Lucene search
K

4745 matches found

Cvelist
Cvelist
added 2026/07/02 11:40 p.m.73 views

CVE-2026-13768 Gardyn IoT Hub Use of Hard-coded Credentials

Gardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns connection information for all Gardyn Home Kit and Studio devices. Access to this key also allows a malicious user to execute arbitrary...

10CVSS0.00559EPSS
Exploits2References3
OSV
OSV
added 2026/07/02 5:33 p.m.3 views

GHSA-H5GX-45RJ-2H5J Kerberos Hub private key (X-Kerberos-Hub-PrivateKey) leaked to cross-host redirect target due to redirect-following HTTP client without CheckRedirect

Summary The Kerberos Hub upload path sends the agent's Hub credentials in the custom X-Kerberos-Hub-PrivateKey and X-Kerberos-Hub-PublicKey request headers to the operator-configured Hub URL config.HubURI. The HTTP client used &http.Client in UploadKerberosHub is constructed without a CheckRedire...

6.9CVSS5.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.17 views

PT-2026-55464

Name of the Vulnerable Software and Affected Versions kerberos-io/agent versions prior to 3.6.26 Description An issue exists in the Kerberos Hub upload path where the agent sends credentials in the custom X-Kerberos-Hub-PrivateKey and X-Kerberos-Hub-PublicKey request headers to the...

6.9CVSS6AI score
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/30 3:0 p.m.9 views

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.9.6 release.

Red Hat Developer Hub 1.9.6 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

10CVSS6.7AI score0.01041EPSS
Exploits16References69
OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-347 Guardrails AI contains a code injection vulnerability in its Hub package installation mechanism

Guardrails AI thru 0.6.7 contains a code injection vulnerability CWE-94 in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the postinstall...

9.8CVSS6.3AI score0.00635EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-406 mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

9.8CVSS6.1AI score0.00409EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-393 Unsafe yaml deserialization in llama-hub

The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...

9.8CVSS7.7AI score0.01192EPSS
Exploits0References8
NVD
NVD
added 2026/06/26 11:16 a.m.9 views

CVE-2026-57473

A vulnerability exists in the netclient and factory services of Reolink Home Hub versions prior to v3.3.0.45626031911 due to the possibility of brute-force cracking the credentials. This issue could allow attackers on the same local network to intercept traffic between the Hub and associated...

5.8CVSS0.00145EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 10:47 a.m.35 views

CVE-2026-57473

A vulnerability exists in the netclient and factory services of Reolink Home Hub versions prior to v3.3.0.45626031911 due to the possibility of brute-force cracking the credentials. This issue could allow attackers on the same local network to intercept traffic between the Hub and associated...

5.8CVSS0.00145EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 10:47 a.m.24 views

CVE-2026-57473

The CVE affects Reolink Home Hub netclient and factory services, prior to v3.3.0.456_26031911. The issue enables brute-force credential cracking on the local network, allowing an attacker on the same LAN to intercept traffic between the Hub and connected cameras and compromise camera credentials....

5.8CVSS5.8AI score0.00145EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 10:47 a.m.12 views

EUVD-2026-39646

A vulnerability exists in the netclient and factory services of Reolink Home Hub versions prior to v3.3.0.45626031911 due to the possibility of brute-force cracking the credentials. This issue could allow attackers on the same local network to intercept traffic between the Hub and associated...

5.8CVSS5.8AI score0.00145EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 10:47 a.m.8 views

CVE-2026-57473

A vulnerability exists in the netclient and factory services of Reolink Home Hub versions prior to v3.3.0.45626031911 due to the possibility of brute-force cracking the credentials. This issue could allow attackers on the same local network to intercept traffic between the Hub and associated...

5.8CVSS5.8AI score0.00145EPSS
Exploits0References2
Circl
Circl
added 2026/06/26 1:37 a.m.3 views

CVE-2018-9139

creationtimestamp| type| source ---|---|--- 2026-06-26 01:37:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mp5smrhot42n...

10CVSS7.3AI score0.02494EPSS
Exploits0References1
Chainguard
Chainguard
added 2026/06/25 2:16 a.m.9 views

GHSA-MX8G-39Q3-5C79 vulnerabilities

Vulnerabilities for packages: argo-workflows...

5.8AI score
Exploits0
OSV
OSV
added 2026/06/24 11:4 p.m.9 views

MAL-2026-6433 Malicious code in rstreams-shard-util (npm)

The rstreams-shard-util npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...

6.1AI score
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 5:43 p.m.38 views

CVE-2026-54157 LobeHub: Unauthenticated SSRF in `/webapi/proxy`

LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.57, the /webapi/proxy endpoint on app.lobehub.com accepts a URL in the POST body and fetches it server-side without any authentication. An attacker can use this to make...

9CVSS0.0178EPSS
Exploits0References1
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.8 views

GHSA-HCXC-WF8J-23HV vulnerabilities

Vulnerabilities for packages: grafana-fips, grafana...

6.1AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 6:53 a.m.3 views

Security Bulletin: Multiple Vulnerabilities in IBM Data Product Hub

Summary Multiple vulnerabilities were addressed in IBM Data Product Hub version 5.3.1 Patch 7 and 5.4.0 Vulnerability Details CVEID:CVE-2026-34282 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE...

8.7CVSS5.9AI score0.00702EPSS
Exploits2Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 12:0 p.m.8 views

Malicious code in forge-jsx4 (npm)

forge-jsx4 is a remote access trojan RAT published to the public npm registry by the account rafaelsilva [email protected]. Versions 1.0.122 and 1.0.123 were published on June 21-22, 2026 as a reconstitution of the forge-jsx / forge-jsxy campaign, reusing the same command-and-control...

5.9AI score
Exploits0References3
NVD
NVD
added 2026/06/19 1:16 p.m.11 views

CVE-2026-56141

In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 account takeover via predictable restore codes was possible...

9.8CVSS0.00365EPSS
Exploits0References1
Rows per page
Query Builder