Lucene search
K

1974 matches found

The Hacker News
The Hacker News
added 2026/07/06 8:13 a.m.11 views

New Java-Based QuimaRAT MaaS Built to Run on Windows, Linux, and macOS

Cybersecurity researchers have flagged a novel Java-based remote access trojan RAT called QuimaRAT that's capable of targeting Windows, Linux, and macOS environments. According to LevelBlue, the cross-platform malware is advertised under a malware-as-a-service MaaS model, costing anywhere between...

6.3AI score
Exploits0
Fedora
Fedora
added 2026/07/03 1:9 a.m.8 views

[SECURITY] Fedora 43 Update: cpp-httplib-0.48.0-1.fc43

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include the httplib.h file in your code!...

9.9CVSS6.7AI score0.00632EPSS
Exploits6
Fedora
Fedora
added 2026/07/03 12:56 a.m.8 views

[SECURITY] Fedora 44 Update: cpp-httplib-0.48.0-1.fc44

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include the httplib.h file in your code!...

9.9CVSS7.1AI score0.00632EPSS
Exploits5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 12:0 a.m.7 views

Malicious code in ulid-xyz (npm)

ulid-xyz is a typosquat of the popular ulid library sortable unique IDs and is a cross-platform Remote Access Trojan delivered via a postinstall hook. The package.json postinstall superficially looks like an inline node -e guard that checks for the existence of a dist file, but it actually launch...

6AI score
Exploits0References9
Fedora
Fedora
added 2026/06/28 1:10 a.m.9 views

[SECURITY] Fedora 43 Update: moby-engine-29.6.0-1.fc43

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between =E2=80=94 and...

9.1CVSS6.3AI score0.00533EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/25 6:5 p.m.5 views

CVE-2026-46608

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s introduced a configurable CORS origin list in version 4.5.3 as a mitigation for CVE-2026-33533. However, the implementation silently falls back to Access-Control-Allow-Origin:...

7.4CVSS5.9AI score0.00401EPSS
Exploits1
Debian CVE
Debian CVE
added 2026/06/25 6:4 p.m.5 views

CVE-2026-46607

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load to read a version-check cache file stored at a predictable, world-accessible path /.cache/glances/glances-version.db or $XDGCACHEHOME/glances/glances-version.db. No integrity chec...

7.8CVSS6.5AI score0.00303EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/25 6:3 p.m.5 views

CVE-2026-53925

Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the securepopen function in glances/secure.py interprets file redirection, | pipe, and && command chaining operators in command strings. These operators are applied without any validation on the target file...

7.8CVSS6.1AI score0.00184EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/25 6:2 p.m.5 views

CVE-2026-46606

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine glances/plugins/vms/engines/virsh.py passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by securepopen...

7.8CVSS6.2AI score0.00213EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/25 6:0 p.m.5 views

CVE-2026-46611

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s, implemented in glances/server.py does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the...

5.3CVSS5.9AI score0.00156EPSS
Exploits0
Circl
Circl
added 2026/06/18 5:0 p.m.11 views

CVE-2026-54103

creationtimestamp| type| source ---|---|--- 2026-06-18 17:00:14+00:00| seen| https://infosec.exchange/users/offseq/statuses/116772176604613913 2026-06-18 17:00:14+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3molci2fbib2u 2026-06-18 17:52:23+00:00| seen|...

9.8CVSS4.9AI score0.00427EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2026/06/17 7:38 a.m.29 views

145 Mastra npm Packages Compromised via Hijacked Contributor Account

As many as 145 npm packages associated with the Mastra namespace "@mastra/", a popular open-source JavaScript and TypeScript framework for building artificial intelligence AI applications, have been compromised as part of a software supply chain attack codenamed easy-day-js , per findings from...

6AI score
Exploits0
OSV
OSV
added 2026/06/17 4:18 a.m.13 views

MAL-2026-5973 Malicious code in classbreeze-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e19daf4f946816f5ba3c6e592eacc980861b281c6752b738de57fdd31f49279d The package masquerades as a Tailwind plugin: README and the top of src/index.js are a verbatim clone of @tailwindcss/typography...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 3:2 a.m.17 views

Malicious code in vitest-pro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39810890a1ffc946b3da439738fb619eab1613a775a308d6f248b80b38ce5603 Package vitest-pro is a namespace-abuse lure: its name suggests a vitest extension, but its source tree, README, and main entry lib/nodemailer.js are...

5.3AI score
Exploits0References2
OSV
OSV
added 2026/06/15 8:8 p.m.10 views

MAL-2026-5827 Malicious code in index-ulid (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5acad250c58c9c27804a14b640d17438998fbaabd43b77c69008c7180014f361 index-ulid impersonates the legitimate ulid/ulidx ULID generator reuses ulid's description and links its homepage to github.com/ulid/javascript but i...

5.5AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 8:8 p.m.12 views

Malicious code in index-ulid (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5acad250c58c9c27804a14b640d17438998fbaabd43b77c69008c7180014f361 index-ulid impersonates the legitimate ulid/ulidx ULID generator reuses ulid's description and links its homepage to github.com/ulid/javascript but i...

5.5AI score
Exploits0References4
The Hacker News
The Hacker News
added 2026/06/15 7:32 p.m.20 views

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North Korean threat cluster known as Contagious Interview aka Famous Chollima, HexagonalRodent, and Void Dokkaebi. According to a report published by Proofpoint, the threat actor has...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 5:30 p.m.19 views

Malicious code in boardflow (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9d5c1524281430272215f48a90b957cf08f76dcb9954cb73945421dff358eb2 package.json declares preinstall: node install.js, which fires automatically on npm install. install.js is heavily obfuscated obfuscator.io...

5.8AI score
Exploits0References9
EUVD
EUVD
added 2026/06/13 12:34 a.m.11 views

EUVD-2025-210136

Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malformed MS-DOS executable file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux...

7.8CVSS5.7AI score0.00122EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 9:59 p.m.9 views

CVE-2025-7002 Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 2)

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.68...

7.8CVSS5.7AI score0.00131EPSS
Exploits0References1
Rows per page
Query Builder