Lucene search
K

3923 matches found

OSV
OSV
added 2026/06/11 5:10 a.m.13 views

MAL-2026-5572 Malicious code in sendgrid-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08f1d48bc557c6afa69c74455fe35f34ed0992082dc30fc09d032523d2329f63 Package impersonates the official SendGrid npm packages @sendgrid/ but ships no SDK functionality — index.js exports an empty object. Its sole purpos...

5.4AI score
Exploits0References9
Redos
Redos
added 2026/06/10 12:0 a.m.6 views

ROS-20260610-73-0039

The vulnerability of the driveprocessirpread function in the RDP client FreeRDP is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure...

9.8CVSS8.6AI score0.00453EPSS
Exploits1
The Hacker News
The Hacker News
added 2026/06/09 9:50 a.m.16 views

New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing

A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST , needs no native code, no extension, and no permission prompt. You open the page, leave the tab sitting there, and it watches the driv...

5.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.8 views

CVE-2025-4397

Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data...

6.8CVSS5.5AI score0.00131EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.8 views

CVE-2026-42600

MinIO is a high-performance object storage system. From RELEASE.2022-07-24T01-54-52Z to before RELEASE.2026-04-14T21-32-45Z, A path traversal vulnerability in MinIO's ReadMultiple internode storage-REST endpoint allows a caller holding the cluster root JWT to read files from outside the configure...

6.9CVSS5.5AI score0.08457EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.7 views

CVE-2026-42275

zrok is software for sharing web services, files, and network resources. Prior to version 2.0.2, the zrok WebDAV drive backend davServer.Dir restricts path traversal through lexical normalization but does not prevent symlink following. When a symbolic link inside the shared DriveRoot points to a...

8.7CVSS5.4AI score0.0033EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.8 views

CVE-2026-8326

Path traversal vulnerability in Remote Spark https://www.Remotespark.Com/ SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability can be exploited by an...

10CVSS5.6AI score0.00378EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.11 views

Node.js Module node-tar < 7.5.10 Arbitrary File Overwrite

The version of node-tar installed on the remote host is prior to 7.5.10. It is, therefore, affected by a vulnerability: - node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a...

8.6CVSS6.2AI score0.00408EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.43 views

Node.js Module node-tar < 7.5.11 Arbitrary File Overwrite

The version of node-tar installed on the remote host is prior to 7.5.11. It is, therefore, affected by a vulnerability: - node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a...

8.2CVSS6.4AI score0.00253EPSS
Exploits4References2
GithubExploit
GithubExploit
added 2026/06/03 6:5 p.m.107 views

coruna

iOS Orchestrator — Coruna Web server, C2 listener, and intera...

8.8CVSS6AI score0.10593EPSS
Exploits6
GithubExploit
GithubExploit
added 2026/06/02 10:49 p.m.79 views

System-Exploitation-Compromising

💀 System Exploitation & Compromising CAP 6135 – Cyber Lab...

7.5CVSS6.6AI score0.83534EPSS
Exploits10
Wired Threat Level
Wired Threat Level
added 2026/06/01 9:30 a.m.18 views

Websites Can Now Spy on You Through Your Hard Drive

Thanks to the newly detailed FROST technique, telltale SSD activity can be measured in the browser using simple JavaScript...

5.8AI score
Exploits0
NVD
NVD
added 2026/05/29 1:16 p.m.15 views

CVE-2026-8326

Path traversal vulnerability in Remote Spark https://www.Remotespark.Com/ SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability can be exploited by an...

10CVSS0.00378EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 11:47 a.m.27 views

CVE-2026-8326

CVE-2026-8326 describes a path traversal in Remote Spark SparkView via the RDP drive redirection , enabling an unauthenticated attacker to read and write arbitrary files as root, potentially leading to remote code execution . Affected builds are listed as “before build 1127.” The CVSS 4.0 base sc...

10CVSS5.9AI score0.00378EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 11:47 a.m.12 views

CVE-2026-8326 Remote Spark SparkView Path Traversal in RDP Drive Redirection leading to RCE

Path traversal vulnerability in Remote Spark https://www.Remotespark.Com/ SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability can be exploited by an...

10CVSS5.9AI score0.00378EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 11:47 a.m.9 views

CVE-2026-8326

Path traversal vulnerability in Remote Spark https://www.Remotespark.Com/ SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability can be exploited by an...

10CVSS5.9AI score0.00378EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/29 11:47 a.m.32 views

CVE-2026-8326 Remote Spark SparkView Path Traversal in RDP Drive Redirection leading to RCE

Path traversal vulnerability in Remote Spark https://www.Remotespark.Com/ SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability can be exploited by an...

10CVSS0.00378EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 11:47 a.m.12 views

EUVD-2026-33281

Path traversal vulnerability in Remote Spark https://www.Remotespark.Com/ SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability can be exploited by an...

10CVSS5.9AI score0.00378EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.11 views

PT-2026-44831

Path traversal vulnerability in Remote Spark https://www.Remotespark.Com/ SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability can be exploited by an...

10CVSS5.9AI score0.00378EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/05/28 12:0 a.m.14 views

Autopsy 4.23.1

Autopsy is the premier end-to-end open source digital forensics platform. Built by Sleuth Kit Labs with the core features you expect in commercial forensic tools, Autopsy is a fast, thorough, and efficient hard drive investigation solution that evolves with your needs...

5.8AI score
Exploits0
Rows per page
Query Builder