Lucene search
+L

822 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/23 5:41 p.m.18 views

Malicious code in pewter-constants (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c9f898fe8ed95b1d549bfff91d7c0dda0f75ada1c32a58af144940cf28b23c5 On npm install, a preinstall hook in callback.js collects os.hostname, os.userInfo.username, process.cwd, the configured npm registry...

5.8AI score
Exploits0References1
Cvelist
Cvelist
added 2026/05/23 7:30 a.m.20 views

CVE-2026-9294 Edimax BR-6428NS POST Request formWanTcpipSetup buffer overflow

A vulnerability was identified in Edimax BR-6428NS 1.10. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such manipulation of the argument pppUserName leads to buffer overflow. It is possible to launch the attack...

9CVSS0.00542EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/23 12:0 a.m.17 views

PT-2026-42869

A vulnerability was identified in Edimax BR-6428NS 1.10. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such manipulation of the argument pppUserName leads to buffer overflow. It is possible to launch the attack...

9CVSS7.8AI score0.00542EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 7:36 p.m.13 views

Malicious code in orca-website (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c52f7fe46d56cb45880942f5266494a2654d9d330914a6c3c99f02045eacd1dc On require/import, index.js collects host identifiers os.hostname, os.userInfo.username, os.platform, os.arch, process.cwd, process.pid, timestamp an...

5.8AI score
Exploits0References1
NVD
NVD
added 2026/05/22 5:16 p.m.16 views

CVE-2026-36227

Directory Traversal vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the UserName parameter...

6.5CVSS0.00866EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/22 12:0 a.m.13 views

CVE-2026-36227

Directory Traversal vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the UserName parameter...

0.00866EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/22 12:0 a.m.12 views

EUVD-2026-31473

Directory Traversal vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the UserName parameter...

6.5CVSS6.1AI score0.00866EPSS
Exploits1References2
CVE
CVE
added 2026/05/22 12:0 a.m.34 views

CVE-2026-36227

CVE-2026-36227 affects Easy Chat Server 3.1, specifically the UserName parameter in the registration path, where insufficient sanitization enables directory traversal that can expose sensitive data and potentially allow code execution. The available connected materials include a proof-of-concept ...

6.5CVSS6.1AI score0.00866EPSS
Exploits1References1
NVD
NVD
added 2026/05/20 4:16 a.m.14 views

CVE-2026-9010

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...

7.5CVSS0.00366EPSS
Exploits0References2
CVE
CVE
added 2026/05/20 2:27 a.m.22 views

CVE-2026-9010

The CVE concerns the Boost plugin for WordPress, affected through time-based SQL Injection in the plugin’s handling of the current_url and user_name parameters. Vulnerable in versions up to and including 2.0.3 due to insufficient escaping of user-supplied inputs and inadequate preparation of exis...

7.5CVSS5.9AI score0.00366EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.9 views

WordPress plugin Boost SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS5.9AI score0.00366EPSS
Exploits0References1
OSV
OSV
added 2026/05/19 8:37 p.m.15 views

MAL-2026-4758 Malicious code in nebulix-ai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93ea83117b0ae362a2b55ad581d69b3600c81b78d2e90c19bb1ea9eea2266a4c The package's documented NebulixEngine.chat API hardcodes two Firebase Realtime Database URLs owned by the author...

5.8AI score
Exploits0References2
CVE
CVE
added 2026/05/18 12:45 a.m.19 views

CVE-2026-8776

Edimax BR-6428NS v1.10 is affected by CVE-2026-8776 due to a buffer overflow in POST Request Handler’s formPPTPSetup (pptpUserName). The issue can be exploited remotely; public exploit exists and exploit maturity is PROOF-OF-CONCEPT. Vendor did not respond to disclosure. CVSS metrics indicate HIG...

9CVSS7.7AI score0.00445EPSS
Exploits0References4
CVE
CVE
added 2026/05/18 12:30 a.m.30 views

CVE-2026-8775

CVE-2026-8775 affects Edimax BR-6428NS firmware 1.10. The vulnerability lies in POST Request Handler’s /goform/formL2TPSetup function (L2TPUserName argument), where improper handling leads to a buffer overflow. This may allow remote attackers to trigger the overflow without user interaction. The ...

9CVSS7.7AI score0.00573EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/07 6:30 p.m.16 views

EUVD-2026-28392

A Cross-Site Scripting XSS vulnerability was found in PHPGurukal Hospital Management System v4.0 in the /hospital/hms/edit-profile.php page. This flaw allows an authenticated attacker patient to inject a malicious script payload into the User Name parameter, which is stored in the application and...

5.4CVSS5.7AI score0.00133EPSS
Exploits0References3
NVD
NVD
added 2026/05/07 4:16 p.m.23 views

CVE-2026-36388

A Cross-Site Scripting XSS vulnerability was found in PHPGurukal Hospital Management System v4.0 in the /hospital/hms/edit-profile.php page. This flaw allows an authenticated attacker patient to inject a malicious script payload into the User Name parameter, which is stored in the application and...

5.4CVSS0.00133EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/07 12:0 a.m.9 views

CVE-2026-36388

A Cross-Site Scripting XSS vulnerability was found in PHPGurukal Hospital Management System v4.0 in the /hospital/hms/edit-profile.php page. This flaw allows an authenticated attacker patient to inject a malicious script payload into the User Name parameter, which is stored in the application and...

5.4CVSS5.7AI score0.00133EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.13 views

PHPGurukul Hospital Management System 跨站脚本漏洞

PHPGurukul Hospital Management System is a hospital management system developed by PHPGurukul company, based on PHP and MySQL technologies. The PHPGurukul Hospital Management System v4.0 version has a cross-site scripting vulnerability. This vulnerability stems from the...

5.4CVSS5.6AI score0.00133EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/07 12:0 a.m.36 views

CVE-2026-36388

A Cross-Site Scripting XSS vulnerability was found in PHPGurukal Hospital Management System v4.0 in the /hospital/hms/edit-profile.php page. This flaw allows an authenticated attacker patient to inject a malicious script payload into the User Name parameter, which is stored in the application and...

0.00133EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.28 views

PT-2026-38450

A Cross-Site Scripting XSS vulnerability was found in PHPGurukal Hospital Management System v4.0 in the /hospital/hms/edit-profile.php page. This flaw allows an authenticated attacker patient to inject a malicious script payload into the User Name parameter, which is stored in the application and...

5.4CVSS5.7AI score0.00133EPSS
Exploits0References3
Rows per page
Query Builder