Lucene search
K

27011 matches found

Cvelist
Cvelist
added 2026/04/07 3:25 a.m.26 views

CVE-2026-20446

In sec boot, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service, if an attacker has physical access to the device, with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09963054; Issue ID:...

0.00191EPSS
Exploits0References1
CVE
CVE
added 2026/04/07 3:25 a.m.17 views

CVE-2026-20446

CVE-2026-20446 affects MediaTek chipsets’ secure boot implementation, with an out-of-bounds write caused by integer overflow that can lead to local denial of service when an attacker has physical access and user privileges. Exploitation requires no user interaction. A patch is available (ALPS0996...

4.3CVSS6.1AI score0.00191EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.2 views

PT-2026-30930

OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers who can influence agent tool execution to read arbitrary local files outside the intended repository...

8.4CVSS6.2AI score0.00127EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.4 views

PT-2026-30994

An improper access control vulnerability exists in Semtech LoRa LR11xxx transceivers running early versions of firmware where the memory write command accessible via the physical SPI interface fails to enforce write protection on the program call stack. An attacker with physical access to the SPI...

5.4CVSS6.2AI score0.00243EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.3 views

PT-2026-30996

The Semtech LR11xx LoRa transceivers implement secure boot functionality using digital signatures to authenticate firmware. However, the implementation uses a non-standard cryptographic hashing algorithm that is vulnerable to second preimage attacks. An attacker with physical access to the device...

7CVSS6AI score0.0011EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.5 views

PT-2026-30791

Name of the Vulnerable Software and Affected Versions Versions prior to patch ALPS09963054 Description An out-of-bounds write issue exists in secure boot due to an integer overflow. This could result in a local denial of service if an attacker has physical access to the device and user execution...

4.3CVSS6AI score0.00191EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.8 views

Semtech LR11xx LoRa 安全漏洞

Semtech LR11xx LoRa is a series of low-power wireless communication chips developed by the American company Semtech. The Semtech LR11xx LoRa device has a security vulnerability, which stems from the use of non-standard encryption hash algorithms that are vulnerable to secondary image attacks. Thi...

7CVSS5.8AI score0.0011EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/07 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-4631

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An...

9.8CVSS6.3AI score0.142EPSS
Exploits3References2
NVD
NVD
added 2026/04/06 10:16 p.m.7 views

CVE-2026-35452

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/CloneSite/client.log.php endpoint serves the clone operation log file without any authentication. Every other endpoint in the CloneSite plugin directory enforces User::isAdmin. The log contains internal filesyste...

5.3CVSS0.00367EPSS
Exploits1References1
CVE
CVE
added 2026/04/06 9:47 p.m.12 views

CVE-2026-35452

WWBN AVideo (versions 26.0 and prior) is affected by CVE-2026-35452 due to unauthenticated access to CloneSite/plugin/CloneSite/client.log.php, which serves clone operation logs containing internal filesystem paths, remote server URLs, and SSH metadata. The vulnerability arises because this endpo...

5.3CVSS5.9AI score0.00367EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/06 9:47 p.m.7 views

CVE-2026-35452

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/CloneSite/client.log.php endpoint serves the clone operation log file without any authentication. Every other endpoint in the CloneSite plugin directory enforces User::isAdmin. The log contains internal filesyste...

5.3CVSS5.9AI score0.00367EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/04/06 3:16 p.m.2 views

EUVD-2026-19313

Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The complete, guitabtooltip and printheader options are missing the PMLE flag, allowing a modeline to be executed...

8.2CVSS6.3AI score0.00417EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/06 9:23 a.m.5 views

Malicious code in nerite-security-audit (npm)

Collects and exfiltrates sensitive data env vars, SSH keys, keystores, history via HTTPS and DNS. Suspicious domain and disabled SSL validation. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87776a4e480d244c862e76238cd498aa49bd919403dad6de21a85326d6b451ed The...

5.9AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/04/06 3:44 a.m.3 views

vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin

A flaw was found in Vim, an open-source command-line text editor. Specifically, an operating system OS command injection vulnerability exists in the netrw standard plugin. A remote attacker could exploit this by tricking a user into opening a specially crafted URL, such as one using the scp://...

7.8CVSS6.1AI score0.01162EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/06 3:34 a.m.3 views

vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin

A flaw was found in Vim, an open-source command-line text editor. Specifically, an operating system OS command injection vulnerability exists in the netrw standard plugin. A remote attacker could exploit this by tricking a user into opening a specially crafted URL, such as one using the scp://...

7.8CVSS6.1AI score0.01162EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/06 3:27 a.m.3 views

vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin

A flaw was found in Vim, an open-source command-line text editor. Specifically, an operating system OS command injection vulnerability exists in the netrw standard plugin. A remote attacker could exploit this by tricking a user into opening a specially crafted URL, such as one using the scp://...

7.8CVSS6.1AI score0.01162EPSS
Exploits0References7
OSV
OSV
added 2026/04/06 2:48 a.m.12 views

CLEANSTART-2026-DM62512 Security fixes for CVE-2026-25679, CVE-2026-27139, CVE-2026-27142 applied in versions: 0.35.0-r0

Multiple security vulnerabilities affect the sealed-secrets package. These issues are resolved in later releases. See references for individual vulnerability details...

7.5CVSS7.2AI score0.0052EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2026/04/05 1:18 p.m.92 views

GuvenliWebYazilimiGelistirme-CipherNone-

🛡️ CipherNone: JWT "alg: none" Vulnerability & Hardening Lab...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/04 12:0 a.m.7 views

SecPI: Secure Code Generation with Reasoning Models Via Security Reasoning Internalization

Reasoning language models RLMs are increasingly used in programming. Yet, even state-of-the-art RLMs frequently introduce critical security vulnerabilities in generated code. Prior training-based approaches for secure code generation face a critical limitation that prevents their direct applicati...

6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/04 12:0 a.m.5 views

PT-2026-30336

Name of the Vulnerable Software and Affected Versions AVideo versions 26.0 and prior Description The plugin/CloneSite/client.log.php endpoint serves the clone operation log file without authentication. Other endpoints in the CloneSite plugin directory enforce User::isAdmin. The log contains...

5.3CVSS6AI score0.00367EPSS
Exploits1References5
Rows per page
Query Builder