CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

48 matches found

Malicious Package

Overview @service-user-notifications/setrefreshinterval is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.8AI score

Exploits0References2

OSSF Malicious Packages•added last week•6 views

Malicious code in @service-user-notifications/set_refresh_interval (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b13124f8eaabc2481894f69a70d43e10c28911bd5e2ef7e23716ae26b1113f5f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score

Exploits0References1

OSV•added last week•4 views

MAL-2026-4857 Malicious code in @service-user-notifications/reset_notifications_not_removable (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4d12701905c6e59f7189850ce7624f64dfcf3201ff6505294ff2030f1f9e147a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score

Exploits0References1

Vulnrichment•added 2026/05/19 9:9 p.m.•3 views

CVE-2026-34241 CtrlPanel: Stored XSS in Ticket Reply Notifications Allows Session Hijacking

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting XSS vulnerability in the ticket reply notification system. Unsanitized reply content $newmessage is stored directly in database notification payloads and later rendered...

8.7CVSS6AI score0.00037EPSS

Exploits0References2

Cvelist•added 2026/05/19 9:9 p.m.•22 views

CVE-2026-34241 CtrlPanel: Stored XSS in Ticket Reply Notifications Allows Session Hijacking

8.7CVSS0.00037EPSS

Exploits0References2

EUVD•added 2026/05/12 6:30 p.m.•5 views

EUVD-2026-29733

Improper access control in the notification management endpoints in Devolutions Server allows an unauthenticated attacker to modify or delete arbitrary user notification records via missing session validation. This issue affects the following versions : Devolutions Server 2026.1.6.0 through...

5.9AI score0.00028EPSS

Exploits0References2

Snyk•added 2026/03/11 10:40 p.m.•1 views

Authorization Bypass Through User-Controlled Key

Overview studiocms is an A Community-Driven Astro native CMS. Built from the ground up by the Astro community. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the updateUserNotifications handler in...

5.4CVSS5.9AI score0.00019EPSS

Exploits1References2

Vulnrichment•added 2026/03/11 8:9 p.m.•0 views

CVE-2026-32104 StudioCMS: IDOR in User Notification Preferences Allows Any Authenticated User to Modify Any User's Settings

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the updateUserNotifications endpoint accepts a user ID from the request payload and uses it to update that user's notification preferences. It checks that the caller is logged in but never...

5.4CVSS5.8AI score0.00019EPSS

Exploits1References1

OSV•added 2026/02/09 11:16 p.m.•1 views

CVE-2025-15318

Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools...

6CVSS5.9AI score

Exploits0References1

ATTACKERKB•added 2026/02/09 10:56 p.m.•1 views

CVE-2025-15318

Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools...

5.5CVSS5.6AI score0.00012EPSS

Exploits0References2Affected Software1

CVE•added 2026/02/09 10:56 p.m.•3 views

CVE-2025-15318

CVE-2025-15318 concerns an arbitrary file deletion vulnerability in Tanium End-User Notifications Endpoint Tools. The public records indicate Tanium addressed the issue, with referenced advisories (e.g., TAN-2025-017) and CVSS metrics showing LOCAL attacker, high impact on integrity and availabil...

6CVSS5.6AI score0.00012EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/02/09 10:56 p.m.•23 views

CVE-2025-15318 Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools.

Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools...

5.5CVSS0.00012EPSS

Exploits0References1

Vulnrichment•added 2026/02/09 10:56 p.m.•1 views

CVE-2025-15318 Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools.

Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools...

5.5CVSS5.6AI score0.00012EPSS

Exploits0References1

Veracode•added 2026/02/03 8:25 a.m.•3 views

Improper Access Control

weblate is vulnerable to improper access control. The vulnerability is due to insufficient authorization checks in the API, which allows an attacker to retrieve user notification settings or enumerate all users...

4.3CVSS5.5AI score0.00012EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2026/01/07 9:32 a.m.•3 views

CVE-2019-16181

In Limesurvey before 3.17.14, admin users can mark other users' notifications as read...

4CVSS6.9AI score0.00225EPSS

Exploits0References1

PyPA•added 2025/12/16 1:15 a.m.•7 views

PYSEC-2025-233

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue...

4.3CVSS5.8AI score0.00012EPSS

Exploits0References2Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-7403

Malware in sbrugna...

7.5CVSS7.5AI score0.00365EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2019-6344

Malware in sbrugna...

7.8CVSS7.6AI score0.00132EPSS

Exploits0References2