Lucene search
K

126129 matches found

Packet Storm News
Packet Storm News
added 2026/12/29 12:0 a.m.234 views

GNUnet P2P Framework 0.26.2

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...

6.8AI score
Exploits0
CVE
CVE
added 4 hours ago6 views

CVE-2026-12849

Ge’oVision GV-I/O Box 4E (2.09) has OS command injection vulnerabilities in libNetSetObj.so (e.g., CNetSetObj::m_F_n_Set_Net_Mask) that allow a attacker-supplied netmask to invoke /sbin/ifconfig via system(), reachable through DVRSearch and Network.cgi. TALOS and NVD enumerate multiple CVEs (incl...

9.1CVSS5.9AI score
Exploits0References2
CVE
CVE
added 4 hours ago6 views

CVE-2026-12486

GeoVision GV-I/O Box 4E (2.09) is affected by OS command injection in libNetSetObj.so, specifically CNetSetObj::m_F_n_Set_IP_Addr, which builds and executes a shell command via system("/sbin/ifconfig ..."). The flaw is reachable from network-exposed DVRSearch and Network.cgi endpoints, enabling r...

9.1CVSS5.9AI score
Exploits0References2
CVE
CVE
added 4 hours ago10 views

CVE-2026-12488

CVE-2026-12488 affects GeoVision GV-VMS V20 GV-Cloud (v20.0.2). Talos details describe a stack-based buffer overflow in the GV-Cloud relay path (GvRelayProxy.dll) caused by trusting an unverified message size from the remote server; reading large messages can overflow the stack, enabling possible...

6.2CVSS5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in markdownlint-cli2-fix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca7d5154ecbbcc636198bd2314e1916e5f0673d37ab7b14caca2ea96ad5ac5e1 Package name 'markdownlint-cli2-fix' impersonates the popular 'markdownlint-cli2' linter but contains no linter functionality — the README states...

5.8AI score
Exploits0References3
Wolfi
Wolfi
added yesterday6 views

CVE-2026-41579 vulnerabilities

Vulnerabilities for packages: rancher-agent, node-feature-discovery, nvidia-container-toolkit, sriov-network-device-plugin, k8s-device-plugin...

5.8AI score0.00011EPSS
Exploits0
Wolfi
Wolfi
added yesterday4 views

GHSA-XJVP-4FHW-GC47 vulnerabilities

Vulnerabilities for packages: rancher-agent, node-feature-discovery, nvidia-container-toolkit, sriov-network-device-plugin, k8s-device-plugin...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-55200

An out-of-bounds write vulnerability exists in the libssh2 client. A remote attacker can exploit this by sending a specially crafted SSH packet with an abnormally large length value. This corrupts the application's memory and can potentially allow the attacker to execute arbitrary code on the...

9.2CVSS6.3AI score0.00545EPSS
Exploits0References6
NVD
NVD
added yesterday4 views

CVE-2026-49860

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when a WebSocket connection was opened, Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresses that hostname resolved to. An attacker-controlled script could use a specially...

5.2CVSS0.00012EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-49859

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when fetch was called, Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresses that hostname resolved to. An attacker-controlled script could use a specially crafted domain name...

5.2CVSS0.00021EPSS
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-49860

Summary of CVE-2026-49860 (Deno) A WebSocket sandbox bypass affects Deno prior to 2.8.1. When a WebSocket connection is opened, Deno checked the destination hostname against --deny-net rules but did not re-check the IPs that the hostname resolved to, allowing an attacker-controlled domain to reso...

5.2CVSS5.8AI score0.00012EPSS
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-49859

CVE-2026-49859 affects Deno before version 2.8.1. The bug occurs in fetch() where Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresses that the hostname resolves to, allowing an attacker-controlled domain that passes the hostname check to resolve to...

5.2CVSS5.8AI score0.00021EPSS
Exploits0References1
CVE
CVE
added yesterday12 views

CVE-2026-54018

Open WebUI (self-hosted offline AI) contains SSRF protection bypass in the Playwright Web Loader prior to version 0.9.6. The validator checks only the initial URL; Playwright follows redirects (301/302) by default, allowing an attacker-supplied URL that redirects to internal addresses (e.g., loca...

7.7CVSS5.9AI score0.00028EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-47139

A flaw was found in vm2, a Node.js sandbox. This vulnerability allows sandboxed code to bypass network restrictions by utilizing internal HTTP built-ins, such as httpclient and httpserver. An attacker can exploit this to make outbound HTTP requests or open listening HTTP sockets, even when public...

8.6CVSS5.8AI score0.00282EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-10609

A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...

6.8CVSS5.9AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-56275

Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses, access cloud...

6CVSS5.9AI score
Exploits0References3
Nuclei
Nuclei
added yesterday11 views

Apache Tomcat Tribes EncryptInterceptor Bypass - Remote Code Execution

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. id: CVE-2026-34486 info: name: Apache Tomcat Tribes EncryptInterceptor Bypass - Remote...

7.5CVSS7.3AI score0.15447EPSS
Exploits5References3
Nuclei
Nuclei
added yesterday17 views

Memos 0.13.2 - Server-Side Request Forgery

SSRF vulnerabilities exist in the memos API service /o/get/httpmeta that allow unauthenticated and authenticated users to enumerate and read from the internal network. In addition, one SSRF vulnerability leads to a reflected XSS vulnerability, which may allow an attacker complete control over the...

5.8CVSS6.2AI score0.01049EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday34 views

Gradio - Server Side Request Forgery

An SSRF Server-Side Request Forgery vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the...

6.5CVSS6.7AI score0.01784EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday29 views

Vite Dev Server - Path Traversal in Optimized Deps .map Handling

Vite development server versions prior to 8.0.5, 7.3.2, and 6.4.2 are vulnerable to path traversal through the optimized dependencies sourcemap handler. The dev server's handling of .map requests for optimized dependencies resolves file paths via normalizePathpath.resolveroot, url.slice1 and call...

6.3CVSS5.9AI score0.00914EPSS
Exploits1References3
Rows per page
Query Builder