Lucene search
K

1448 matches found

HackRead
HackRead
added 2026/04/10 4:55 p.m.2 views

GraphAlgo Scam: Lazarus Hackers Register Real US LLCs to Spread Malware

ReversingLabs has discovered a fresh wave of the graphalgo campaign in which North Korean Lazarus hackers are using fake Florida LLCs, mimicking SWFT Blockchain, and using GitHub typo-squatting to target developers with malware...

5.8AI score
Exploits0
CVE
CVE
added 2026/04/10 12:0 a.m.36 views

CVE-2026-33551

OpenStack Keystone vulnerability CVE-2026-33551 allows an authenticated user with only a reader role to obtain EC2/S3 credentials via restricted application credentials when using the EC2/S3 compatibility API (swift3/s3api). Affected products/versions: Keystone 14 through 26 before 26.1.1, 27.0.0...

5.3CVSS5.9AI score0.0022EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/04 4:59 a.m.4 views

CVE-2026-28815

A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1...

7.5CVSS5.9AI score0.00472EPSS
Exploits1References1
OSV
OSV
added 2026/04/03 3:39 a.m.1 views

GHSA-9M44-RR2W-PPP7 Swift Crypto: X-Wing HPKE Decapsulation Accepts Malformed Ciphertext Length

Summary The X-Wing decapsulation path accepts attacker-controlled encapsulated ciphertext bytes without enforcing the required fixed ciphertext length. The decapsulation call is forwarded into a C API, which expects a compile-time fixed-size ciphertext buffer of 1120 bytes. This creates an FFI...

8.8CVSS6.2AI score0.00472EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/03 3:39 a.m.4 views

EUVD-2026-18570

Swift Crypto: X-Wing HPKE Decapsulation Accepts Malformed Ciphertext Length...

7.5CVSS5.8AI score0.00472EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/03 3:39 a.m.7 views

Swift Crypto: X-Wing HPKE Decapsulation Accepts Malformed Ciphertext Length

Summary The X-Wing decapsulation path accepts attacker-controlled encapsulated ciphertext bytes without enforcing the required fixed ciphertext length. The decapsulation call is forwarded into a C API, which expects a compile-time fixed-size ciphertext buffer of 1120 bytes. This creates an FFI...

7.5CVSS6.2AI score0.00472EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/04/03 3:16 a.m.3 views

CVE-2026-28815

A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1...

7.5CVSS0.00472EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/03 1:32 a.m.2 views

CVE-2026-28815

A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1...

7.5CVSS5.9AI score0.00472EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/03 1:32 a.m.16 views

CVE-2026-28815

A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1...

0.00472EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/03 1:32 a.m.2 views

CVE-2026-28815

A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1...

5.9AI score0.00472EPSS
Exploits1References1
CVE
CVE
added 2026/04/03 1:32 a.m.13 views

CVE-2026-28815

CVE-2026-28815 concerns Swift Crypto’s X-Wing HPKE decapsulation path. The issue arises when an attacker-supplied encapsulatedKey is shorter than the required 1120 bytes; the implementation forwards the data to a C API without runtime length validation, enabling an out-of-bounds read in the decap...

7.5CVSS5.9AI score0.00472EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.4 views

PT-2026-29972

A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1...

5.9AI score0.00472EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.8 views

Swift Crypto 安全漏洞

Swift Crypto is an open-source cross-platform encryption library developed by Apple. Versions of Swift Crypto prior to 4.3.1 contained a security vulnerability. This vulnerability was caused by remote attackers who could provide short X-Wing HPKE encapsulation keys and trigger out-of-bound reads ...

7.5CVSS5.8AI score0.00472EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/03/26 3:20 p.m.153 views

XNUTest

xnutesting Research & Education Only — Proof-of-concept...

5.9AI score
Exploits0
Snyk
Snyk
added 2026/03/20 8:46 p.m.3 views

Improper Cleanup on Thrown Exception

Overview Affected versions of this package are vulnerable to Improper Cleanup on Thrown Exception when cleaning up tmp files. Temporary storage can be exhausted during the scanning process by an attacker providing large or highly compressed artifacts, leading to the accumulation of temporary file...

6.9CVSS5.8AI score0.00408EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/02/27 5:10 p.m.213 views

Exploit for CVE-2025-70342

CVE-2025-70342: Credential Interception via Named Pipe in eras...

5.9AI score0.00241EPSS
Exploits2
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.10 views

leafkit 安全漏洞

Leafkit is an open-source application developed by Vapor. It uses Swift to create modular server-side software. Versions of Leafkit prior to 1.4.1 contained security vulnerabilities. These vulnerabilities stemmed from the fact that htmlEscaped only matched extended character clusters, which could...

6.1CVSS5.7AI score0.0023EPSS
Exploits1References2
OSV
OSV
added 2026/02/19 7:40 p.m.4 views

GHSA-4HFH-FCH3-5Q7P Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster

Summary htmlEscaped in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypassing escaping by using an extended grapheme cluster containing both the special html character and some additional characters. In the case of html attributes, this c...

6.1CVSS5.6AI score0.0023EPSS
Exploits1References4
Packet Storm News
Packet Storm News
added 2026/01/28 12:0 a.m.2 views

Supply Chain Insecurity: Exposing Vulnerabilities in IOS Dependency Management Systems

Dependency management systems are a critical component in software development, enabling projects to incorporate existing functionality efficiently. However, misconfigurations and malicious actors in these systems pose severe security risks, leading to supply chain attacks. Despite the widespread...

6.5AI score
Exploits0
Fedora
Fedora
added 2026/01/23 1:16 a.m.7 views

[SECURITY] Fedora 42 Update: rclone-1.72.1-1.fc42

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

7.5CVSS6.9AI score0.00613EPSS
Exploits1
Rows per page
Query Builder