Lucene search
K

27 matches found

Malwarebytes
Malwarebytes
added 2026/05/05 11:39 a.m.11 views

Update WhatsApp now: Two new flaws could expose you to malicious files

Meta has published a new security advisory for messaging app WhatsApp, announcing patches for two vulnerabilities. WhatsApp has fixed two security flaws that could be abused to interfere with how media and attachments are handled on your device. There is no evidence that either bug has been...

6.5CVSS5.5AI score0.00528EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.5 views

PT-2026-33431

A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the toolsetroute parameter. This parameter is not properly sanitized before being written to logs, allowing the attacker to inject control...

5.3CVSS5.8AI score0.00314EPSS
Exploits0References3
NVD
NVD
added 2026/03/16 2:19 p.m.4 views

CVE-2026-3111

Insecure Direct Object Reference IDOR vulnerability in Campus Educativa specifically at the endpoint '/archivos/usuarios/ID/username/thumbAAxAA.jpg' translated as 80x90 and 40x45. Successful exploitation of this vulnerability could allow an unauthenticated attacker to access the profile photos of...

6.9CVSS0.00261EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/05 9:48 p.m.8 views

Plane is Vulnerable to Unauthenticated Workspace Member Information Disclosure

Executive Summary A security vulnerability exists in the Plane project management platform that allows unauthenticated attackers to enumerate workspace members and extract sensitive information including email addresses, user roles, and internal identifiers. The vulnerability stems from Django RE...

7.5CVSS5.9AI score0.00377EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/02/27 8:17 a.m.6 views

CVE-2025-9909

A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash // prefix in the gatewaypath. A malicious or socially engineered administrator can configure a...

6.7CVSS0.00167EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2017-15993

Malware in sbrugna...

5.3CVSS5.6AI score0.01794EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-16353

Malware in sbrugna...

5.8CVSS6.1AI score0.01113EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.13 views

EUVD-2025-30787

Malicious code in bioql PyPI...

7.7CVSS6.3AI score0.00215EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-31223

Malicious code in bioql PyPI...

3.7CVSS6.6AI score0.00234EPSS
Exploits0References2
NVD
NVD
added 2025/09/26 8:15 a.m.7 views

CVE-2025-1396

A username enumeration vulnerability exists in multiple WSO2 products when Multi-Attribute Login is enabled. In this configuration, the system returns a distinct "User does not exist" error message to the login form, regardless of the validateusername setting. This behavior allows malicious actor...

5.3CVSS0.00234EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2017-5592

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An incorrect implementation of XEP-0280: Message Carbons in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the...

5.9CVSS5.9AI score0.00838EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.4 views

TencentOS Server 4: git (TSSA-2025:0618)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0618 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

8.6CVSS8.1AI score0.00314EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2019-9807

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content...

4.3CVSS7.2AI score0.00791EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/06/10 12:0 a.m.13 views

PT-2025-38699

Name of the Vulnerable Software and Affected Versions Lightspeed affected versions not specified Description A flaw exists in the Lightspeed history service due to insufficient access controls. A local, unprivileged user can access and manipulate the chat history of another user on the same syste...

7.7CVSS6.1AI score0.00215EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2025/05/22 6:36 p.m.5 views

CVE-2021-34683

An issue was discovered in EXCELLENT INFOTEK CORPORATION EIC E-document System 3.0. A remote attacker can use kw/auth/bbs/asp/getuseremailinfobbs.asp to obtain the contact information name and e-mail address of everyone in the entire organization. This information can allow remote attackers to...

5.3CVSS6.8AI score0.01082EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:11 a.m.14 views

CVE-2019-6795

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Insufficient Visual Distinction of Homoglyphs Presented to a User. IDN homographs and RTLO characters are rendered to unicode, which could be used for social...

5.8CVSS6.5AI score0.01113EPSS
Exploits1References1
OSV
OSV
added 2024/06/05 2:15 p.m.37 views

GHSA-4M3G-6R7G-JV4F Arbitrary JavaScript execution due to using outdated libraries

Summary gradio-pdf projects with dependencies on the pdf.js library are vulnerable to CVE-2024-4367, which allows arbitrary JavaScript execution. PoC 1. Generate a pdf file with a malicious script in the fontmatrix. This will run alert‘XSS’. poc.pdf 2. Run the app. In this PoC, I've used the demo...

3.6CVSS8.4AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/04/05 12:0 a.m.7 views

CVE-2023-0450

An issue has been discovered in GitLab affecting all versions starting from 8.1 to 15.8.5, and from 15.9 to 15.9.4, and from 15.10 to 15.10.1. It was possible to add a branch with an ambiguous name that could be used to social engineer users...

3.7CVSS4.1AI score0.00683EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:49 a.m.3 views

SUSE CVE-2017-5593

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Psi+ 0.16.563.580 -...

5.9CVSS6.7AI score0.00679EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2021/11/13 12:0 a.m.4 views

PT-2021-23891 · Npm +5 · Npm +5

Name of the Vulnerable Software and Affected Versions: npm versions 7.x through 8.1.3 Description: The npm ci command proceeds with an installation even if dependency information in package-lock.json differs from package.json, which is inconsistent with the documentation. This behavior makes it...

9.8CVSS8.2AI score0.02534EPSS
Exploits1References46
Rows per page
Query Builder