Lucene search
K

4415 matches found

Nuclei
Nuclei
added 15 hours ago50 views

Emerson Dixell XWEB-500 - Arbitrary File Write

Emerson Dixell XWEB-500 contains an arbitrary file write caused by unauthenticated access to /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi, letting attackers write any file on the system, exploit requires no authentication. id: CVE-2021-45420 info: name: Emerson...

10CVSS7.1AI score0.1755EPSS
Exploits1References3
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in ethereum-lib-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58bddf420dcb894a940b62fba777628f0c3a9d31dd7fa915afaea618c1914d52 Package [email protected] impersonates the widely-used ethereumjs-util library: the package name, README badge, repository, homepage, and auth...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in solana-key-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68b4680547530fce361014fe8c228734a8ec33bc8c834f46285e371e8f6b9f92 On require, index.js waits 37 seconds, reads test/fixtures/keypairs.dat a 53KB base64 blob disguised as a test fixture, no test harness references it...

6.4AI score
Exploits0References4
OSV
OSV
added yesterday4 views

MAL-2026-10591 Malicious code in solana-key-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68b4680547530fce361014fe8c228734a8ec33bc8c834f46285e371e8f6b9f92 On require, index.js waits 37 seconds, reads test/fixtures/keypairs.dat a 53KB base64 blob disguised as a test fixture, no test harness references it...

6.4AI score
Exploits0References4
OSV
OSV
added yesterday4 views

MAL-2026-10558 Malicious code in akshajrawat.utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 105157af41712b64f8b36ec1cb01e28958e4ad828a0c08d0979a1f6e22d1f13d The package's package.json declares a postinstall lifecycle hook that runs automatically on npm install: node -e...

6.1AI score
Exploits0References3
OSV
OSV
added yesterday4 views

MAL-2026-10540 Malicious code in postcss-processor-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0253c4f750443ba47f0ab61347fa85a1659b847190a85757575e904966636da On require, src/index.js loads src/token-loader.js, which reads data/design-tokens.json, XOR-decodes the base64 blobs under encrypted.chunks using a...

6.1AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday9 views

Malicious code in postcss-processor-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0253c4f750443ba47f0ab61347fa85a1659b847190a85757575e904966636da On require, src/index.js loads src/token-loader.js, which reads data/design-tokens.json, XOR-decodes the base64 blobs under encrypted.chunks using a...

6.1AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in eth-lib-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13895e2e8ee4aa9683c2fd6f0f873a38b19bbc5af207233e22c51668bc7dba41 Package [email protected] impersonates @ethereumjs/util / ethereumjs-util README, author list, repository URL, and source tree copied from the...

6.1AI score
Exploits0References4
OSV
OSV
added 2 days ago4 views

MAL-2026-10499 Malicious code in eth-lib-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13895e2e8ee4aa9683c2fd6f0f873a38b19bbc5af207233e22c51668bc7dba41 Package [email protected] impersonates @ethereumjs/util / ethereumjs-util README, author list, repository URL, and source tree copied from the...

6.1AI score
Exploits0References4
Rockylinux
Rockylinux
added 2 days ago4 views

maven:3.9 security update

An update is available for module.maven, apache-commons-io, slf4j, apache-commons-codec, jsr-305, plexus-containers, guava, httpcomponents-client, module.sisu, module.plexus-classworlds, plexus-interpolation, aopalliance, module.httpcomponents-core, module.apache-commons-io, atinject, google-guic...

8.8CVSS6.1AI score0.00663EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2 days ago7 views

Important: Red Hat Security Advisory: plexus-utils security update

An update for plexus-utils is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.8CVSS6.1AI score0.00663EPSS
Exploits0References2
OSV
OSV
added 2 days ago2 views

RHSA-2026:38514 Red Hat Security Advisory: plexus-utils security update

Bulletin has no description...

8.3CVSS6.1AI score0.00663EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2 days ago7 views

Important: Red Hat Security Advisory: plexus-utils security update

An update for plexus-utils is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.8CVSS6.1AI score0.00663EPSS
Exploits0References2
AlmaLinux
AlmaLinux
added 2 days ago3 views

Important: maven:3.9 security update

Maven is a software project management and comprehension tool. Based on the concept of a project object model POM, Maven can manage a project's build, reporting and documentation from a central piece of information. Security Fixes: org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Travers...

8.8CVSS6.1AI score0.00663EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-15326

A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUtils.unzipThemeTo of the file ThemeUtils.java of the component Theme Installation. Such manipulation of the argument metadata.name leads to path traversal. The attack may be launched remotely. The exploi...

5.1CVSS5.6AI score0.00364EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-15326 halo-dev halo Theme Installation ThemeUtils.java ThemeUtils.unzipThemeTo path traversal

A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUtils.unzipThemeTo of the file ThemeUtils.java of the component Theme Installation. Such manipulation of the argument metadata.name leads to path traversal. The attack may be launched remotely. The exploi...

5.1CVSS0.00364EPSS
Exploits0References6
OSV
OSV
added 5 days ago2 views

CVE-2026-15326 halo-dev halo Theme Installation ThemeUtils.java ThemeUtils.unzipThemeTo path traversal

A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUtils.unzipThemeTo of the file ThemeUtils.java of the component Theme Installation. Such manipulation of the argument metadata.name leads to path traversal. The attack may be launched remotely. The exploi...

5.1CVSS5.8AI score0.00364EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/08 6:28 p.m.4 views

cxf: org.apache.cxf/cxf-core: Apache CXF: Information disclosure via out-of-band external entity resolution due to missing JAXP hardening

A flaw was found in Apache CXF. The EndpointReferenceUtils and W3CMultiSchemaFactory classes within Apache CXF construct a SAXParserFactory without proper security configurations. This oversight enables out-of-band OOB external entity resolution, a type of XML External Entity XXE vulnerability. A...

9.8CVSS5.8AI score0.00527EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/08 1:15 p.m.6 views

EUVD-2026-42234

A flaw has been found in christopherthielen check-peer-dependencies up to 4.3.4. Affected by this vulnerability is the function shelljs.exec of the file dist/packageUtils.js of the component peerDependencies. This manipulation causes os command injection. The attack may be initiated remotely. The...

6.5CVSS6.3AI score0.01067EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/08 1:15 p.m.34 views

CVE-2026-15033 christopherthielen check-peer-dependencies peerDependencies packageUtils.js shelljs.exec os command injection

A flaw has been found in christopherthielen check-peer-dependencies up to 4.3.4. Affected by this vulnerability is the function shelljs.exec of the file dist/packageUtils.js of the component peerDependencies. This manipulation causes os command injection. The attack may be initiated remotely. The...

6.5CVSS0.01067EPSS
Exploits0References6
Rows per page
Query Builder