Lucene search
+L

608 matches found

cvelist
cvelist
added 3 days ago32 views

CVE-2026-15637

Improper authorization in the PAM SSH key and certificate retrieval endpoints in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated low-privileged user to disclose the private key of an SSH key or certificate PAM credential via a direct object reference to the credential identifier...

0.00096EPSS
Exploits0References1
nvd
nvd
added 2026/07/07 5:16 p.m.9 views

CVE-2026-14904

AWS Research and Engineering Studio RES is an open-source solution that enables researchers and engineers to create and manage secure virtual desktops and computing resources on AWS. Improper link resolution before file access issue CWE-59 in the Auth.GetUserPrivateKey API. An authenticated remot...

7.1CVSS0.00381EPSS
Exploits0References2
osv
osv
added 2026/07/07 12:35 p.m.2 views

OPENSUSE-SU-2026:21247-1 Security update for docker-compose

This update for docker-compose fixes the following issues - CVE-2025-0495: buildx: credential leakage to telemetry endpoints when credentials allowed to be set as attribute values in cache-to/cache-from configuration bsc1239766. - CVE-2025-22869: golang.org/x/crypto/ssh: Denial of Service in the...

9.6CVSS6.8AI score0.00868EPSS
Exploits0References8
euvd
euvd
added 2026/07/03 6:18 a.m.8 views

EUVD-2026-41495

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

6AI score0.00508EPSS
Exploits1References3
alpinelinux
alpinelinux
added 2026/07/03 6:18 a.m.8 views

CVE-2026-9547

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

7.4CVSS6AI score0.00508EPSS
Exploits1References3
redhat
redhat
added 2026/07/01 5:33 p.m.9 views

Important: Red Hat Security Advisory: Satellite 6.16.10 Async Update

An update is now available for Red Hat Satellite 6.16 for RHEL 8 and RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.8CVSS5.7AI score0.00297EPSS
Exploits0References6
thn
thn
added 2026/06/30 3:47 p.m.11 views

Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints

Threat actors are continuing to exploit a critical Langflow vulnerability as part of fresh attacks designed to deliver a Monero cryptocurrency miner. The activity has been found to weaponize CVE-2026-33017 CVSS score: 9.3, an unauthenticated remote code execution RCE vulnerability in Langflow,...

9.8CVSS8.1AI score0.98191EPSS
Exploits21
ossf
ossf
added 2026/06/27 7:12 p.m.14 views

Malicious code in ts-ankle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1695e2ffa9252abe1053fc13895a071bd87cb27eb009eeb2262aae1a27da4ea5 On npm install, [email protected] runs a postinstall hook node test.js that executes two hostile flows against the installer's machine without user...

5.8AI score
Exploits0References2
nessus
nessus
added 2026/06/26 12:0 a.m.6 views

SUSE SLES15 Security Update : apptainer (SUSE-SU-2026:2609-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2609-1 advisory. This update for apptainer fixes the following issues - CVE-2026-24137: github.com/sigstore/sigstore/pkg/tuf: legacy TUF client allows for...

10CVSS7.2AI score0.00781EPSS
Exploits1References46
osv
osv
added 2026/06/24 8:0 a.m.10 views

CURL-CVE-2026-9547 SSH improper host validation

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

7.4CVSS5.9AI score0.00508EPSS
Exploits1
ptsecurity
ptsecurity
added 2026/06/24 12:0 a.m.13 views

PT-2026-51756

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description Applications using libcurl for transfers via SCP:// or SFTP:// that utilize the CURLOPT SSH KEYFUNCTION callback may silently accept an untrusted server. This occurs when a server presents a...

9.1CVSS5.8AI score0.00649EPSS
Exploits2References73
ossf
ossf
added 2026/06/19 5:10 a.m.20 views

Malicious code in node-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d71bcdec983467ab6a47b538e524abc1cdafc98b411761bffb375be17d72009 On npm install, package.json's postinstall hook executes node test.js which invokes code in index.js that performs two distinct attacks on the...

5.9AI score
Exploits0References4
osv
osv
added 2026/06/15 9:52 p.m.7 views

MAL-2026-5841 Malicious code in twrap-toolkit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 174cba09d5ec9724bd55871c7f74c27ff8592bf55c06464204e0591667377259 twraptoolkit/init.py defines getpayload which issues a plaintext HTTP request to http://194.5.152.9:8080/hacks/textwrap-toolkit/textwraptoolkit/init....

6.6AI score
Exploits0References2
ossf
ossf
added 2026/06/15 9:52 p.m.13 views

Malicious code in twrap-toolkit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 174cba09d5ec9724bd55871c7f74c27ff8592bf55c06464204e0591667377259 twraptoolkit/init.py defines getpayload which issues a plaintext HTTP request to http://194.5.152.9:8080/hacks/textwrap-toolkit/textwraptoolkit/init....

6.5AI score
Exploits0References2
osv
osv
added 2026/06/11 12:42 p.m.8 views

MAL-2026-5643 Malicious code in parket-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6dc700128da5b494d5325086ec183ce7c746d44d88dc7f609bfb9f2eab9fa072 On npm install, the package's postinstall script node test.js auto-executes a multi-stage attack against the installer's machine. It recursively scan...

5.6AI score
Exploits0References2
ossf
ossf
added 2026/06/11 12:42 p.m.14 views

Malicious code in parket-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6dc700128da5b494d5325086ec183ce7c746d44d88dc7f609bfb9f2eab9fa072 On npm install, the package's postinstall script node test.js auto-executes a multi-stage attack against the installer's machine. It recursively scan...

5.5AI score
Exploits0References2
ossf
ossf
added 2026/06/10 6:41 p.m.16 views

Malicious code in websocket-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c15c40b8371646f167ffa7d5a2ba2c8d0fd454ef7054eeb41807a1a3eda8e7a6 On npm install, this package runs node test.js via scripts.postinstall, which executes the logic in index.js. The postinstall behavior performs three...

5.5AI score
Exploits0References2
osv
osv
added 2026/06/10 6:41 p.m.10 views

MAL-2026-5530 Malicious code in websocket-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c15c40b8371646f167ffa7d5a2ba2c8d0fd454ef7054eeb41807a1a3eda8e7a6 On npm install, this package runs node test.js via scripts.postinstall, which executes the logic in index.js. The postinstall behavior performs three...

5.5AI score
Exploits0References2
githubexploit
githubexploit
added 2026/06/08 10:46 a.m.86 views

Post_Exploitation_Privilege_Escalation

⬆️ Week 05 — Post-Exploitation & Privilege Escalation Inter...

5.5AI score
Exploits0
cve
cve
added 2026/06/01 4:13 p.m.26 views

CVE-2026-45132

CVE-2026-45132 concerns CloudPirates Open Source Helm Charts. Prior to commit fcf9302, a GitHub Actions workflow (generate-schema.yaml) exposed sensitive credentials—Personal Access Token and an SSH signing key —to fork-controlled code due to unsafe checkout and credential handling practices. The...

10CVSS5.8AI score0.0026EPSS
Exploits0References2
Rows per page
Query Builder