Lucene search
+L

449 matches found

Packet Storm News
Packet Storm News
added 2026/06/05 12:0 a.m.11 views

The Sound of Malware: A Memory Forensics Approach for Android Malware Analysis Via Audio Signals

Android malware analysis is currently facing increasing challenges in achieving robust classification and detecting stealth attacks. Modern threats employ advanced evasion strategies such as code obfuscation, dynamic loading, packing, and even steganographic manipulation of traditional static and...

5.5AI score
Exploits0
Snyk
Snyk
added 2026/06/01 2:9 p.m.9 views

Missing Authorization

Overview @vitest/ui is an UI for Vitest Affected versions of this package are vulnerable to Missing Authorization through the api and browser.api request handlers in the server and UI components. An attacker can run tests, modify project files, or overwrite snapshots by connecting to an exposed...

9.2CVSS6AI score0.01024EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.26 views

Grafana Labs < 11.6.14+security-04 / 12.2.0 < 12.2.8+security-04 / 12.3.0 < 12.3.6+security-04 / 12.4.0 < 12.4.3+security-02 / 13.0.0 < 13.0.1+security-01 Multiple Vulnerabilities

The version of Grafana Labs installed on the remote host is affected by multiple vulnerabilities, including: - A broken access control flaw in the Snapshot API allows any Editor to delete dashboard snapshots, even those they have no read or write access to. CVE-2026-28380 - When using an IPv6...

8.1CVSS5.4AI score0.00328EPSS
Exploits0References20
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: devlink: The region-snapshotlock was not held during snapshot flushing. Netdevsim triggers a segmentation fault when reloading, especially when destroying regions with snapshots pending: WARNING: CPU: 1 PID: 787 at...

5.7AI score0.00198EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: bcachefs: kvfree bchfs::snapshots in bch2fssnapshotsexit. bchfs::snapshots is allocated by kvzalloc in snapshottmut. It should be freed by kvfree, not kfree. Otherwise, umount will trigger an error: 406.829178 BUG: Unable to...

5.5CVSS6AI score0.0018EPSS
Exploits0References2
OSV
OSV
added 2026/05/15 8:42 a.m.4 views

BIT-GRAFANA-2026-28380 BAC in Snapshot API allows deletion of unauthorized dashboard snapshots

Any Editor could delete any snapshot, even if they have no access to read or write them...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 7:28 p.m.44 views

CVE-2026-28380

The CVE-2026-28380 entry describes a broken access control flaw in the Snapshot API that lets Any Editor delete any dashboard snapshot, even without read/write permissions. Affected component is the Snapshot API used for managing dashboard snapshots; the underlying cause is insufficient authoriza...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/13 7:28 p.m.33 views

CVE-2026-28380 BAC in Snapshot API allows deletion of unauthorized dashboard snapshots

Any Editor could delete any snapshot, even if they have no access to read or write them...

6.5CVSS0.00227EPSS
Exploits0References1
Grafana
Grafana
added 2026/05/13 12:0 a.m.37 views

BAC in Snapshot API allows deletion of unauthorized dashboard snapshots

Any Editor could delete any snapshot, even if they have no access to read or write them...

6.5CVSS5.8AI score0.00227EPSS
Exploits0
EUVD
EUVD
added 2026/05/11 6:31 p.m.11 views

EUVD-2026-29104

In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...

7.5CVSS5.8AI score0.00293EPSS
Exploits0References3
NVD
NVD
added 2026/05/11 5:16 p.m.44 views

CVE-2026-33359

In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...

7.5CVSS0.00293EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/11 4:3 p.m.18 views

CVE-2026-33359 Meari unauthenticated alert image access in cloud object storage

In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...

7.5CVSS5.8AI score0.00293EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/11 4:3 p.m.5 views

CVE-2026-33359

In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...

7.5CVSS5.8AI score0.00293EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/11 4:3 p.m.51 views

CVE-2026-33359 Meari unauthenticated alert image access in cloud object storage

In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...

7.5CVSS0.00293EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

Meari Alibaba OSS 安全漏洞

Meari Alibaba OSS is an IoT cloud data storage solution developed by Meari Company, which integrates object storage services. There is a security vulnerability in Meari Alibaba OSS. This vulnerability arises from the lack of authentication, signed URLs, and expiration controls in Meari IoT Cloud...

7.5CVSS5.8AI score0.00293EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.20 views

PT-2026-39642

In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...

7.5CVSS5.8AI score0.00293EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/08 8:34 p.m.16 views

CVE-2026-43361

A flaw was found in the Linux kernel's Btrfs filesystem. A malicious user can exploit this by repeatedly creating snapshots of a previously received subvolume. This action can lead to an item overflow, causing a transaction abort and forcing the filesystem into a read-only state. This results in ...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/08 2:22 a.m.10 views

SUSE CVE-2026-40197

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The custom volume backup import subsystem...

7.1CVSS5.8AI score0.00299EPSS
Exploits1References3
OSV
OSV
added 2026/05/07 5:31 a.m.6 views

GHSA-98H9-4798-4Q5V Diffusers has a `trust_remote_code` bypass via `custom_pipeline` and local custom components

Impact A trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variants, all sharing the same root cause — the trustremotecode gate was...

8.8CVSS6.6AI score0.00865EPSS
Exploits1References8
NVD
NVD
added 2026/05/06 9:16 p.m.10 views

CVE-2026-40197

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The custom volume backup import subsystem...

7.1CVSS0.00299EPSS
Exploits1References1
Rows per page
Query Builder