Lucene search
K

6143 matches found

CVE
CVE
added 2026/03/04 12:0 a.m.15 views

CVE-2026-26673

CVE-2026-26673 describes a denial-of-service risk in several DJI devices—the DJI Enhanced-WiFi transmission subsystem in models including Mavic Mini, Spark, Mavic Air, Mini, and Mini SE (versions 0.1.00.0500 and earlier). The Red Hat, CIRCL, ENISA, NVD, and CVE listings in the Connected Documents...

7.5CVSS6AI score0.00372EPSS
Exploits1References1Affected Software1
Apple
Apple
added 2026/03/04 12:0 a.m.15 views

Apple Security Update: iOS 26.3.1 and iPadOS 26.3.1

Apple recommends to install security update iOS 26.3.1 and iPadOS 26.3.1 on devices iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later...

5.8AI score
Exploits0References1Affected Software2
Wired Threat Level
Wired Threat Level
added 2026/03/01 5:47 p.m.4 views

The 5 Big ‘Known Unknowns’ of Donald Trump’s New War With Iran

The all-out air assault on the Islamic Republic might be the biggest gamble of the president’s career...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/27 12:43 p.m.9 views

ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks

The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control C2 communications to fetch more payloads and an implant that uses removable media to relay commands and breach air-gapped networks. T...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/23 5:59 p.m.15 views

Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb

Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromised hosts. "Analysis of the recovered dropper, persistence triggers, and mining payload reveals a sophisticated,...

10CVSS7.2AI score0.99562EPSS
Exploits375
Trellix
Trellix
added 2026/02/17 12:0 a.m.10 views

Technical Deep Dive: The Monero Mining Campaign

Technical Deep Dive: The Monero Mining Campaign By Aswath A · February 17, 2026 Executive summary In the contemporary threat landscape, while ransomware grabs headlines with high-impact disruptions, cryptojacking operations have quietly evolved into sophisticated, persistent threats. This report...

7.8CVSS8.2AI score0.00605EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2026/02/17 12:0 a.m.5 views

Bluetooth RFCOMM 1.1 Signal-Triggered Air-Gap Interaction

This project demonstrates how Flipper Zero can be used to interact with devices in an Air-Gap context using Bluetooth RFCOMM signals. The system monitors RSSI signal strength and uses statistical peak detection Z-Score analysis to identify significant signal spikes from target devices. When a pea...

5.5AI score
Exploits0
Opera Security Advisories
Opera Security Advisories
added 2026/02/16 12:0 a.m.16 views

Update your browser: Security fix for Chrome zero-day CVE-2026-2441

News, Security Update your browser: Security fix for Chrome zero-day CVE-2026-2441 Share February 16th, 2026 Hi everyone! The latest patches to Opera, Opera GX, Opera Air, Opera Neon, and Opera for Android address several recent vulnerabilities, including a zero-day exploit CVE-2026-2441. We...

8.8CVSS7.3AI score0.2202EPSS
Exploits16References1
RedhatCVE
RedhatCVE
added 2026/02/14 1:26 a.m.4 views

CVE-2026-26056

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a...

8.8CVSS6.1AI score0.004EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/14 1:26 a.m.4 views

CVE-2026-26055

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...

7.5CVSS5.9AI score0.0041EPSS
Exploits1References1
NVD
NVD
added 2026/02/12 10:16 p.m.7 views

CVE-2026-26055

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...

7.5CVSS0.0041EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/02/12 10:6 p.m.9 views

Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC

Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC This vulnerability exists in the Air Traffic Controller ATC component of Yoke, a Kubernetes deployment tool. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller...

8.8CVSS6.9AI score0.004EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/12 10:6 p.m.5 views

Unauthenticated Admission Webhook Endpoints in Yoke ATC

Unauthenticated Admission Webhook Endpoints in Yoke ATC This vulnerability exists in the Air Traffic Controller ATC component of Yoke, a Kubernetes deployment tool. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...

7.5CVSS6.4AI score0.0041EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/02/12 9:11 p.m.29 views

CVE-2026-26056 Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a...

8.8CVSS0.004EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/12 9:11 p.m.4 views

CVE-2026-26056

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a...

8.8CVSS6.1AI score0.004EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/02/12 9:11 p.m.14 views

CVE-2026-26056

CVE-2026-26056 affects Yoke ATC in 0.19.0 and earlier. A vulnerability in the ATC controller allows users with create/update permissions to inject a malicious URL via the overrides.yoke.cd/flight annotation, causing the ATC controller to download and execute an arbitrary WASM module without prope...

8.8CVSS6.1AI score0.004EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/02/12 9:7 p.m.25 views

CVE-2026-26055 Unauthenticated Admission Webhook Endpoints in Yoke ATC

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...

7.5CVSS0.0041EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/12 9:7 p.m.3 views

CVE-2026-26055

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...

7.5CVSS5.9AI score0.0041EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.7 views

yoke 访问控制错误漏洞

Yoke is a Kubernetes package management tool developed by YokeCD. Versions of Yoke prior to 0.19.0 contained an access control vulnerability. This vulnerability stemmed from the lack of proper authentication mechanisms in the Webhook endpoints of the Air Traffic Controller component, allowing any...

7.5CVSS5.9AI score0.0041EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.9 views

yoke 代码注入漏洞

Yoke is a Kubernetes package management tool developed by YokeCD. Versions of Yoke prior to 0.19.0 contained a code injection vulnerability. This vulnerability stemmed from the lack of proper URL validation in the Air Traffic Controller component, allowing users with the authority to create or...

8.8CVSS6.2AI score0.004EPSS
Exploits1References1
Rows per page
Query Builder