Lucene search
K

1063 matches found

OSV
OSV
added 2026/03/24 12:48 p.m.11 views

MAL-2026-2130 Malicious code in fancode-web-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e56c163153700b6fef7090e078a98b7c2403088e5c5f487344dc419af8adaa7 The package fancode-web-app was found to contain malicious code. Source: ghsa-malware a933e6c673f3cf2c4cb0e768570b64dcf627ac59e6b29c2e9afd5a5fb3d4396...

5.8AI score
Exploits0References1
Malwarebytes
Malwarebytes
added 2026/03/23 3:41 p.m.8 views

FriendlyDealer mimics official app stores to push unvetted gambling apps

We’ve identified a huge social-engineering campaign designed to steer people into online gambling sites under the impression they’re installing a legitimate app. We’re calling it FriendlyDealer. It’s been observed across at least 1,500 domains, each hosting a website that impersonates the Google...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/03/18 4:16 p.m.146 views

web-app-security-project

🛡️ Web Application Security Project 📌 Overview This projec...

5.9AI score
Exploits0
OSV
OSV
added 2026/03/18 1:4 p.m.4 views

MAL-2026-1825 Malicious code in proleis-web-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector afd065de5d26ebde43c9fef2003ea3ffbc21bfa47120965cf1c6a893da876d33 The package proleis-web-app was found to contain malicious code...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/18 1:4 p.m.13 views

Malicious code in proleis-web-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector afd065de5d26ebde43c9fef2003ea3ffbc21bfa47120965cf1c6a893da876d33 The package proleis-web-app was found to contain malicious code...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/16 10:12 a.m.2 views

CVE-2026-3023

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/pets/print-tags'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose of injecting NoSQL commands,...

5.3CVSS5.9AI score0.00329EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.5 views

PT-2026-25671

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/hospitalization/generate-hospitalization-summary'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose o...

7.1CVSS5.9AI score0.00215EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.9 views

PT-2026-25673

Stored Cross-Site Scripting XSS vulnerability in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/configuracion/agenda/modelo-formulario-evento'. A user with permission to create personalized accounts could exploit this vulnerability simply by creating a malicious survey...

4.8CVSS5.8AI score0.00133EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/03/14 1:20 a.m.5 views

Chromium: CVE-2026-3935 Incorrect security UI in WebAppInstalls

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

6.5CVSS5.8AI score0.00161EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/12 2:4 p.m.4 views

SUSE CVE-2026-3935

Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/11 10:4 p.m.4 views

CVE-2026-3935

Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00161EPSS
Exploits0References2
CVE
CVE
added 2026/03/11 10:4 p.m.34 views

CVE-2026-3935

CVE-2026-3935 affects Google Chrome/Chromium on multiple platforms due to an incorrect security UI in WebAppInstalls, enabling UI spoofing via a crafted HTML page. Affected versions before 146.0.7680.71 (Chrome/Chromium upstream) are susceptible; fixes are delivered in Chromium 146.0.7680.71 and ...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/11 10:4 p.m.7 views

CVE-2026-3935

Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00161EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.1 views

PT-2026-24882

CVE-2026-3935 Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium secu… https://t.co/HGxaJ6tckB...

4.3CVSS5.8AI score0.00161EPSS
Exploits0References6
NVD
NVD
added 2026/03/09 9:16 p.m.13 views

CVE-2026-30240

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path traversal vulnerability in the PWA Progressive Web App ZIP processing endpoint POST /api/pwa/process-zip allows an authenticated user with builder privileges to read arbitrary...

9.6CVSS0.00267EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/09 8:50 p.m.4 views

CVE-2026-30240 Budibase PWA ZIP Upload Path Traversal Allows Reading Arbitrary Server Files Including All Environment Secrets

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path traversal vulnerability in the PWA Progressive Web App ZIP processing endpoint POST /api/pwa/process-zip allows an authenticated user with builder privileges to read arbitrary...

9.6CVSS5.9AI score0.00267EPSS
Exploits1References1
CVE
CVE
added 2026/03/09 8:50 p.m.17 views

CVE-2026-30240

Budibase PWA ZIP upload path traversal (CVE-2026-30240) affects Budibase 3.31.5 and earlier. Affected component: PWA ZIP processing endpoint at POST /api/pwa/process-zip. Root cause: unsanitized usage of path.join() with user-controlled input from icons.json inside the uploaded ZIP allowing an au...

9.6CVSS5.9AI score0.00267EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/03/09 12:0 a.m.5 views

Budibase 安全漏洞

Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Budibase versions 3.31.5 and earlier have a security vulnerability caused by a path traversal issue in the PWA ZIP processing...

9.6CVSS5.8AI score0.00267EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.6 views

CVE-2026-28405

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.1, the courses//assignments//submissions/htmlcontent route reads the contents of a student-submitted file and renders them without sanitization. This issue has been patched in version 2.9.1...

8CVSS5.7AI score0.00223EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/06 2:11 p.m.5 views

Malicious Package

Overview dc-web-app is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder