Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5605 matches found

SUSE CVE
SUSE CVEadded 2023/02/15 3:26 a.m.2 views

SUSE CVE-2022-28737

There's a possible overflow in handleimage when shim tries to load and execute crafted EFI executables; The handleimage function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code...

8.4CVSS7.6AI score0.00332EPSS
Exploits0References25
SUSE CVE
SUSE CVEadded 2023/02/15 3:25 a.m.2 views

SUSE CVE-2022-30790

Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552...

9.6CVSS7.1AI score0.00554EPSS
Exploits1References11
SUSE CVE
SUSE CVEadded 2023/02/15 3:23 a.m.1 views

SUSE CVE-2022-40307

An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free...

6.7CVSS6.5AI score0.00199EPSS
Exploits0References13
BDU FSTEC
BDU FSTECadded 2023/02/10 12:0 a.m.6 views

The vulnerability of the Google Chrome web browser’s downloader, related to insufficient validation of input data, allows a hacker to access confidential information.

The vulnerability of the Google Chrome web browser loader is related to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to gain access to confidential information through a specially created HTML page...

7.8CVSS6.8AI score0.00679EPSS
Exploits0References9Affected Software4
RedHat Linux
RedHat Linuxadded 2023/02/09 11:35 a.m.3 views

loader-utils: Regular expression denial of service

A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service ReDoS, affecting the availability of the affected component...

7.5CVSS6.8AI score0.02029EPSS
Exploits1References4
Trellix
Trellixadded 2023/02/08 12:0 a.m.12 views

No More Macros? Better Watch Your Search Results!

No More Macros? Better Watch Your Search Results! By Pham Duy Phuc and Max Kersten · February 08, 2023 Threat actors often rely on the same techniques until their hand is forced, usually due to defensive changes or chance-based opportunities, to leverage a new technique. Malicious macros in...

7.8AI score
Exploits0
Trellix
Trellixadded 2023/02/08 12:0 a.m.9 views

No More Macros? Better Watch Your Search Results!

No More Macros? Better Watch Your Search Results! By Pham Duy Phuc · February 08, 2023 This blog was also written by Max Kersten Threat actors often rely on the same techniques until their hand is forced, usually due to defensive changes or chance-based opportunities, to leverage a new technique...

7.4AI score
Exploits0
Talos Blog
Talos Blogadded 2023/02/06 1:0 p.m.17 views

Ransomware and Commodity Loader Topic Summary Report: Cisco Talos Year in Review 2022

The ransomware space is dynamic, continually adapting to changes in the geopolitical environment, actions by defenders, and efforts by law enforcement, which increased in scope and intensity in 2022. This leads groups to rebrand under different names, shut down operations, and form new strategic...

0.9AI score
Exploits0
The Hacker News
The Hacker Newsadded 2023/02/06 8:11 a.m.42 views

FormBook Malware Spreads via Malvertising Using MalVirt Loader to Evade Detection

An ongoing malvertising campaign is being used to distribute virtualized .NET loaders that are designed to deploy the FormBook information-stealing malware. "The loaders, dubbed MalVirt, use obfuscated virtualization for anti-analysis and evasion along with the Windows Process Explorer driver for...

Exploits0
Snyk
Snykadded 2023/01/29 3:29 p.m.1 views

Malicious Package

Overview vue-loader11 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snykadded 2023/01/29 3:29 p.m.1 views

Malicious Package

Overview vue-loader21 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snykadded 2023/01/29 3:29 p.m.1 views

Malicious Package

Overview vue-loader15 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snykadded 2023/01/29 3:29 p.m.0 views

Malicious Package

Overview vue-loader19 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snykadded 2023/01/29 3:29 p.m.1 views

Malicious Package

Overview vue-loader10 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snykadded 2023/01/29 3:29 p.m.3 views

Malicious Package

Overview vue-loader18 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

9.8CVSS7.1AI score
Exploits0References3
The Hacker News
The Hacker Newsadded 2023/01/29 5:47 a.m.2 views

Gootkit Malware Continues to Evolve with New Components and Obfuscations

The threat actors associated with the Gootkit malware have made "notable changes" to their toolset, adding new components and obfuscations to their infection chains. Google-owned Mandiant is monitoring the activity cluster under the moniker UNC2565 , noting that the usage of the malware is...

7.2AI score
Exploits0
The Hacker News
The Hacker Newsadded 2023/01/27 11:53 a.m.2 views

Researchers Discover New PlugX Malware Variant Spreading via Removable USB Devices

Cybersecurity researchers have uncovered a PlugX sample that employs sneaky methods to infect attached removable USB media devices in order to propagate the malware to additional systems. "This PlugX variant is wormable and infects USB devices in such a way that it conceals itself from the Window...

7.1AI score
Exploits0
Snyk
Snykadded 2023/01/26 7:52 p.m.3 views

Improper Input Validation

Overview directxtexdesktopwin10 is a DirectXTex texture processing library Affected versions of this package are vulnerable to Improper Input Validation in the ConvertToSinglePlane function in DirectXTexConvert.cpp, when processing an invalid height value from the DDS loader for planar video...

4.4CVSS6.9AI score
Exploits0References2
Snyk
Snykadded 2023/01/26 7:52 p.m.2 views

Improper Input Validation

Overview directxtexdesktop2019 is a DirectXTex texture processing library Affected versions of this package are vulnerable to Improper Input Validation in the ConvertToSinglePlane function in DirectXTexConvert.cpp, when processing an invalid height value from the DDS loader for planar video...

4.4CVSS6.9AI score
Exploits0References2
Github Security Blog
Github Security Blogadded 2023/01/26 7:52 p.m.23 views

Security bug in ConvertToSinglePlane when used with untrusted content from the DDS loader

Impact A memory overwrite bug was reported by a security researcher in the ConvertToSinglePlane method via the texconv command-line tool when given an invalid height for planar video textures such as NV12. This can be a potential security bug for any clients of the library who follow the same...

0.6AI score
Exploits0References3Affected Software3
Rows per page
Query Builder