Lucene search
K

25 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/18 10:31 p.m.13 views

Malicious code in node-vfs-polyfill (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fb213e524ed75dcb54961d6d2ee9431ea6a32f4fdcb9d777bc260102920d81b On install, postinstall.js executes automatically and exfiltrates host reconnaissance data to attacker-controlled subdomains on oastify.com Burp...

5.8AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/24 8:26 p.m.5 views

CVE-2026-4433

An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used...

4.8CVSS5.8AI score0.00247EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/07 4:28 p.m.1 views

CVE-2026-30852

Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...

7.5CVSS5.7AI score0.00401EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2025/12/18 5:28 a.m.4 views

CVE-2025-47319 Exposure of Sensitive System Information to an Unauthorized Control Sphere in HLOS

Information disclosure while exposing internal TA-to-TA communication APIs to HLOS...

6.7CVSS6.3AI score0.00081EPSS
Exploits0References1
NVD
NVD
added 2025/12/10 9:16 p.m.6 views

CVE-2020-36887

SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentials and system information...

8.7CVSS0.00366EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/05 12:0 a.m.22 views

CVE-2025-65878

The warehouse management system version 1.2 contains an arbitrary file read vulnerability. The endpoint /file/showImageByPath does not sanitize user-controlled path parameters. An attacker could exploit directory traversal to read arbitrary files on the server's file system. This could lead to th...

0.00608EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-6125

Malware in sbrugna...

7.5CVSS7.5AI score0.02361EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-50890

Malicious code in bioql PyPI...

6.2CVSS5.8AI score0.0021EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:47 p.m.13 views

CVE-2022-46025

Totolink N200REV5 V9.3.5u.6255B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page...

9.1CVSS7AI score0.01134EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:10 p.m.8 views

CVE-2020-13918

Incorrect access control in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to leak system information that can be used for a jailbreak via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R71...

7.5CVSS6.9AI score0.02361EPSS
Exploits0
NVD
NVD
added 2023/11/20 12:15 p.m.13 views

CVE-2023-46705

in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion...

6.2CVSS0.0021EPSS
Exploits0References1
Prion
Prion
added 2023/11/20 12:15 p.m.18 views

Type confusion

in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion...

1.7CVSS6.7AI score0.0021EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/20 11:46 a.m.17 views

CVE-2023-46705 Arkruntime has a type confusion vulnerability

in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion...

6.2CVSS6.3AI score0.0021EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/11/20 11:46 a.m.16 views

CVE-2023-46705 Arkruntime has a type confusion vulnerability

in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion...

6.2CVSS6.5AI score0.0021EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/11/20 12:0 a.m.5 views

PT-2023-30167 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 3.2.2 Description: The issue allows a local attacker to cause a system information leak through type confusion. Recommendations: For OpenHarmony versions prior to 3.2.2, at the moment, there is no information abo...

6.2CVSS6.6AI score0.0021EPSS
Exploits0References3
OSV
OSV
added 2023/10/05 10:15 p.m.5 views

CVE-2023-44213

Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect Cloud Agent Windows before build 35739, Acronis Cyber Protect 16 Windows before build 37391...

5.5CVSS5.8AI score0.0017EPSS
Exploits0References1
OSV
OSV
added 2022/08/22 3:15 p.m.4 views

CVE-2022-2552

The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site...

5.3CVSS5.8AI score0.08415EPSS
Exploits5References2
Prion
Prion
added 2020/07/28 3:15 p.m.16 views

Improper access control

Incorrect access control in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to leak system information that can be used for a jailbreak via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R71...

5CVSS7.5AI score0.02361EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/07/28 2:46 p.m.24 views

CVE-2020-13918

Incorrect access control in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to leak system information that can be used for a jailbreak via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R71...

7.5AI score0.02361EPSS
Exploits0References1
CNVD
CNVD
added 2018/01/15 12:0 a.m.4 views

File Read Vulnerability in ZTE Color Ring Business System

ZTE's ringtone system inherits the stable system architecture of the mobile smart network, follows the latest specifications of operators, and provides flexible interfaces and rich new service functions. A file read vulnerability exists in the ZTE Color Ring service system, which can be exploited...

6.9AI score
Exploits0
Rows per page
Query Builder