Lucene search
+L

735 matches found

The Hacker News
The Hacker News
added 5 days ago15 views

CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks

Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that's capable of harvesting sensitive data from compromised systems. Unlike other information stealers that are built on AppleScript droppers or Objective-C-based wrappers, CrashStealer is implemented in...

6.2AI score
Exploits0
NCSC
NCSC
added 5 days ago18 views

Vulnerabilities found in Juniper Networks’ Junos OS and Junos OS Evolved

Juniper has identified several vulnerabilities in Junos OS and Junos OS Evolved, specifically related to devices in the MX Series, PTX Series, QFX Series, EX Series, SRX Series, and QFX10000 Series. These vulnerabilities affect various components of Junos OS and Junos OS Evolved, including the...

9.8CVSS7.1AI score0.02497EPSS
Exploits0References22
EUVD
EUVD
added 2026/07/10 12:31 a.m.11 views

EUVD-2026-42708

An Out-of-bounds Write vulnerability in the http-gatekeeper http-gk of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. If an SRX Series device is configured for remote-access VPN with pre-logon compliance check, a...

6.9CVSS6AI score0.00474EPSS
Exploits0References2
NVD
NVD
added 2026/07/09 10:17 p.m.10 views

CVE-2026-57021

An Out-of-bounds Write vulnerability in the http-gatekeeper http-gk of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. If an SRX Series device is configured for remote-access VPN with pre-logon compliance check, a...

6.9CVSS0.00474EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/09 9:5 p.m.33 views

CVE-2026-57021 Junos OS: SRX Series: If VPN compliance-check is configured an attacker can cause http-gk process crash

An Out-of-bounds Write vulnerability in the http-gatekeeper http-gk of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. If an SRX Series device is configured for remote-access VPN with pre-logon compliance check, a...

6.9CVSS0.00474EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/09 9:5 p.m.7 views

CVE-2026-57021

An Out-of-bounds Write vulnerability in the http-gatekeeper http-gk of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. If an SRX Series device is configured for remote-access VPN with pre-logon compliance check, a...

6.9CVSS6AI score0.00474EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/09 9:5 p.m.16 views

CVE-2026-57021

The CVE-2026-57021 entry describes an Out-of-bounds Write vulnerability in the http-gatekeeper (http-gk) component of Juniper Networks Junos OS on SRX Series. A network-based, unauthenticated attacker can trigger the flaw by sending specially formatted requests when remote-access VPN with pre-log...

6.9CVSS6AI score0.00474EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.5 views

PT-2026-56975

Name of the Vulnerable Software and Affected Versions Junos OS on SRX Series versions prior to 23.2R2-S7 Junos OS on SRX Series versions prior to 23.4R2-S8 Junos OS on SRX Series versions prior to 24.2R2-S4 Junos OS on SRX Series versions prior to 24.4R2-S4 Junos OS on SRX Series versions prior t...

6.9CVSS6.2AI score0.00474EPSS
Exploits0References3
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.10 views

GHSA-89GR-R52H-F8RX vulnerabilities

Vulnerabilities for packages: etcd-fips, mattermost-fips, telegraf, argocd-image-updater-fips, seaweedfs-rocksdb, eksctl, atlantis-fips, coder, caddy, gomplate, tflint, crossplane-provider-azure-authorization, docker-machine-driver-harvester, docker-cli-buildx-fips, mattermost, syft-fips,...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.8 views

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: etcd-fips, mattermost-fips, telegraf, argocd-image-updater-fips, seaweedfs-rocksdb, eksctl, atlantis-fips, coder, caddy, gomplate, tflint, crossplane-provider-azure-authorization, docker-machine-driver-harvester, docker-cli-buildx-fips, mattermost, syft-fips,...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.9 views

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: etcd-fips, mattermost-fips, telegraf, argocd-image-updater-fips, seaweedfs-rocksdb, coder, docker-machine-driver-harvester, mattermost, zitadel, prometheus, frankenphp-8.5, trivy-operator, elastic-agent-fips, cert-manager, argo-workflows-fips, coder-fips,...

5.3AI score
Exploits0
OSV
OSV
added 2026/06/25 10:34 p.m.5 views

GO-2026-5527 Argo Affected by SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go) in github.com/argoproj/argo-workflows

Argo Affected by SSO RBAC Delegation Nil Pointer Dereference DoS gatekeeper.go in github.com/argoproj/argo-workflows...

6.5CVSS5.8AI score0.00377EPSS
Exploits1References4
NVD
NVD
added 2026/06/12 8:16 p.m.17 views

CVE-2026-42890

Actual is an open-source personal finance application. In the macOS desktop application version 25.x built on Electron 39.2.7, the ELECTRONRUNASNODE fuse is not disabled, allowing an attacker who can place a file on disk or control command-line arguments to invoke the signed Actual.app binary wit...

4.8CVSS0.00126EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 6:58 p.m.12 views

EUVD-2026-36547

Actual is an open-source personal finance application. In the macOS desktop application version 25.x built on Electron 39.2.7, the ELECTRONRUNASNODE fuse is not disabled, allowing an attacker who can place a file on disk or control command-line arguments to invoke the signed Actual.app binary wit...

4.8CVSS5.6AI score0.00126EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 6:58 p.m.35 views

CVE-2026-42890

CVE-2026-42890 affects the macOS desktop application Actual (version 25.x, Electron 39.2.7). The ELECTRON_RUN_AS_NODE fuse was not disabled, allowing a local attacker who can place a file on disk or influence command-line arguments to invoke Actual.app with ELECTRON_RUN_AS_NODE=1. This converts t...

4.8CVSS5.6AI score0.00126EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 6:58 p.m.34 views

CVE-2026-42890 actual Allows Electron to Run As Node

Actual is an open-source personal finance application. In the macOS desktop application version 25.x built on Electron 39.2.7, the ELECTRONRUNASNODE fuse is not disabled, allowing an attacker who can place a file on disk or control command-line arguments to invoke the signed Actual.app binary wit...

4.8CVSS0.00126EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.15 views

PT-2026-47558

Summary A electron run as node vulnerability was identified in actual macOS application, version 25.x Electron 39.2.7. Vulnerability Type: Electron Run As Node Description ELECTRON RUN AS NODE fuse enabled Electron 39.2.7 — app can be converted to Node.js REPL for arbitrary code execution Impact ...

4.8CVSS6AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.13 views

PT-2026-47599

Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.5.0 Description In the macOS desktop application, the ELECTRON RUN AS NODE fuse is not disabled. This allows an attacker who can place a file on disk or control command-line arguments to invoke the signed Actual.app...

4.8CVSS5.8AI score0.00126EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.14 views

CVE-2026-28954

A file quarantine bypass was addressed with additional checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A maliciously crafted disk image may bypass Gatekeeper checks...

7.5CVSS5.4AI score0.00387EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/27 1:51 a.m.95 views

gatekeeper_wan_poc_server

This is the...

5.9AI score
Exploits0
Rows per page
Query Builder