Lucene search
K

70906 matches found

The Hacker News
The Hacker News
added 5 days ago15 views

Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81M+ Attempts

Cybersecurity researchers have warned of a "massive, ongoing, automated password spray attack" aimed at Microsoft's Azure command-line interface CLI, compromising dozens of accounts in the process. The activity, per Huntress, originates from an IPv6 address range 2a0a:d683::/32 controlled by...

5.8AI score
Exploits0
NVD
NVD
added 5 days ago9 views

CVE-2026-7839

UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater writes the literal string "adminadmi2" as the admin password via strcpyssavedpassword, 64,...

9.1CVSS0.00326EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-40885

UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater writes the literal string "adminadmi2" as the admin password via strcpyssavedpassword, 64,...

9.1CVSS5.8AI score0.00326EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-7839 UltraVNC repeater ships hardcoded default admin password allowing unauthenticated admin access

UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater writes the literal string "adminadmi2" as the admin password via strcpyssavedpassword, 64,...

9.1CVSS0.00326EPSS
Exploits0References2
CVE
CVE
added 5 days ago11 views

CVE-2026-7839

UltraVNC repeater up to version 1.8.2.2 contains a hardcoded default admin password that is written during first run when settings2.txt is absent. Specifically, repeater/webgui/settings.c assigns the literal string "adminadmi2" to saved_password (64 bytes) and the HTTP Basic-auth handler wi_decod...

9.1CVSS5.8AI score0.00326EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-40436

Capgo before 12.128.2 contains an information disclosure vulnerability in the /private/validatepasswordcompliance endpoint that returns different error responses for malformed, non-existent, and existing organization IDs. Unauthenticated attackers can enumerate valid organization UUIDs by observi...

6.9CVSS5.8AI score0.00261EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-40459

Storage Concentrator SC & SCVM is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie value is incorporated directly into database queries without adequate sanitization, allowing an unauthenticated remote attacker to manipulate those querie...

9.3CVSS5.9AI score0.00406EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-40697

Inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00253EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-40707

Inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00238EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-40648

Inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.0023EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago4 views

EUVD-2026-40622

Inappropriate implementation in Passwords in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00288EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-40600

Inappropriate implementation in Passwords in Google Chrome on Mac prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. Chromium security severity: Medium...

5.5CVSS5.8AI score0.00113EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-40504

Inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00262EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-54489

UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater writes the literal string "adminadmi2" as the admin password via strcpy ssaved password, 64,...

9.1CVSS5.8AI score0.00326EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 5 days ago4 views

PT-2026-54844

Name of the Vulnerable Software and Affected Versions OpenTelemetry Java Instrumentation versions prior to 2.28.0 Description The JDBC auto-instrumentation fails to sanitize passwords in SQL CONNECT statements when the password is enclosed in double quotes. This leads to clear-text database...

6.5CVSS6AI score0.00219EPSS
Exploits0References4
NVD
NVD
added 6 days ago5 views

CVE-2026-56318

Capgo before 12.128.2 contains an information disclosure vulnerability in the /private/validatepasswordcompliance endpoint that returns different error responses for malformed, non-existent, and existing organization IDs. Unauthenticated attackers can enumerate valid organization UUIDs by observi...

6.9CVSS0.00261EPSS
Exploits0References2
NVD
NVD
added 6 days ago5 views

CVE-2026-14143

Incorrect security UI in Passwords in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.00179EPSS
Exploits0References2
NVD
NVD
added 6 days ago4 views

CVE-2026-14050

Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS0.00247EPSS
Exploits0References2
OSV
OSV
added 6 days ago2 views

DEBIAN-CVE-2026-14019

Inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00238EPSS
Exploits0References1
NVD
NVD
added 6 days ago6 views

CVE-2026-13936

Inappropriate implementation in Passwords in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS0.00288EPSS
Exploits0References2
Rows per page
Query Builder