Lucene search
K

2407 matches found

The Hacker News
The Hacker News
added yesterday5 views

ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API

The threat actor known as ToddyCat has been attributed to a new malware called Umbrij that's designed to gain surreptitious access to a victim's email correspondence via the Google API. "In this campaign, the attackers focused their attention on corporate email communications hosted on Gmail,...

6AI score
Exploits0
NVD
NVD
added yesterday2 views

CVE-2026-57350

Unauthenticated Cross Site Scripting XSS in WP Debugging = 2.12.2 versions...

7.1CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday6 views

CVE-2026-57350 WordPress WP Debugging plugin <= 2.12.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in WP Debugging = 2.12.2 versions...

7.1CVSS
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-57350

WP Debugging plugin for WordPress with versions ≤2.12.2 is affected by an unauthenticated Cross Site Scripting (XSS) vulnerability. The CVE entry specifies the vulnerable component as the WP Debugging plugin and lists CVSS v3.1 base score 7.1 (High) with Network attack vector, no privileges requi...

7.1CVSS5.8AI score
Exploits0References1
EUVD
EUVD
added yesterday2 views

EUVD-2026-41349

Unauthenticated Cross Site Scripting XSS in WP Debugging = 2.12.2 versions...

7.1CVSS5.8AI score
Exploits0References1
Nuclei
Nuclei
added yesterday31 views

Puppet Server/PuppetDB - Sensitive Information Disclosure

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints, which may contain sensitive information when left exposed. id: CVE-2020-7943 info: name: Puppet Server/PuppetDB - Sensitive Information Disclosure author: c-sh0 severity: high...

7.5CVSS7.1AI score0.07884EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday15 views

Xdebug <= 2.5.5 - Command Injection

Xdebug = 2.5.5 contains an unauthenticated command injection caused by accepting debugger protocol commands without authentication when remote debugging is enabled, letting remote attackers execute arbitrary PHP code and system commands, exploit requires remote debugging enabled. id: CVE-2015-101...

9.3CVSS6.2AI score0.0503EPSS
Exploits1References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 12:0 p.m.7 views

Malicious code in @nullzero/urlcat (npm)

@nullzero/urlcat version 1.4.2, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern [email protected], with...

6.4AI score
Exploits0References7
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mm/slabcommon: The corruption of the slabcaches list after kmemcacheDestroy has been fixed. After the commit in “Fixes”, if a module that creates a slab cache does not release all of its allocated objects before destroying the...

5.5CVSS5.6AI score0.00222EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Timekeeping: The leap state of the auxiliary timekeeper must be adjusted to the correct value. When the doajdtimex function was introduced to handle adjtimex for any timekeeper, this reference to tkcore was not updated. When this...

5.5CVSS5.3AI score0.001EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: spi: spi-qpic-snand: reallocation of BAM transactions Using the mtdnandbiterrs module to test the driver occasionally results in unexpected behaviors, as shown below. 1. The swiotlb mapping fails with the following message:...

5.5CVSS5.8AI score0.00129EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/16 10:6 a.m.52 views

binary-exploitation-labs

Binary Exploitation & Reverse Engineering Labs Hands-on labs...

5.3AI score
Exploits0
EUVD
EUVD
added 2026/06/15 9:30 p.m.8 views

EUVD-2026-36800

Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used in debugging pipelines, limiting real-world exposure. A local attacker could...

5.3CVSS5.5AI score0.00107EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/15 7:10 p.m.7 views

CVE-2026-52721

Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used in debugging pipelines, limiting real-world exposure. A local attacker could...

5.3CVSS5.5AI score0.00107EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2026/06/13 12:22 a.m.15 views

Weekly Metasploit Update: New Kerberos/Certificate tracing options, and multiple new modules

New Tracing Options As hard as we try to ensure that Metasploit is bug free, issues inevitably come up. Whether you’re running a module on an op or writing a new one, what we can do is make the debugging experience easier. To that end one of our two Google Summer of Code GSoC projects is here to...

6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 1:56 a.m.10 views

Malicious code in jailbreak-code (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f729dde017c78154685be850893a9f3ebd58bf0b5cb1229e7e49fb09b14f5d5 The package presents itself as an AI developer CLI but is engineered as a credential and payment harvester. src/c2.ts hardcodes a Discord webhook URL...

5.5AI score
Exploits0References2
OSV
OSV
added 2026/06/11 1:56 a.m.21 views

MAL-2026-5543 Malicious code in jailbreak-code (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f729dde017c78154685be850893a9f3ebd58bf0b5cb1229e7e49fb09b14f5d5 The package presents itself as an AI developer CLI but is engineered as a credential and payment harvester. src/c2.ts hardcodes a Discord webhook URL...

5.5AI score
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/09 2:20 a.m.10 views

SUSE CVE-2026-46291

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - guard HMAC key hex dumps in hashdigestkey Use printhexdumpdevel for dumping sensitive HMAC key bytes in hashdigestkey to avoid leaking secrets at runtime when CONFIGDYNAMICDEBUG is enabled...

5.5CVSS5.4AI score0.00177EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/08 7:32 p.m.15 views

CVE-2026-46291

A flaw was found in the Linux kernel's crypto: caam component. This vulnerability allows for the disclosure of sensitive HMAC Hash-based Message Authentication Code key bytes at runtime. The issue occurs because the hashdigestkey function uses printhexdumpdevel without proper guarding, which can...

5.5CVSS5.5AI score0.00177EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/08 3:46 p.m.37 views

CVE-2026-46291 crypto: caam - guard HMAC key hex dumps in hash_digest_key

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - guard HMAC key hex dumps in hashdigestkey Use printhexdumpdevel for dumping sensitive HMAC key bytes in hashdigestkey to avoid leaking secrets at runtime when CONFIGDYNAMICDEBUG is enabled...

0.00177EPSS
Exploits0References8
Rows per page
Query Builder