Lucene search
K

252960 matches found

The Hacker News
The Hacker News
added 2026/05/14 6:0 a.m.20 views

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years. The vulnerability, discovered by depthfirst, is a heap buffer overflow issue impacting ngxhttprewritemodule...

9.2CVSS6.8AI score0.61469EPSS
Exploits40
ATTACKERKB
ATTACKERKB
added 2026/05/14 5:33 a.m.10 views

CVE-2026-6335

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user to execute arbitrary code in another user's browser session due to improper sanitization...

5.4CVSS6.2AI score0.00192EPSS
Exploits0References4Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/14 3:28 a.m.45 views

SUSE CVE-2010-4314

Remote attackers can use the iPrint web-browser ActiveX plugin in Novell iPrint Client before 5.42 for Windows XP/Vista/Win7 to execute code by overflowing the "name" parameter...

9.3CVSS6AI score0.03093EPSS
Exploits4References5
OSV
OSV
added 2026/05/14 2:43 a.m.5 views

MGASA-2026-0134 Updated redis packages fix security vulnerabilities

CVE-2026-23479 Use-After-Free in unblock client flow may lead to Remote Code Execution. CVE-2026-25243 Invalid memory access in RESTORE may lead to Remote Code Execution CVE-2026-23631 Lua Use-After-Free may lead to remote code execution A user can manipulate data read by a connection by injectin...

8.8CVSS6.1AI score0.02995EPSS
Exploits4References5
Mageia
Mageia
added 2026/05/14 2:43 a.m.20 views

Updated redis packages fix security vulnerabilities

CVE-2026-23479 Use-After-Free in unblock client flow may lead to Remote Code Execution. CVE-2026-25243 Invalid memory access in RESTORE may lead to Remote Code Execution CVE-2026-23631 Lua Use-After-Free may lead to remote code execution A user can manipulate data read by a connection by injectin...

8.8CVSS6.5AI score0.02995EPSS
Exploits4References4
Mageia
Mageia
added 2026/05/14 2:43 a.m.12 views

Updated dnsmasq packages fix security vulnerabilities

CVE-2026-2291: dnsmasqs extractname function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS. CVE-2026-4890: A Denial of Service DoS...

8.8CVSS6.4AI score0.06662EPSS
Exploits4References2
RedhatCVE
RedhatCVE
added 2026/05/14 2:21 a.m.11 views

CVE-2026-41463

ProjeQtor versions 7.0 through 12.4.3 contain a ZipSlip path traversal vulnerability in the plugin upload functionality that allows authenticated attackers with upload permissions to write files outside the intended extraction directory by crafting ZIP archives with directory traversal sequences...

8.8CVSS6.4AI score0.01081EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 12:31 a.m.31 views

EUVD-2026-30206

Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command. The user parameter is not validated or escaped, and is used as the last argument on the command line, allowing for command injection...

5.8AI score0.01653EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.12 views

PT-2026-41084

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description A use after free issue in GTK allows a remote attacker to execute arbitrary code by inducing the user to open a crafted HTML page. Recommendations Update to version 148.0.7778.168 or...

8.8CVSS6.2AI score0.00498EPSS
Exploits0References85
ATTACKERKB
ATTACKERKB
added 2026/05/14 12:0 a.m.6 views

CVE-2025-69443

Remote Code Execution in coleam00 Archon 0.1.0. A crafted HTML page, when accessed by a victim, can execute commands, run prompts on behalf of the user, control the Archon UI features, and steal all Archon information available on the UI including API keys...

6AI score0.00312EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/14 12:0 a.m.10 views

EUVD-2025-209844

Remote Code Execution in coleam00 Archon 0.1.0. A crafted HTML page, when accessed by a victim, can execute commands, run prompts on behalf of the user, control the Archon UI features, and steal all Archon information available on the UI including API keys...

6AI score0.00312EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/05/14 12:0 a.m.32 views

Exploiting LLM Agent Supply Chains Via Payload-Less Skills

Autonomous agents powered by Large Language Models LLMs acquire external functionalities through third-party skills available in open marketplaces. Adopting these integrations broadens the potential attack surface, prompting a need for systematic security evaluation. Current auditing mechanisms a...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.10 views

PT-2026-41078

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description A use after free issue in Media allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. Use after free is a memory corruption flaw that occurs...

8.8CVSS6.2AI score0.00498EPSS
Exploits0References83
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.11 views

PT-2026-40933

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.43 n8n versions prior to 2.20.7 n8n versions prior to 2.22.1 Description An authenticated user with permissions to create or modify workflows can achieve global prototype pollution through an unvalidated pagination...

9.9CVSS6AI score0.00632EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.11 views

PT-2026-40936

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.43 n8n versions prior to 2.20.7 n8n versions prior to 2.22.1 Description An attacker with write access to a git repository connected to an n8n Source Control configuration can commit a malicious Data Table JSON file...

9CVSS5.8AI score0.00331EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.12 views

PT-2026-40935

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.43 n8n versions prior to 2.20.7 n8n versions prior to 2.22.1 Description An authenticated user with permissions to create or modify workflows can bypass a previous prototype pollution patch in the XML node. Prototyp...

9.9CVSS6.4AI score0.00634EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.10 views

PT-2026-40934

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.43 n8n versions prior to 2.20.7 n8n versions prior to 2.22.1 Description An authenticated user with permissions to create or modify workflows can inject CLI flags during the Push operation of the Git node. This allo...

9.4CVSS6.7AI score0.00632EPSS
Exploits0References15
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.7 views

diffusers 代码注入漏洞

diffusers is a generative model library for generating images, audio, and 3D molecular structures, open-sourced by Hugging Face. Versions of diffusers prior to 0.38.0 contained a code injection vulnerability, which was caused by a bypass of trustremotecode, potentially allowing arbitrary remote...

8.8CVSS6.3AI score0.00865EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.9 views

PT-2026-41423

CVE-2026-40327 - Apache Struts Remote Code Execution Vulnerability CVE ID :CVE-2026-40327 Published : May 13, 2026, 10:16 p.m. | 37 minutes ago Description :Rejected reason: This CVE is a duplicate of another CVE. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected...

5.9AI score
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

diffusers 代码注入漏洞

Diffusers is an open-source diffusion model library developed by Hugging Face for generating images, audio, and 3D molecular structures. Versions of Diffusers prior to 0.38.0 contained a code injection vulnerability, which was caused by improper handling of the custompipeline parameter, potential...

8.8CVSS6.1AI score0.00562EPSS
Exploits1References1
Rows per page
Query Builder