Lucene search
K

2139 matches found

Nuclei
Nuclei
added 2 hours ago60 views

Powertek Firmware <3.30.30 - Authorization Bypass

Powertek firmware multiple brands before 3.30.30 running Power Distribution Units are vulnerable to authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an...

9.8CVSS7.1AI score0.13425EPSS
Exploits1References5
Nuclei
Nuclei
added 2 hours ago21 views

Landray EKP - Path Traversal

A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sysuicomponent/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal. It is possible to...

6.9CVSS6AI score0.05597EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2 days ago53 views

nationstate-cyber-tools

NATION-STATE CYBER WEAPONS ARSENAL Live Web Page: htt...

7AI score
Exploits0
Securelist
Securelist
added 3 days ago7 views

The Gentlemen are knocking: сustom backdoors and evolving tactics

Introduction This year saw the emergence of The Gentlemen, a prominent example of a group operating under the ransomware-as-a-service RaaS model. Although our initial assessment suggested the group first appeared in mid-2025, it actually started ramping up its activities at the beginning of 2026...

6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 5 days ago3 views

SUSE SLES15 Security Update : aws-iam-authenticator (SUSE-SU-2026:2643-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2643-1 advisory. This update for aws-iam-authenticator fixes the following issues - CVE-2022-1996: CORS bypass bsc1200528. - CVE-2022-2385:...

9.6CVSS6.4AI score0.02737EPSS
Exploits1References20
SUSE Linux
SUSE Linux
added 6 days ago3 views

Security update for aws-iam-authenticator

This update for aws-iam-authenticator fixes the following issues CVE-2022-1996: CORS bypass bsc1200528. CVE-2022-2385: aws-iam-authenticator AccessKeyID validation bypass bsc1201395. CVE-2024-39689: remove root certificates from GLOBALTRUST from the root store. CVE-2025-47910: net/http:...

9.1CVSS5.7AI score0.02737EPSS
Exploits1References26
OSV
OSV
added 6 days ago2 views

SUSE-SU-2026:2643-1 Security update for aws-iam-authenticator

This update for aws-iam-authenticator fixes the following issues - CVE-2022-1996: CORS bypass bsc1200528. - CVE-2022-2385: aws-iam-authenticator AccessKeyID validation bypass bsc1201395. - CVE-2024-39689: remove root certificates from GLOBALTRUST from the root store. - CVE-2025-47910: net/http:...

9.6CVSS5.7AI score0.02737EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51933

In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate group add input before caching BUG OCFS2 IOC GROUP ADD can trigger a BUG ON in ocfs2 set new buffer uptodate: kernel BUG at fs/ocfs2/uptodate.c:509! Oops: invalid opcode: 0000 1 SMP KASAN NOPTI RIP: 0010:ocfs2 set...

6AI score0.00176EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-52019

In the Linux kernel, the following vulnerability has been resolved: md: fix array state=clear sysfs deadlock When "clear" is written to array state, md attr store breaks sysfs active protection so the array can delete itself from its own sysfs store method. However, md attr store currently drops...

5.8AI score0.00169EPSS
Exploits0References4
OSV
OSV
added 2026/06/22 9:21 p.m.4 views

GHSA-9837-48HR-Q32J Glances has Insecure Pickle Deserialization in its Version Cache that Leads to Arbitrary Code Execution

Summary glances/outdated.py uses pickle.load to read a version-check cache file stored at a predictable, world-accessible path /.cache/glances/glances-version.db or $XDGCACHEHOME/glances/glances-version.db. No integrity check, signature verification, or format validation is performed before...

7.8CVSS6.6AI score0.00303EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/22 9:21 p.m.6 views

Glances has Insecure Pickle Deserialization in its Version Cache that Leads to Arbitrary Code Execution

Summary glances/outdated.py uses pickle.load to read a version-check cache file stored at a predictable, world-accessible path /.cache/glances/glances-version.db or $XDGCACHEHOME/glances/glances-version.db. No integrity check, signature verification, or format validation is performed before...

7.8CVSS6.6AI score0.00303EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/22 9:14 p.m.2 views

GHSA-V5R2-QH84-FJX5 Glances is Vulnerable to Command Injection via KVM/QEMU VM Domain Names in glances/plugins/vms/engines/virsh.py

Summary The Glances KVM/QEMU monitoring engine glances/plugins/vms/engines/virsh.py passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by securepopen. securepopen is explicitly designed to interpret &&, |, and as shell operators...

7.8CVSS6.6AI score0.00213EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/22 9:14 p.m.9 views

Glances is Vulnerable to Command Injection via KVM/QEMU VM Domain Names in glances/plugins/vms/engines/virsh.py

Summary The Glances KVM/QEMU monitoring engine glances/plugins/vms/engines/virsh.py passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by securepopen. securepopen is explicitly designed to interpret &&, |, and as shell operators...

7.8CVSS6.6AI score0.00213EPSS
Exploits0References3Affected Software1
GithubExploit
GithubExploit
added 2026/06/21 6:52 a.m.63 views

CVE-2026-MSIAPService

MSI Center — MSI NBFoundation Service Vulnerability Advisory...

6.2AI score0.00398EPSS
Exploits1
GithubExploit
GithubExploit
added 2026/06/20 8:45 a.m.57 views

jfp-console-poc

JFP Console PoC Tamper-evident autonomous system governor w...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/19 6:33 p.m.12 views

The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes

The Gentlemen ransomware-as-a-service RaaS operation is actively developing and maintaining a suite of endpoint detection and response EDR killers that it hands out to affiliates for impairing system defenses before deploying the encryptor. This mature portfolio of EDR-terminating tools is center...

6.5AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/19 12:15 p.m.66 views

jfp-console-poc

JFP Console PoC Tamper-evident autonomous system governor w...

6AI score
Exploits0
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: enetc: Deny offloading of tc-based TSN features on VF interfaces TSN features on the ENETC taprio, cbs, gate, police are configured through a combination of command BD ring messages and port registers: enetcportrd,...

5.5CVSS5.8AI score0.00225EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: cgroup: Use separate source/destination nodes when preloading csssets for migration. Each cssset is associated with its corresponding tasks. When moving tasks between csssets during a migration, we need to keep the source and...

7.8CVSS5.9AI score0.00274EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: i40e: Do not allow untrusted VF to remove the administratively set MAC. Currently, when PF administratively sets the MAC address of a VF and the VF is put down the VF attempts to delete all MAC addresses, the MAC address is remov...

6.3CVSS6.1AI score0.00228EPSS
Exploits0References2
Rows per page
Query Builder