.6 views

AZL-78473 CVE-2026-22992 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: libceph: return the handler error from monhandleauthdone Currently any error from cephauthhandlereplydone is propagated via finishauth but isn't returned from monhandleauthdone. This results in higher layers learning that despite...

7.5CVSS5.8AI score0.00268EPSS
Exploits0References1
OSV
OSV
added 2026/01/23 4:15 p.m.3 views

UBUNTU-CVE-2026-22992

In the Linux kernel, the following vulnerability has been resolved: libceph: return the handler error from monhandleauthdone Currently any error from cephauthhandlereplydone is propagated via finishauth but isn't returned from monhandleauthdone. This results in higher layers learning that despite...

7.5CVSS5.8AI score0.00268EPSS
Exploits0References27
Cvelist
Cvelist
added 2026/01/23 3:24 p.m.28 views

CVE-2026-22992 libceph: return the handler error from mon_handle_auth_done()

In the Linux kernel, the following vulnerability has been resolved: libceph: return the handler error from monhandleauthdone Currently any error from cephauthhandlereplydone is propagated via finishauth but isn't returned from monhandleauthdone. This results in higher layers learning that despite...

7.5CVSS0.00268EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/01/23 12:0 a.m.6 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004888)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004888 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: fix potential memory leak in setupbasectxt setupbasectxt allocates a memory chunk for...

5.5CVSS7AI score0.00204EPSS
Exploits0References4
Rows per page
Query Builder