Lucene search
K

6413 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:28 p.m.14 views

Malicious code in getui-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf281a31a53827497d9a24ff0602f277b568f495a00c14603c3e9bf11a30327a On npm install, postinstall.js issues an HTTPS GET to https://webhook.site/18dc4281-d366-438a-9186-76fbcd56ade5 with query parameters containing the...

6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 7:24 p.m.9 views

CVE-2026-47906 Dreamweaver Desktop | Dependency on Vulnerable Third-Party Component (CWE-1395)

Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a maliciou...

8.6CVSS6.2AI score0.00177EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 7:24 p.m.12 views

EUVD-2026-35803

Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a maliciou...

8.6CVSS6.2AI score0.00177EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 7:24 p.m.41 views

CVE-2026-47906 Dreamweaver Desktop | Dependency on Vulnerable Third-Party Component (CWE-1395)

Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a maliciou...

8.6CVSS0.00177EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:44 p.m.24 views

Malicious code in grateful-checkout (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2a9600ad3ee3fddd9f06425260c94edf660263800080787155a63d3e5212d12 On npm install, the postinstall hook in src/canary.js performs a DNS lookup and an HTTPS GET to a serveo tunnel host...

5.5AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.12 views

CVE-2026-11502

A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This manipulation of...

3.1CVSS4.7AI score0.0025EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 12:21 a.m.8 views

CVE-2026-44754 Missing caller identification check-in for ODP Data Replication APIs

The Remote Function Call RFC modules of the Operational Data Provisioning Data Replication API ODP-RFC are missing caller identification of permitted SAP-internal applications and are being used by customer or third-party applications in ways that are not aligned with its intended usage. Which...

6.6CVSS5.5AI score0.00219EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.19 views

PT-2026-48223

Name of the Vulnerable Software and Affected Versions Dreamweaver Desktop versions 21.7 and earlier Description A dependency on a vulnerable third-party component allows for arbitrary code execution in the context of the current user. This issue requires user interaction, specifically the opening...

8.6CVSS6.1AI score0.00177EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Adobe Dreamweaver Desktop 安全漏洞

Adobe Dreamweaver Desktop is a web design and development software provided by Adobe, a company based in America. Versions of Adobe Dreamweaver Desktop starting from 21.7 and earlier have security vulnerabilities. These vulnerabilities stem from reliance on vulnerable third-party components, whic...

8.6CVSS5.9AI score0.00177EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.12 views

Adobe Dreamweaver 21.0 < 21.8 Multiple Vulnerabilities (APSB26-62) (macOS)

The version of Adobe Dreamweaver installed on the remote macOS host is prior to 21.8. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-62 advisory. - Dreamweaver Desktop versions 21.7 and earlier are affected by an Access of Uninitialized Pointer vulnerability th...

8.6CVSS6.5AI score0.00177EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.13 views

Adobe Dreamweaver 21.0 < 21.8 Multiple Vulnerabilities (APSB26-62)

The version of Adobe Dreamweaver installed on the remote Windows host is prior to 21.8. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-62 advisory. - Dreamweaver Desktop versions 21.7 and earlier are affected by an Access of Uninitialized Pointer vulnerability...

8.6CVSS6.5AI score0.00177EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/08 4:34 p.m.14 views

CVE-2026-43972

A flaw was found in gun. A malicious or compromised HTTP/2 server can exploit an Origin Validation Error vulnerability by injecting unvalidated HTTP/2 PUSHPROMISE authority. This allows the server to plant cookies scoped to arbitrary third-party domains into the client's shared cookie store. This...

6.3CVSS5.6AI score0.00215EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 10:16 a.m.22 views

CVE-2026-11502

A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This manipulation of...

3.1CVSS0.0025EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/08 9:30 a.m.8 views

CVE-2026-11502 JeecgBoot Third-Party Login ThirdLoginController.java HttpServletResponse.sendRedirect redirect

A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This manipulation of...

3.1CVSS4.6AI score0.0025EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/08 9:30 a.m.8 views

CVE-2026-11502

A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This manipulation of...

3.1CVSS4.7AI score0.0025EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/08 9:30 a.m.13 views

EUVD-2026-35037

A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This manipulation of...

3.1CVSS4.7AI score0.0025EPSS
Exploits0References7
CVE
CVE
added 2026/06/08 9:30 a.m.34 views

CVE-2026-11502

CVE-2026-11502 affects JeecgBoot up to 3.9.2. The vulnerability is in the function HttpServletResponse.sendRedirect used by the Third-Party Login flow, specifically in ThirdLoginController.java, where manipulation of the argument state enables an open redirect. The issue can be triggered remotely...

3.1CVSS4.7AI score0.0025EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/08 9:30 a.m.45 views

CVE-2026-11502 JeecgBoot Third-Party Login ThirdLoginController.java HttpServletResponse.sendRedirect redirect

A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This manipulation of...

3.1CVSS0.0025EPSS
Exploits0References7
OSV
OSV
added 2026/06/08 9:30 a.m.4 views

CVE-2026-11502 JeecgBoot Third-Party Login ThirdLoginController.java HttpServletResponse.sendRedirect redirect

A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This manipulation of...

2.3CVSS5.2AI score0.0025EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.22 views

PT-2026-47264

A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This manipulation of...

3.1CVSS4.6AI score0.0025EPSS
Exploits0References8
Rows per page
Query Builder