Lucene search
+L

10836 matches found

Snyk
Snyk
added 2026/06/01 9:0 p.m.14 views

Malicious Package

Overview nottuff22 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.14 views

Malicious Package

Overview sixseven4 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...

9.8CVSS5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 2:1 p.m.15 views

Malicious code in saturn-bail (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a29ae44bbeeb4d31d176d78d669615e7a508bd236620cc3724478100f9b6997 saturn-bail is a Baileys-derivative WhatsApp library that, on every makeWASocket call, schedules a 90-second timer which executes...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 9:7 a.m.19 views

Malicious code in nolimit-x (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92a244ab5171edadc3082bc97d5b0834c4cfe98f2e5b6437503a30a7c1ac38aa nolimit-x ships an entirely obfuscator.io-packed runtime 45 files under.ad/, including the x0.js entrypoint with no readable source, and...

5.9AI score
Exploits0References42
OSV
OSV
added 2026/05/20 9:7 a.m.10 views

MAL-2026-4621 Malicious code in nolimit-x (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92a244ab5171edadc3082bc97d5b0834c4cfe98f2e5b6437503a30a7c1ac38aa nolimit-x ships an entirely obfuscator.io-packed runtime 45 files under.ad/, including the x0.js entrypoint with no readable source, and...

5.9AI score
Exploits0References42
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: rustbinder: fixed oneway spam detection The spam detection logic in TreeRange was executed before the current request was inserted into the tree. As a result, the new request wasn’t taken into account in the spam calculation...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid infinite loops when trying to resize the local TT. If the MTU of one of the attached interfaces becomes too small to transmit the local translation table, then it must be resized to fit within all fragments when...

5.5CVSS6AI score0.00259EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: dma-debug: prevents an error message from causing runtime problems. For some drivers that use the DMA API, this error message can occur several million times per second. This can lead to excessive use of the kernel’s printk buffe...

5.5CVSS5.8AI score0.00211EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-40020

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imapaclallowanyone=no. This causes folders to be...

4.3CVSS6AI score0.00271EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:34 a.m.10 views

SUSE CVE-2026-43435

In the Linux kernel, the following vulnerability has been resolved: rustbinder: fix oneway spam detection The spam detection logic in TreeRange was executed before the current request was inserted into the tree. So the new request was not being factored in the spam calculation. Fix this by moving...

5.7AI score0.00121EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/13 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-43435

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: rustbinder: fix oneway spam detection The spam detection logic in TreeRange was executed...

5.5CVSS5.2AI score0.00121EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 2:17 p.m.27 views

CVE-2026-40020

Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imapaclallowanyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is gained. Install to fixed...

4.3CVSS0.00271EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 1:28 p.m.8 views

CVE-2026-40020

Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imapaclallowanyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is gained. Install to fixed...

3.1CVSS5.8AI score0.00271EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 1:28 p.m.25 views

CVE-2026-40020

CVE-2026-40020 affects dovecot via IMAP SETACL: an attacker can inject the "anyone" permission into a user’s dovecot-acl file even when imap_acl_allow_anyone=no, causing folders to be spammed to all users. Impact is limited to spamming, not unauthorized data access. Multiple vendors have referenc...

4.3CVSS5.8AI score0.00271EPSS
Exploits0References1Affected Software2
AlpineLinux
AlpineLinux
added 2026/05/12 1:28 p.m.22 views

CVE-2026-40020

Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imapaclallowanyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is gained. Install to fixed...

4.3CVSS5.8AI score0.00271EPSS
Exploits0References1
OSV
OSV
added 2026/05/12 1:28 p.m.2 views

CVE-2026-40020

Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imapaclallowanyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is gained. Install to fixed...

3.1CVSS5.9AI score0.00271EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Open-Xchange OX Dovecot Pro 访问控制错误漏洞

Open-Xchange OX Dovecot Pro is an email storage and delivery system provided by the German company Open-Xchange. Open-Xchange OX Dovecot Pro has a access control vulnerability. This vulnerability stems from the IMAP SETACL command, which allows the anyone permission to be injected into the user’s...

4.3CVSS5.8AI score0.00271EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.16 views

PT-2026-40028

Name of the Vulnerable Software and Affected Versions dovecot versions prior to 2.4.4-1.1 Description An attacker can use the IMAP SETACL command to inject the anyone permission into a user's dovecot-acl file, bypassing the imap acl allow anyone=no configuration. This allows folders to be spammed...

6.5CVSS5.8AI score0.00338EPSS
Exploits0References30
RedhatCVE
RedhatCVE
added 2026/05/08 11:55 p.m.11 views

CVE-2026-43435

A flaw was found in the Linux kernel's rustbinder component. The oneway spam detection logic in both TreeRange and ArrayRange was incorrectly implemented or missing, allowing large spamming transactions to go undetected. A local attacker could exploit this vulnerability to cause a Denial of Servi...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/08 3:31 p.m.9 views

EUVD-2026-28741

In the Linux kernel, the following vulnerability has been resolved: rustbinder: fix oneway spam detection The spam detection logic in TreeRange was executed before the current request was inserted into the tree. So the new request was not being factored in the spam calculation. Fix this by moving...

5.7AI score0.00121EPSS
Exploits0References4
Rows per page
Query Builder