Lucene search
K

288 matches found

Metasploit
Metasploit
added 5 days ago23 views

FTP Fetch, Windows x64 Command Shell, Reverse TCP Stager with UUID Support (Windows x64)

Fetch and execute an x64 payload from an FTP server. Spawn a piped command shell Windows x64 staged. Connect back to the attacker with UUID Support Windows x64 Module Options msf use payload/cmd/windows/ftp/x64/shell/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf...

6.2AI score
Exploits0
OSV
OSV
added 2026/06/26 7:1 p.m.8 views

MAL-2026-6535 Malicious code in disksweep (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31a2c10aba7f3468458529214868e2d8acd9717eb7985c47ab10cf4aed64f87c The package ships a 2.9 MB Windows PE32+ executable at bin/native/parser.node sha256 b1aace6c70312a39ca39e6bba1d9abc6aaf9b23171089b1a548adc89f67f83c3...

5.8AI score
Exploits0References2
Microsoft Secure
Microsoft Secure
added 2026/06/18 3:43 a.m.34 views

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

In this article 1. Attack chain overview 1. Discovery and initial indicators 2. Dependency injection: the poisoned package.json 3. Typosquat analysis: easy-day-js 4. Staged delivery pattern 5. Obfuscation and payload analysis 6. TLS bypass to self-deletion 7. Timeline analysis 2. Who is Sapphire...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.13 views

CVE-2026-42809

Apache Polaris can issue broad temporary "vended" storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but this scope limitation...

9.9CVSS5.3AI score0.00355EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/31 9:0 p.m.12 views

Malicious Package

Overview @car-loans/desktop-car-loans-application is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organizati...

9.8CVSS5.9AI score
Exploits0References2
The Hacker News
The Hacker News
added 2026/05/23 4:35 p.m.29 views

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation. Called staged publishing, the feature is now generally available on...

5.9AI score
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: x86/resctrl: Clear stagedconfig before and after it is used. As a temporary storage, stagedconfig in rdtdomain should be cleared before and after it is used. The stale value in stagedconfig could cause an MSR access error. Here i...

5.5CVSS5.3AI score0.00145EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/17 9:0 p.m.10 views

Malicious Package

Overview period-newline is a malicious package. This package contains malicious code designed to steal sensitive credentials and establish remote access. While these packages might attempt to impersonate legitimate organizations and popular open-source libraries, there is no connection between...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/05/17 9:0 p.m.14 views

Malicious Package

Overview nicegui is a malicious package. This package contains malicious code designed to steal sensitive credentials and establish remote access. While these packages might attempt to impersonate legitimate organizations and popular open-source libraries, there is no connection between those...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/05/17 9:0 p.m.9 views

Malicious Package

Overview redeem-onchain-sdk is a malicious package. This package contains malicious code designed to steal sensitive credentials and establish remote access. While these packages might attempt to impersonate legitimate organizations and popular open-source libraries, there is no connection betwee...

9.8CVSS5.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/04 6:30 p.m.15 views

Apache Polaris has an Improper Input Validation Issue

Apache Polaris can issue broad temporary "vended" storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but this scope limitation...

9.9CVSS5.7AI score0.00355EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/05/04 5:28 p.m.11 views

Missing Authorization

Overview org.apache.polaris:polaris-runtime-service is an a catalog for data lakes. It provides new levels of choice, flexibility and control over data, with full enterprise security and Apache Iceberg interoperability across a multitude of engines and infrastructure Affected versions of this...

9.9CVSS6AI score0.00355EPSS
Exploits0References2
NVD
NVD
added 2026/05/04 5:16 p.m.14 views

CVE-2026-42809

Apache Polaris can issue broad temporary "vended" storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but this scope limitation...

9.9CVSS0.00355EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/04 4:22 p.m.34 views

CVE-2026-42809 Apache Polaris: staged table creation could vend storage credentials for unvalidated locations

Apache Polaris can issue broad temporary "vended" storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but this scope limitation...

9.9CVSS0.00355EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/04 4:22 p.m.9 views

CVE-2026-42809

Apache Polaris can issue broad temporary "vended" storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but this scope limitation...

9.9CVSS5.8AI score0.00355EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/04 4:22 p.m.13 views

EUVD-2026-27033

Apache Polaris can issue broad temporary "vended" storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but this scope limitation...

9.9CVSS5.8AI score0.00355EPSS
Exploits0References1
CVE
CVE
added 2026/05/04 4:22 p.m.28 views

CVE-2026-42809

Apache Polaris is affected via the staged-create path where an authenticated, low-privilege user can supply a custom location during stage create and request credential vending. Polaris issues broad temporary (vended) storage credentials tied to that location before normal validation and overlap ...

9.9CVSS5.8AI score0.00355EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/04 4:22 p.m.11 views

CVE-2026-42809 Apache Polaris: staged table creation could vend storage credentials for unvalidated locations

Apache Polaris can issue broad temporary "vended" storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but this scope limitation...

9.9CVSS5.8AI score0.00355EPSS
Exploits0References1
OSV
OSV
added 2026/05/04 4:22 p.m.5 views

CVE-2026-42809 Apache Polaris: staged table creation could vend storage credentials for unvalidated locations

Apache Polaris can issue broad temporary "vended" storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but this scope limitation...

9.4CVSS5.9AI score0.00355EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/01 2:14 p.m.11 views

EUVD-2026-26550

In the Linux kernel, the following vulnerability has been resolved: net: ftgmac100: fix ring allocation unwind on open failure ftgmac100allocrings allocates rxskbs, txskbs, rxdes, txdes, and rxscratch in stages. On intermediate failures it returned -ENOMEM directly, leaking resources allocated...

5.8AI score0.00123EPSS
Exploits0References8
Rows per page
Query Builder