Lucene search
K

1958 matches found

EUVD
EUVD
added 2026/05/06 9:31 p.m.8 views

EUVD-2026-28206

A vulnerability has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. This affects an unknown function of the file /cdemos/echs/api/v2/ of the component Response Header Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit ha...

6.9CVSS5.2AI score0.00292EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.10 views

PT-2026-37138

Name of the Vulnerable Software and Affected Versions Incus versions prior to 7.0.0 Description Incus is a system container and virtual machine manager. An authenticated user can provide a specially crafted image or backup tarball containing a very large YAML document. Because the software unpack...

5.3CVSS5.8AI score0.00269EPSS
Exploits1References16
GithubExploit
GithubExploit
added 2026/05/03 12:10 p.m.121 views

Exploit for Integer Overflow or Wraparound in Zeromq Libzmq

CVE-2019-6250 — libzmq pre-auth RCE lab !CVEhttps://img.s...

9CVSS7.5AI score0.09444EPSS
Exploits2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/01 9:20 p.m.10 views

Malicious code in aocl-sparse-v2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b8e60c160aa7b9d4e10282013603466f6d96ac166bb41e18ef043060b3b04745 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score
Exploits0References1
Cvelist
Cvelist
added 2026/04/30 8:57 p.m.33 views

CVE-2026-4502 Arbitrary File Write and Remote Code Execution Vulnerability in Langflow v2 API

IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to write arbitrary files on the system...

6.5CVSS0.00275EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/30 8:57 p.m.7 views

CVE-2026-4502 Arbitrary File Write and Remote Code Execution Vulnerability in Langflow v2 API

IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to write arbitrary files on the system...

6.5CVSS5.9AI score0.00275EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/04/28 6:49 a.m.7 views

freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2()

A null pointer dereference has been discovered in FreeRDP. A NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0...

7.5CVSS5.3AI score0.00467EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2026/04/27 11:23 a.m.10 views

Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware

Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code VS Code extensions on the Open VSX repository that are linked to a persistent information-stealing campaign dubbed GlassWorm. The cluster of 73 extensions has been identified as cloned versions of their legitimate...

5.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/04/27 5:41 a.m.7 views

freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2()

A null pointer dereference has been discovered in FreeRDP. A NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0...

7.5CVSS5.3AI score0.00467EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/27 5:38 a.m.8 views

freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2()

A null pointer dereference has been discovered in FreeRDP. A NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0...

7.5CVSS5.3AI score0.00467EPSS
Exploits0References6
Talos
Talos
added 2026/04/27 12:0 a.m.16 views

OpenVPN TLS Crypt v2 Client Key Extraction denial of service vulnerability

Talos Vulnerability Report TALOS-2026-2381 OpenVPN TLS Crypt v2 Client Key Extraction denial of service vulnerability April 27, 2026 CVE Number CVE-2026-35058 SUMMARY A reachable assertion vulnerability exists in the TLS Crypt v2 Client Key Extraction functionality of OpenVPN 2.6.x and 2.8git. A...

7.5CVSS6.9AI score0.00815EPSS
Exploits0
EUVD
EUVD
added 2026/04/24 8:28 a.m.4 views

EUVD-2026-25409

A client holding only a read JWT scope can still register itself as a signal provider through the production kuksa.val.v2 OpenProviderStream API by sending ProvideSignalRequest. 1. Obtain any valid token with only read scope. 2. Connect to the normal production gRPC API kuksa.val.v2. 3. Open...

8.5CVSS5.3AI score0.00269EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/04/23 12:0 a.m.107 views

📄 Langflow 1.8.4 Traversal / Remote Code Execution

This Metasploit module targets a path traversal vulnerability in Langflow versions 1.8.4 and below that allows attackers to write arbitrary files on the system through the /api/v2/files endpoint...

8.8CVSS5.9AI score0.31405EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.13 views

PT-2026-36645

Name of the Vulnerable Software and Affected Versions OpenVPN versions 2.6.0 through 2.6.19 OpenVPN versions 2.7 alpha1 through 2.7.1 Description A race condition occurs during the TLS handshake, specifically during TLS session promotion. This issue can be triggered by remote attackers, potential...

6.9CVSS5.5AI score0.00317EPSS
Exploits0References29
OSV
OSV
added 2026/04/23 12:0 a.m.6 views

UBUNTU-CVE-2026-35058

Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...

6.9CVSS5.2AI score0.00317EPSS
Exploits0References4
OSV
OSV
added 2026/04/21 9:24 a.m.9 views

SUSE-SU-2026:1520-1 Security update 5.1.3 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter: - Internal changes to fix build issues with no impact for customers spacecmd: - Version 5.1.13-0 Updated translation strings uyuni-tools: - Version 5.1.26-0 Fixed applying PTF with images from RPMs bsc1252548 Ssl Key...

8.7CVSS5.7AI score0.00375EPSS
Exploits0References18
CVE
CVE
added 2026/04/21 1:42 a.m.9 views

CVE-2026-6058

CVE-2026-6058 affects Zyxel WRE6505 v2 firmware V1.00(ABDV.3)C0. An improper encoding/escaping in the CGI program can allow an adjacent WLAN attacker to cause a DoS in the web management interface by convincing an authenticated administrator to visit the AP Select page while a malformed SSID is p...

5.7CVSS5.8AI score0.00182EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/21 1:42 a.m.4 views

CVE-2026-6058

UNSUPPORTED WHEN ASSIGNED An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00ABDV.3C0 could allow an adjacent attacker on the WLAN to cause a denial-of-service DoS condition in the web management interface by convincing an authenticated...

4.5CVSS5.8AI score0.00182EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/20 6:34 a.m.9 views

Malicious code in bignum-ts-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9302a5bb5d61b77b3bb20e1bc630cfc2ef2411f09200b10b9b3bdf3afbb21d11 The package bignum-ts-v2 was found to contain malicious code. Source: ghsa-malware cbe2f3378d63ab27729cde1a688d110842d5efda3b4e1e88c2eacf54161b4f0f A...

5.7AI score
Exploits0References1
Snyk
Snyk
added 2026/04/20 6:34 a.m.11 views

Malicious Package

Overview bignum-ts-v2 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Rows per page
Query Builder