Lucene search
K

50 matches found

The Hacker News
The Hacker News
added 2 days ago7 views

Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs

Datadog Security Labs is warning of "several overlapping campaigns" that are systematically enumerating corporate GitHub organizations, repositories, and user accounts through the GitHub API. "Operators rely on automated scraping tooling with custom or legitimate-sounding user agents, leveraging...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.10 views

CVE-2026-5794

A vulnerability affecting the detailed versions of Cryptobox allows a legitimate user to prevent another to login by triggering an account lockout via sending a specially crafted request...

7.1CVSS5.5AI score0.00256EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/28 5:9 p.m.7 views

EUVD-2026-26070

A vulnerability affecting the detailed versions of Cryptobox allows a legitimate user to prevent another to login by triggering an account lockout via sending a specially crafted request...

7.1CVSS5.2AI score0.00256EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/28 5:9 p.m.3 views

CVE-2026-5794

A vulnerability affecting the detailed versions of Cryptobox allows a legitimate user to prevent another to login by triggering an account lockout via sending a specially crafted request...

7.1CVSS5.2AI score0.00256EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.6 views

PT-2026-35749

A vulnerability affecting the detailed versions of Cryptobox allows a legitimate user to prevent another to login by triggering an account lockout via sending a specially crafted request...

7.1CVSS5.3AI score0.00256EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/13 9:44 a.m.6 views

CVE-2025-40805

Affected devices do not properly enforce user authentication on specific API endpoints. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that the attacker has learned the identity of a...

10CVSS6.8AI score0.00601EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2025-24250

Malicious code in bioql PyPI...

8.5CVSS6.4AI score0.00193EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-34015

Malicious code in bioql PyPI...

8.5CVSS6.3AI score0.00242EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-29670

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.00997EPSS
Exploits0References1
OSV
OSV
added 2025/04/08 4:15 p.m.4 views

CVE-2025-3285

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute...

7.8CVSS6.3AI score0.00293EPSS
Exploits0References1
OSV
OSV
added 2025/04/08 4:15 p.m.3 views

CVE-2025-3286

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute...

7.8CVSS6.3AI score0.00293EPSS
Exploits0References1
OSV
OSV
added 2024/12/19 9:15 p.m.5 views

CVE-2024-12672

A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a...

7.3CVSS6.1AI score0.00226EPSS
Exploits0References1
OSV
OSV
added 2024/12/19 9:15 p.m.3 views

CVE-2024-11157

A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a...

7.3CVSS6.1AI score0.00235EPSS
Exploits0References1
OSV
OSV
added 2024/12/19 9:15 p.m.4 views

CVE-2024-12175

Another “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary...

7.8CVSS6.1AI score0.00254EPSS
Exploits0References1
OSV
OSV
added 2024/12/05 6:15 p.m.4 views

CVE-2024-12130

An “out of bounds read” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries of an allocated memory. If exploited, a threat actor could leverage this vulnerability to execute...

7.8CVSS6.3AI score0.00296EPSS
Exploits0References1
OSV
OSV
added 2024/12/05 6:15 p.m.5 views

CVE-2024-11156

An “out of bounds write” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit thi...

7.8CVSS6.3AI score0.00242EPSS
Exploits0References1
OSV
OSV
added 2024/12/05 6:15 p.m.7 views

CVE-2024-11155

A “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To...

8.5CVSS6.3AI score0.0023EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/05 12:0 a.m.7 views

PT-2024-16792 · Rockwell Automation · Rockwell Automation Arena

Name of the Vulnerable Software and Affected Versions: Rockwell Automation Arena affected versions not specified Description: A code execution vulnerability exists in Rockwell Automation Arena that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If...

8.5CVSS7.5AI score0.00242EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2024/10/14 8:53 p.m.20 views

CVE-2024-6207

CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and send a specially crafted CIP message to the device. If exploited, a threat actor could help prevent access to the legitimate user and end connections to connected devices including th...

8.7CVSS6.9AI score0.00524EPSS
Exploits0References1
OSV
OSV
added 2024/08/20 8:25 p.m.17 views

GO-2023-1468 KubePi session fixation attack allows an attacker to hijack a legitimate user session. in github.com/KubeOperator/kubepi

KubePi session fixation attack allows an attacker to hijack a legitimate user session. in github.com/KubeOperator/kubepi...

7.5CVSS6.7AI score0.00403EPSS
Exploits0References5
Rows per page
Query Builder