Lucene search
K

457754 matches found

The Hacker News
The Hacker News
added 2026/06/16 5:41 p.m.14 views

ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures

Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loaders called BabaDeda Loader , Lorem Ipsum Loader , and Potemkin , per independent reports from Morphisec, BlueVoyant, and Huntress, respectively. Attacks involving BabaDeda Loader, observed in April...

6.5AI score
Exploits0
NVD
NVD
added 2026/06/16 5:16 p.m.15 views

CVE-2026-24155

NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

7.8CVSS0.00193EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 5:2 p.m.5 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Control of Generation of Code ('Code Injection') (CVE-2026-27830)

Summary There are vulnerabilities in c3p0-0.9.5.4.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-27830. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-27830 DESCRIPTION: c3p0, a JDBC Connection pooling library, is vulnerable to attack via...

8.9CVSS6.1AI score0.00534EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/16 4:8 p.m.9 views

EUVD-2026-37129

NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

7.8CVSS5.3AI score0.00193EPSS
Exploits0References3
CVE
CVE
added 2026/06/16 4:8 p.m.12 views

CVE-2026-24155

CVE-2026-24155 affects NVIDIA NeMo Framework for all platforms, described as a code injection vulnerability (CWE-94) that can lead to code execution, privilege escalation, information disclosure, and data tampering. The NVIDIA security bulletin states that CVE-2026-24155 is addressed by updating ...

7.8CVSS5.4AI score0.00193EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/16 4:8 p.m.25 views

CVE-2026-24155

NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

7.8CVSS0.00193EPSS
Exploits0References3
NVD
NVD
added 2026/06/16 3:16 p.m.10 views

CVE-2026-12398

A command injection vulnerability was found in galaxyng. The dogitcheckout function in the legacy role import API v1 interpolates unsanitized git ref names branch/tag names into shell commands executed via subprocess.run with shell=True. An authenticated user who controls a git repository can...

7.5CVSS0.00889EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 3:7 p.m.5 views

Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary Multiple components with known vulnerabilities were addressed in IBM QRadar SIEM 7.5.0 UP15 IF04 Vulnerability Details CVEID:CVE-2026-6638 DESCRIPTION: SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute...

8.8CVSS7.3AI score0.00668EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 2:57 p.m.7 views

Astro: XSS via Unescaped Attribute Names in Spread Props

Summary The spreadAttributes function in Astro's server-side rendering pipeline iterates over object keys and passes them directly to addAttribute, which interpolates the key into the HTML output without escaping. When a developer uses the spread syntax ...props on an HTML element and the object...

6.1CVSS5.8AI score0.0016EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/16 2:52 p.m.29 views

CVE-2026-12398 Galaxy_ng: shell injection in legacy role import via unsanitized git ref names

A command injection vulnerability was found in galaxyng. The dogitcheckout function in the legacy role import API v1 interpolates unsanitized git ref names branch/tag names into shell commands executed via subprocess.run with shell=True. An authenticated user who controls a git repository can...

7.5CVSS0.00889EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/16 2:52 p.m.8 views

CVE-2026-12398 Galaxy_ng: shell injection in legacy role import via unsanitized git ref names

A command injection vulnerability was found in galaxyng. The dogitcheckout function in the legacy role import API v1 interpolates unsanitized git ref names branch/tag names into shell commands executed via subprocess.run with shell=True. An authenticated user who controls a git repository can...

7.5CVSS6.3AI score0.00889EPSS
Exploits0References2
CVE
CVE
added 2026/06/16 2:52 p.m.18 views

CVE-2026-12398

The CVE-2026-12398 entry describes a command-injection in galaxy_ng via the legacy role import API (v1) do_git_checkout(), where unsanitized git ref names are interpolated into shell commands executed with subprocess.run(shell=True). An authenticated user controlling a git repo can craft branch/t...

7.5CVSS6.3AI score0.00889EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/16 2:52 p.m.7 views

CVE-2026-12398

A command injection vulnerability was found in galaxyng. The dogitcheckout function in the legacy role import API v1 interpolates unsanitized git ref names branch/tag names into shell commands executed via subprocess.run with shell=True. An authenticated user who controls a git repository can...

7.5CVSS6.2AI score0.00889EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/16 2:42 p.m.8 views

HPLIP: HPLIP: Privilege escalation and arbitrary code execution via operating system command injection

A flaw was found in the HP Linux Imaging and Printing Software HPLIP. This vulnerability may allow a local attacker to achieve escalation of privileges and/or arbitrary code execution through operating system command injection. This could lead to an attacker gaining unauthorized control over the...

8.5CVSS6.1AI score0.0088EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/16 2:5 p.m.35 views

Astro: Reflected XSS via unescaped slot name

Summary When a component uses a client: directive, Astro inserts named slot content into a data-astro-template attribute without HTML escaping the slot name allowing an attacker to break out of the attribute context and inject arbitrary HTML, resulting in reflected XSS during SSR. This is similar...

7.1CVSS5.4AI score0.00177EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/16 1:36 p.m.4 views

HPLIP: HPLIP: Privilege escalation and arbitrary code execution via operating system command injection

A flaw was found in the HP Linux Imaging and Printing Software HPLIP. This vulnerability may allow a local attacker to achieve escalation of privileges and/or arbitrary code execution through operating system command injection. This could lead to an attacker gaining unauthorized control over the...

8.5CVSS6.1AI score0.0088EPSS
Exploits0References5
NVD
NVD
added 2026/06/16 1:16 p.m.10 views

CVE-2026-53900

Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument, allowing a malicious site to inject arbitrary cookies into requests to an unrelated target domain. This vulnerability was fixed in Firefox for iOS 152.0...

4.3CVSS0.001EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/16 12:58 p.m.5 views

WordPress JobSearch plugin <= 3.2.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin JobSearch versions = 3.2.9...

9.3CVSS5.8AI score0.00297EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/06/16 11:53 a.m.25 views

CVE-2026-53900 Cookie injection was possible when opening a PDF link

Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument, allowing a malicious site to inject arbitrary cookies into requests to an unrelated target domain. This vulnerability was fixed in Firefox for iOS 152.0...

0.001EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 11:53 a.m.7 views

EUVD-2026-37078

Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument, allowing a malicious site to inject arbitrary cookies into requests to an unrelated target domain. This vulnerability was fixed in Firefox for iOS 152.0...

4.3CVSS5.4AI score0.001EPSS
Exploits0References2
Rows per page
Query Builder