Lucene search
K

1338614 matches found

BDU FSTEC
BDU FSTEC
added yesterday24 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS7AI score0.00385EPSS
Exploits0References11Affected Software9
BDU FSTEC
BDU FSTEC
added yesterday10 views

The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager lies in the lack of a mechanism for verifying input data during backup scenarios. This allows a malicious actor to execute arbitrary code with SYSTEM privileges.

The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager is related to deficiencies in the mechanism for verifying input data during backup scenario execution. Exploiting this vulnerability could allow an attacker, operating...

9.1CVSS6.1AI score0.00625EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added yesterday20 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the inclusion of functions from an unverified and uncontrolled area. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

10CVSS7.2AI score0.00709EPSS
Exploits1References11Affected Software9
BDU FSTEC
BDU FSTEC
added yesterday15 views

The vulnerability of the Directum HR Pro system, which exists due to insufficient verification of input data, allows a perpetrator to disclose protected information.

The vulnerability of the Directum HR Pro system exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to disclose protected information by sending a specially crafted POST request...

7.7CVSS5.7AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added yesterday14 views

The vulnerability of the Directum RX ECM system, related to deficiencies in access control, allows a perpetrator to compromise data integrity.

The vulnerability of the Directum RX ECM system is related to deficiencies in access control. Exploiting this vulnerability could allow a remote attacker to compromise data integrity...

5CVSS5.8AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added yesterday12 views

The vulnerability of the Kerberos protocol for Windows operating systems allows attackers to increase their privileges.

The vulnerability of the Kerberos protocol for Windows operating systems is related to errors in the mechanism for handling relative pathnames to the directory. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

9CVSS6.1AI score0.02593EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added yesterday12 views

The vulnerability of the MmMapIoSpace() function in the ThrottleBlood.sys driver allows a hacker to escalate their privileges, execute arbitrary code, or cause a service failure.

The vulnerability of the MmMapIoSpace function in the ThrottleBlood.sys driver, as part of the ThrottleStop utility, is related to open IOCTLs with insufficient access control. Exploiting this vulnerability could allow an attacker to enhance their privileges, execute arbitrary code, or cause...

7.5CVSS6AI score0.06702EPSS
Exploits8References3Affected Software1
BDU FSTEC
BDU FSTEC
added yesterday14 views

The vulnerabilities in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel allow a hacker to cause a service failure.

The vulnerability in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel systems relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a system failure...

7CVSS6.1AI score0.0013EPSS
Exploits0References5Affected Software2
BDU FSTEC
BDU FSTEC
added yesterday16 views

The vulnerability of the Directum Web Agent component of the Directum RX system, which arises due to insufficient validation of input data, allows a perpetrator to execute arbitrary code.

The vulnerability of the Directum Web Agent component of the Directum RX system exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially crafted file...

8.5CVSS6.1AI score
Exploits0Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday8 views

Malicious code in fast-dotenv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cc334bd438168239b92c3ca3bbaaeeeab56e9b325efa8e7be20ef87356e4f638 When using the library, it schedules a delayed malware activation. Malicious code contacts remote URLs to get C2 location, then performs machine fingerprinting...

6.2AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in auto-debug-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8dd31c11b5149d8dd2142c81cc066576dc799ba4dae4599a9569cb56256417ec package.json declares a postinstall hook node install.js that fires automatically on npm install. On Windows, install.js invokes hidden PowerShell -N...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in vuln-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8bd105bf3b12062f312b41f2a1eead5e8481f8d3749fc78bc79ed8675c11394 On npm install, the package's preinstall script triggers a DNS lookup to a unique subdomain of oast.fun fabekzbnjtufpffkzzmvjvi5eafhny3ok.oast.fun, a...

6.4AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday6 views

Malicious code in pipspeed (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1037d713fe94f92e9f1302a1c8fdfcd03ee290e1f2076e7c01cbd1305499e91 The package's advertised public entry point pipspeed.optimize GETs a JSON document from https://www.jsonkeeper.com/b/53XMN an anonymous, mutable past...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in nullrift (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29ebce322ac712405bfd29254cbd8f820c20ddc083587693a982b75ef6f3039a Package advertises itself as an SVG fetcher/sanitizer but its main module also exports an undocumented getPlugin function. The returned function...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday8 views

Malicious code in chain-await-dom (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7412987df7a746c9128ca807cbd2222b340e3b4f8397620348fc62606a0f2b5 The package's declared main entry index.js exports a factory check that spawns a detached, unreferenced Node child process running lib/vcall.js, then...

6.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in react-dom-v17 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f55f6e35ab09a2fcd6521dac51aa4baa4cfa726958bc266a0d56fc14de240a29 Package name impersonates the widely-used react-dom package react-dom-v17. package.json declares preinstall: node index.js, which fires automatically...

6.3AI score
Exploits0References1
GithubExploit
GithubExploit
added yesterday21 views

web-management-server-compromise-assessment

Web Management Server Compromise Assessment AMN SECUR...

7.8CVSS7.1AI score0.00383EPSS
Exploits7
GithubExploit
GithubExploit
added yesterday16 views

Exploit for Improper Control of Dynamically-Managed Code Resources in Vm2_Project Vm2

CVE-2023-29017 | vm2 Sandbox Escape를 통한 원격 코드 실행 WHS 4기 31...

10CVSS7.1AI score0.63186EPSS
Exploits2
GithubExploit
GithubExploit
added yesterday22 views

Exploit for Code Injection in Apache Nifi

CVE-2023-34468 — Apache NiFi ExecuteSQL H2 RUNSCRIPT RCE PoC...

8.8CVSS7.2AI score0.63633EPSS
Exploits10
NVD
NVD
added yesterday6 views

CVE-2026-10667

Zephyr's dynamic kernel-object tracking kernel/userspace/userspace.c, formerly kernel/userspace.c maintains a doubly-linked list objlist of dynamically allocated kernel objects. Iteration over this list in kobjectwordlistforeach was performed under listslock using the SAFE iterator which caches t...

7.8CVSS
Exploits0References2
Rows per page
Query Builder