Lucene search
K

3672 matches found

Circl
Circl
added 2026/04/23 11:26 p.m.7 views

CVE-2026-23327

creationtimestamp| type| source ---|---|--- 2026-04-23 23:26:39+00:00| seen| Telegram/FBfF7HTWtEvNL6KEiWN9WeIckJJ5ZXo9Sxte1kUZosh1zOQ 2026-07-09 01:15:54+00:00| seen| https://www.hkcert.org/security-bulletin/suse-linux-kernel-multiple-vulnerabilities20260702...

7.1CVSS6.7AI score0.00124EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 8:17 p.m.8 views

CVE-2026-40907

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the endpoint plugin/Live/view/Liverestreams/list.json.php contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user with streaming permission to retrieve other users' live restream...

6.5CVSS0.00269EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/21 7:50 p.m.9 views

EUVD-2026-24284

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the endpoint plugin/Live/view/Liverestreams/list.json.php contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user with streaming permission to retrieve other users' live restream...

6.5CVSS5.7AI score0.00269EPSS
Exploits1References2
Wired Threat Level
Wired Threat Level
added 2026/04/21 4:24 p.m.7 views

Meta Is Sued Over Scam Ads on Facebook and Instagram

A lawsuit from the Consumer Federation of America accuses Meta of misleading consumers about its efforts to combat scams advertisements on its platforms...

5.8AI score
Exploits0
OSV
OSV
added 2026/04/14 10:49 p.m.3 views

GHSA-GPGP-W4X2-H3H7 WWBN AVideo has an IDOR in Live Restreams list.json.php Exposes Other Users' Stream Keys and OAuth Tokens

Summary The endpoint plugin/Live/view/Liverestreams/list.json.php contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user with streaming permission to retrieve other users' live restream configurations, including third-party platform stream keys and OAut...

6.5CVSS6AI score0.00269EPSS
Exploits1References4
The Hacker News
The Hacker News
added 2026/04/13 9:15 a.m.7 views

North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware

The North Korean hacking group tracked as APT37 aka ScarCruft has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends on the social media platform, turning the trust-building exercise into a delivery...

6.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/04/13 7:2 a.m.7 views

A week in security (April 6 – April 12)

Last week on Malwarebytes Labs: Fake Claude site installs malware that gives attackers access to your computer ClickFix finds a new way to infect Macs Scammers pose as Amazon support to steal your account NSFW app leak exposes 70,000 prompts linked to individual users 30,000 private Facebook imag...

5.7AI score
Exploits0
Circl
Circl
added 2026/04/10 9:24 p.m.3 views

GHSA-HP4W-JMWC-PG7W

creationtimestamp| type| source ---|---|--- 2026-04-10 21:24:11+00:00| seen| Telegram/FBFE1jRDxJPr8K8KBUfFYtlwI9wezi1OF7LpQ32tR7vo...

4.8AI score
Exploits0
Circl
Circl
added 2026/04/10 9:24 p.m.5 views

GHSA-3RV7-9FHX-J654

creationtimestamp| type| source ---|---|--- 2026-04-10 21:24:11+00:00| seen| Telegram/FBFE1jRDxJPr8K8KBUfFYtlwI9wezi1OF7LpQ32tR7vo...

4.8AI score
Exploits0
Circl
Circl
added 2026/04/10 9:24 p.m.3 views

GHSA-27X6-C5C7-GPF5

creationtimestamp| type| source ---|---|--- 2026-04-10 21:24:11+00:00| seen| Telegram/FBFE1jRDxJPr8K8KBUfFYtlwI9wezi1OF7LpQ32tR7vo...

4.8AI score
Exploits0
Circl
Circl
added 2026/04/10 9:24 p.m.5 views

GHSA-557G-2W66-GPMF

creationtimestamp| type| source ---|---|--- 2026-04-10 21:24:11+00:00| seen| Telegram/FBFE1jRDxJPr8K8KBUfFYtlwI9wezi1OF7LpQ32tR7vo...

4.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/09 7:23 p.m.4 views

CVE-2026-35534

ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in PersonView.php due to incorrect use of sanitizeText as an output sanitizer for HTML attribute context. The function only strips HTML tags, it does not escape quote character...

7.6CVSS6AI score0.00168EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2026/04/09 10:7 a.m.10 views

30,000 private Facebook images allegedly downloaded by Meta employee

Every tech company tells you your data is safe. They've hopefully got encryption, access controls, and zero-trust architectures—the whole glossy security brochure. And then someone on the inside writes a script to steal your private photos anyway. That's what a former Meta employee based in Londo...

5.5AI score
Exploits0
NVD
NVD
added 2026/04/08 7:25 p.m.22 views

CVE-2026-34721

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the OAuth callback endpoints for Microsoft, Google, and Facebook external credentials do not validate a CSRF state parameter. This vulnerability is fixed in 7.0.1 and 6.5.4...

6.5CVSS0.00103EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 6:12 p.m.7 views

CVE-2026-34721

Zammad (web-based helpdesk) has a CSRF vulnerability in the OAuth callback endpoints for external credentials (Microsoft, Google, Facebook). Prior to versions 7.0.1 and 6.5.4, these endpoints do not validate the CSRF state parameter, enabling potential CSRF-like behavior in the OAuth flow. The is...

6.5CVSS5.9AI score0.00103EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/08 6:12 p.m.17 views

CVE-2026-34721 Zammad has Cross-site request forgery (CSRF) in OAuth callback endpoints

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the OAuth callback endpoints for Microsoft, Google, and Facebook external credentials do not validate a CSRF state parameter. This vulnerability is fixed in 7.0.1 and 6.5.4...

5.9CVSS0.00103EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 6:12 p.m.4 views

CVE-2026-34721 Zammad has Cross-site request forgery (CSRF) in OAuth callback endpoints

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the OAuth callback endpoints for Microsoft, Google, and Facebook external credentials do not validate a CSRF state parameter. This vulnerability is fixed in 7.0.1 and 6.5.4...

5.9CVSS5.9AI score0.00103EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.8 views

PT-2026-31418

Name of the Vulnerable Software and Affected Versions Zammad versions prior to 7.0.1 and prior to 6.5.4 Description The OAuth callback endpoints for Microsoft, Google, and Facebook external credentials do not validate a CSRF state parameter. This could allow an attacker to potentially compromise...

5.9CVSS5.9AI score0.00103EPSS
Exploits0References4
NVD
NVD
added 2026/04/07 4:16 p.m.3 views

CVE-2026-35534

ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in PersonView.php due to incorrect use of sanitizeText as an output sanitizer for HTML attribute context. The function only strips HTML tags, it does not escape quote character...

7.6CVSS0.00168EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/07 3:47 p.m.18 views

CVE-2026-35534 ChurchCRM has Stored XSS in PersonView.php via Facebook Field Attribute Injection

ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in PersonView.php due to incorrect use of sanitizeText as an output sanitizer for HTML attribute context. The function only strips HTML tags, it does not escape quote character...

7.6CVSS0.00168EPSS
Exploits0References1
Rows per page
Query Builder