Lucene search
K

1978 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/19 8:46 a.m.7 views

Malicious code in sy-editor-v3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cbd7c2056a09f76b9e73fbd0dae4370df9df455077146ae85b6b985b0394d4f The package sy-editor-v3 was found to contain malicious code. Source: ossf-package-analysis...

5.7AI score
Exploits0
Snyk
Snyk
added 2026/04/17 11:0 a.m.8 views

Malicious Package

Overview koa-v3 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.7AI score
Exploits0References2
EUVD
EUVD
added 2026/04/09 9:31 p.m.6 views

EUVD-2026-21009

OpenPLCV3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system by bypassing authentication via an API...

9.2CVSS5.9AI score0.0045EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/09 7:0 p.m.21 views

CVE-2026-35063 Missing Authorization in OpenPLC_V3

OpenPLCV3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying their user ID or they can create new accounts with role=admin, escalating to full administrator access...

8.7CVSS0.0024EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 7:0 p.m.4 views

CVE-2026-35063

OpenPLCV3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying their user ID or they can create new accounts with role=admin, escalating to full administrator access...

8.7CVSS5.9AI score0.0024EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/09 2:25 a.m.27 views

CVE-2026-4429 OSM <= 6.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'marker_name' Shortcode Attribute

The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'markername' and 'filecolorlist' shortcode attribute of the osmmapv3 shortcode in all versions up to and including 6.1.15. This is due to insufficient input sanitization and output escaping. This mak...

6.4CVSS0.00239EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.4 views

TencentOS Server 3: nfs-utils (TSSA-2026:0202)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0202 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

6.5CVSS6AI score0.00462EPSS
Exploits0References2
OSV
OSV
added 2026/03/31 11:50 p.m.6 views

GHSA-8689-GM9G-JGR6 OpenClaw: Voice-call Plivo V3 webhook replay key uses unsorted URL, allowing replay via query-parameter reordering

Summary Plivo V3 signature verification canonicalized query ordering, but replay detection hashed the raw verification URL. Reordering query parameters preserved a valid signature while producing a fresh replay-cache key. Impact An attacker who captured one valid signed Plivo V3 webhook could...

8.2CVSS5.9AI score0.00149EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/31 11:27 p.m.6 views

SUSE CVE-2026-33987

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistentcachereadentryv3 in libfreerdp/cache/persistent.c, persistent-bmpSize is updated before winpralignedrecalloc. If realloc fails, bmpSize is inflated while bmpData points to the old buffer. This...

5.5CVSS5.8AI score0.001EPSS
Exploits0References7
OSV
OSV
added 2026/03/31 8:46 a.m.7 views

CLSA-2026-1774874764 squid: Fix of 3 CVEs

CVE-2026-33526: fix heap use-after-free due to double rfc1738escape in ICP error handling - CVE-2026-33515: fix validation of ICP packet sizes and URLs to prevent out-of-bounds reads - CVE-2026-32748: fix HttpRequest use-after-free in ICP v3 query handling...

9.2CVSS5.8AI score0.08942EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.10 views

CVE-2026-4346

The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device’s flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability to connect to the...

6.8CVSS5.9AI score0.00124EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/27 12:31 a.m.4 views

EUVD-2026-16452

The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device’s flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability to connect to the...

5.1CVSS5.8AI score0.00124EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/03/26 6:29 p.m.6 views

@algolia/coquille (>=0.0.2 <=0.0.13), @candlelabs/sdk (>=1.0.1 <=1.0.2) +20 more potentially affected by CVE-2026-33750 via brace-expansion (>=1.1.0 <=1.1.11)

brace-expansion NPM version =1.1.0, =0.0.2, =1.0.1, =0.0.1, =0.1.0, =1.0.0, =1.0.0, =1.1.1, =1.0.3-dev.20180316T104657Z.4a84a30, =1.1.0 and more Source cves: CVE-2026-33750 Source advisory: SNYK:JS-BRACEEXPANSION-15789759...

7.5CVSS6.2AI score0.0043EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/20 4:32 a.m.7 views

Malicious code in @validates-sdk/v3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14f6dc99183ad11d3293d19966af14cd33cf7ed4ad00f3de9d6f07e5842a9234 The package @validates-sdk/v3 was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/03/18 12:24 p.m.5 views

MAL-2026-1588 Malicious code in @bingads-webui-help/apex.core.v3.min (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87351101634ee5726eaa0ee76ecaec8529226c993a610ea5a2d1b7521778bd5a The package @bingads-webui-help/apex.core.v3.min was found to contain malicious code...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/18 12:10 p.m.12 views

Malicious code in test6789.v3 (NuGet)

--- -= Per source details. Do not edit below this line.=-...

5.8AI score
Exploits0
CVE
CVE
added 2026/03/12 3:36 p.m.8 views

CVE-2019-25512

CVE-2019-25512 affects Jettweb PHP Hazir Haber Sitesi Scripti V3. The vulnerability is an SQL injection exploitable through the kelime parameter in POST requests, allowing UNION-based payloads to extract or modify database contents. The reports indicate a NETWORK attack vector with LOW complexity...

8.8CVSS5.9AI score0.00331EPSS
Exploits1References2Affected Software1
ICS
ICS
added 2026/03/12 12:30 a.m.9 views

ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax

SUMMARY ABB became aware of vulnerability in the products versions listed as affected in the advisory. An update is available that resolves publicly reported vulnerability. An attacker who successfully exploited these vulnerabilities could cause a crash, denial-of-service DoS, or potentially...

9.8CVSS6.7AI score0.47621EPSS
Exploits7References11
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.6 views

Jettweb PHP Hazir Haber Sitesi Scripti SQL注入漏洞

Jettweb PHP Ready-made News Sites Script is a content management system developed by the Turkish company Jettweb. The Jettweb PHP Ready-made News Sites Script V3 version has a SQL injection vulnerability. This vulnerability stems from the kelime parameter, which allows for SQL injections. It coul...

8.8CVSS5.9AI score0.00331EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.11 views

Jettweb PHP Hazir Haber Sitesi Scripti SQL注入漏洞

Jettweb PHP Ready-made News Sites Script is a content management system provided by the Turkish company Jettweb. The Jettweb PHP Ready-made News Sites Script V3 version has a SQL injection vulnerability. This vulnerability stems from an authentication bypass in the login.php administration panel,...

9.8CVSS5.9AI score0.01089EPSS
Exploits1References2
Rows per page
Query Builder