Lucene search
+L

38707 matches found

thn
thn
added 2026/06/18 1:58 p.m.21 views

The Scripts on Your Checkout Page Are Now a PCI DSS Problem

An independent PCI assessor tested Reflectiz against the new PCI DSS rules. Here is the verdict: See the full QSA assessment here → When a customer types their card number into your checkout, their browser is running far more than your code. Analytics tags, a tag manager, a support widget, a...

5.7AI score
Exploits0
github
github
added 2026/06/16 7:0 p.m.10 views

n8n: Prototype Pollution enables confused-deputy execution via public webhooks

Impact A prototype pollution vulnerability allowed a crafted public webhook payload to inject attacker-controlled fields into workflow data during internal object copying. These fields could be surfaced and consumed as normal values by downstream built-in nodes. Where a workflow combines a public...

6.4CVSS5.4AI score0.00259EPSS
Exploits0References2Affected Software1
redhatcve
redhatcve
added 2026/06/15 2:36 p.m.10 views

CVE-2017-20240

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

5.9CVSS5.2AI score0.00319EPSS
Exploits0References2
thn
thn
added 2026/06/15 6:17 a.m.24 views

Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw

Palo Alto Networks has revealed that it has observed "active exploitation" of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized access to GlobalProtect portals. The vulnerability in question is CVE-2026-0257 CVSS score: 7.8, an authentication bypass flaw...

9.1CVSS6.1AI score0.86678EPSS
Exploits11
nessus
nessus
added 2026/06/15 12:0 a.m.10 views

Debian dla-4556 : dovecot-auth-lua - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4556 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4556-1 [email protected]...

7.5CVSS5.5AI score0.0079EPSS
Exploits6References18
thn
thn
added 2026/06/12 6:59 p.m.19 views

Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing

Google on Friday said it's pursuing legal action against a Chinese cybercrime network, accusing it of using its Gemini artificial intelligence AI agent to send phishing text messages targeting Americans. The network is said to be behind the development and management of a phishing-as-a-service...

5.8AI score
Exploits0
osv
osv
added 2026/06/12 2:16 p.m.2 views

CVE-2017-20240

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

5.9CVSS5.9AI score
Exploits0References4
githubexploit
githubexploit
added 2026/06/12 1:11 p.m.99 views

Web-Attack-Detection-Lab

!Kali Linuxhttps://img.shields.io/badge/KaliLinux-557C94?sty...

5.8AI score
Exploits0
githubexploit
githubexploit
added 2026/06/11 11:0 p.m.75 views

RISC-V-In-Proactive-computer-Security-PCS-

Exploring RISC-V in Proactive Computer Security PCS PUK pro...

5.4AI score
Exploits0
githubexploit
githubexploit
added 2026/06/11 11:0 p.m.78 views

RISC-V-In-Proactive-computer-Security-PCS

Exploring RISC-V in Proactive Computer Security PCS PUK pro...

5.4AI score
Exploits0
thn
thn
added 2026/06/11 6:23 a.m.23 views

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat attack techniques that abuse the "npm install" command to trigger the execution of malicious code...

6.6AI score
Exploits0
nessus
nessus
added 2026/06/11 12:0 a.m.10 views

FreeBSD : Erlang/OTP -- FTP passive-mode client does not validate server response IP (d87e0681-64d4-11f1-ab11-4c526214c986)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d87e0681-64d4-11f1-ab11-4c526214c986 advisory. https://github.com/erlang/otp/security/advisories/GHSA-24cv-hwgr-37fq reports: The FTP client in passiv...

6.5CVSS5.5AI score0.00234EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/06/11 12:0 a.m.30 views

VMware Spring Web Services 代码问题漏洞

VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are code vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from the defaul...

8.2CVSS5.5AI score0.00352EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/06/11 12:0 a.m.24 views

Kong Gateway Enterprise 环境问题漏洞

Kong Gateway Enterprise is an enterprise-level API gateway platform developed by Kong Corporation. Versions 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 of Kong Gateway Enterprise contain environmental issues vulnerabilities. These vulnerabilities stem from defects in the HTTP request processing pipelin...

7CVSS5.5AI score0.00253EPSS
Exploits0References1
euvd
euvd
added 2026/06/10 8:6 p.m.11 views

EUVD-2026-36119

Plonky3 is a toolkit for polynomial IOPs PIOPs. Prior to versions 0.4.3 and 0.5.3, an attacker controlling prover-side observations can craft distinct transcripts that produce identical challenges, breaking the binding property of Fiat-Shamir. This issue has been patched in versions 0.4.3 and 0.5...

8.9CVSS5.4AI score0.00108EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/10 8:59 a.m.18 views

CVE-2026-46749

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The affected application uses a password hashing implementation with a static, hardcoded salt shared across all users and installations, and is configured with an insufficient number of iterations. This could allow a...

9.8CVSS5.3AI score0.00121EPSS
Exploits0References1
packetstormnews
packetstormnews
added 2026/06/10 12:0 a.m.9 views

Categorical Robustness Assessment for Machine Learning Based Network Intrusion Detection Systems

Network Intrusion Detection Systems NIDS heavily utlize Machine Learning ML but ML models can be manipulated via adversarial attacks. These attacks add carefully crafted perturbations to network traffic data that leads to misclassifications. While prior work has demonstrated adversarial...

5.3AI score
Exploits0
cnnvd
cnnvd
added 2026/06/10 12:0 a.m.15 views

Shopware 安全漏洞

Shopware is a set of open-source e-commerce software developed by the German company Shopware. Versions prior to Shopware 6.6.10.18 and 6.7.10.1 contained security vulnerabilities. These vulnerabilities stemmed from scheduled attacks that could allow attackers to enumerate the usernames of...

3.7CVSS5.3AI score0.00223EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/06/10 12:0 a.m.18 views

VMware Spring for Apache Pulsar 代码问题漏洞

VMware Spring for Apache Pulsar is a Pulsar messaging integration framework developed by the company VMware. Versions of VMware Spring for Apache Pulsar such as 2.0.0, 1.2.0, and 1.1.0 have code vulnerabilities. These vulnerabilities stem from the use of JsonPulsarHeaderMapper to check header typ...

8.1CVSS5.7AI score0.00347EPSS
Exploits0References2
packetstormnews
packetstormnews
added 2026/06/10 12:0 a.m.31 views

Runtime Skill Audit: Targeted Runtime Probing for Agent Skill Security

Agent skills let LLM agents reuse instructions, resources, tools, and workflows, but they also create a new place for malicious behavior to hide. A skill may look benign in its documentation or code while becoming harmful only when it is invoked with particular user requests, local assets,...

5.7AI score
Exploits0
Rows per page
Query Builder