Lucene search
K

2202233 matches found

Packet Storm News
Packet Storm News
added 2026/09/10 12:0 a.m.220 views

IServ Schoolserver User Enumeration

IServ Schoolserver suffers from a user enumeration vulnerability. The vendor does not feel this is an issue...

5.8AI score
Exploits0
NVD
NVD
added 25 minutes ago2 views

CVE-2026-42936

The installer of HYPER SBI 2 insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer...

8.4CVSS
Exploits0References1
NVD
NVD
added 25 minutes ago2 views

CVE-2026-12512

The Quotes llama WordPress plugin before 3.1.6 does not properly sanitize and escape a user-supplied parameter before using it in a SQL query, allowing unauthenticated attackers to perform UNION-based SQL injection and read arbitrary data from the database, including password hashes...

Exploits0References1
Cvelist
Cvelist
added 42 minutes ago3 views

CVE-2026-12512 Quotes Llama < 3.1.6 - Unauthenticated SQL Injection via sc Parameter

The Quotes llama WordPress plugin before 3.1.6 does not properly sanitize and escape a user-supplied parameter before using it in a SQL query, allowing unauthenticated attackers to perform UNION-based SQL injection and read arbitrary data from the database, including password hashes...

Exploits0References1
CVE
CVE
added 42 minutes ago3 views

CVE-2026-12512

The Quotes llama WordPress plugin before 3.1.6 does not properly sanitize and escape a user-supplied parameter before using it in a SQL query, allowing unauthenticated attackers to perform UNION-based SQL injection and read arbitrary data from the database, including password hashes...

6.2AI score
Exploits0References1
The Hacker News
The Hacker News
added 1 hour ago5 views

Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands

SonicWall has warned of active exploitation of two zero-day vulnerabilities impacting Secure Mobile Access SMA 1000 series appliances, one of which could be exploited to achieve arbitrary command execution. The vulnerabilities are listed below - CVE-2026-15409 CVSS score: 10.0 - A Server-side...

10CVSS7.2AI score
Exploits2
Cvelist
Cvelist
added 1 hour ago3 views

CVE-2026-42936

The installer of HYPER SBI 2 insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer...

8.4CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 1 hour ago4 views

CVE-2026-42936

The installer of HYPER SBI 2 insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer...

8.4CVSS7.1AI score
Exploits0References2
CVE
CVE
added 1 hour ago5 views

CVE-2026-42936

The CVE-2026-42936 entry concerns the HYPER SBI 2 installer, which insecurely loads Dynamic Link Libraries. A local attacker can place a crafted DLL in the installer’s directory, enabling arbitrary code execution with the invoking user’s privileges during installation. The documented impact is hi...

8.4CVSS7.1AI score
Exploits0References1
GithubExploit
GithubExploit
added 1 hour ago7 views

Exploit for CVE-2025-60357

CVE-2025-60357- NoSQLMongoDB Injection Vulnerab...

6.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2 hours ago5 views

Malicious code in monogrok (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3369fb16804682addfec56904223d0255c2a0ca6d35481e744221e8252f2000d Package publishes as a generic 'M!T' library with an unrelated Apache-license README, but the tarball contains an offensive spam / phishing /...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2 hours ago5 views

Malicious code in core-dotenv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aad83962ee4db02c1bf43558ed5fe6bf79f66754b070415223d29643a8ff754e core-dotenv presents itself as a dotenv/env-var wrapper. On calling the package's config or get, which lazily invokes config, a worker plugin.worker....

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2 hours ago4 views

Malicious code in estore-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f5f2a664c7576b3cbf04696ddff717d8b3e9b835693035fa56a23035edef411 package.json declares a preinstall lifecycle script that runs wget against https://webhook.site/d32804ac-1bbb-4100-ab60-95231dd3251c/, sending the...

6.2AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2 hours ago5 views

Malicious code in data-proxy-for-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cb07f37b05b892d9785cc03fba0754ea4af3a50fab0ca6bb345ecac52b939a2 Package distributes as data-proxy-for-test while copying the identity author Sergey Parfenyuk, homepage/source pointing at...

6.2AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2 hours ago4 views

Malicious code in ethereum-input-decorder (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94137fcf0aee7d8edb4e15a8bc9be4455fbdf79cb5bf99987b79f0393fdff62c The package name typosquats the legitimate 'ethereum-input-decoder'. Its top-level init.py unconditionally invokes a payload routine on import: it...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 3 hours ago4 views

Malicious code in polygon-toolkit-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f56f0404b5e3f35ed475dae417f9351d4d149e163598eb72380fb6c025099e12 The package presents itself as a web3/polygon validator but its exported API silently relays caller-supplied data and generated cryptographic materia...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 3 hours ago4 views

Malicious code in @leviosa86com/leviosa86-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96264a8719e17bd8ec21d47213fe31dec87445e01ff312a1e46af5819e028979 Package @leviosa86com/[email protected] ships src/poc/index.js which shells out via childprocess.exec to collect host identifiers hostname, pwd,...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 3 hours ago4 views

Malicious code in leviosa86-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46b0bed6337ffe527af2615fed8ae1ecbb449f6a6cb00afa6381f7811ec88956 [email protected] ships src/poc/index.js which uses childprocess.exec to run a shell pipeline that collects host reconnaissance data hostname,...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 3 hours ago4 views

Malicious code in ai-pro-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b035f137addcf0118c3d042ece322d0fdde054e4ed283317d3b2adb309e38689 [email protected] is advertised as a Vercel AI SDK provider for Claude via the Claude Agent SDK, but the published tarball ships no code: package.json...

6.1AI score
Exploits0References2
NVD
NVD
added 4 hours ago6 views

CVE-2026-8919

Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in...

7.2CVSS
Exploits0References1
Rows per page
Query Builder