Lucene search
K

6385 matches found

Nuclei
Nuclei
added 9 hours ago14 views

Astro - Unauthorized Third-Party Image Access

Astro 5.13.2 and 4.16.18 contains an information disclosure vulnerability caused by improper validation of protocol-relative URLs in the image optimization endpoint, letting attackers serve images from unauthorized third-party domains, exploit requires on-demand rendering deployment. id:...

6.9CVSS5.9AI score0.00599EPSS
Exploits1References2
EUVD
EUVD
added 10 hours ago5 views

EUVD-2026-41482

An Improper Export of Android Application Components vulnerability in ASUS Router App allows a third-party application on the same device to send a crafted Intent that causes ASUS Router App to open an specified URL. Refer to the ' Security Update for ASUS Router Android App ' section on the ASUS...

6CVSS5.8AI score
Exploits0References1
NVD
NVD
added 3 days ago5 views

CVE-2026-50110

Storage Concentrator SC & SCVM contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded format, the encoding can be reversed to plaintext. The exposed credentials span a broad range of internal services,...

9.3CVSS0.00128EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-10763

PROMOD V is using insecure HTTP communication instead of HTTPS. The vulnerability is due to the lack of HTTPS support from 3rd party Digipede server...

7CVSS0.00347EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 3 days ago8 views

PT-2026-54432

Name of the Vulnerable Software and Affected Versions Storage Concentrator SC & SCVM affected versions not specified Description Storage Concentrator SC & SCVM contains hardcoded credentials for various internal services within a configuration file. Although these credentials use encoding, the...

9.3CVSS5.8AI score0.00128EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago11 views

Malicious code in react-editable-calendar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b35fd7baa18320cbcaf6fbb6fbabb6139dd48264cd1f09d0461a8877c1f873f On npm install, the package's preinstall hook runs node dist/index.d.js. That file base64-decodes a payload which fetches JavaScript from...

6.1AI score
Exploits0References1
NVD
NVD
added 6 days ago9 views

CVE-2023-37524

HCL Traveler for Microsoft Outlook HTMO is susceptible to vulnerabilities due to .NET Framework 4.5 being out of service. Since .NET Framework 4.5 has reached end-of-life and no longer receives security updates, it may expose the application to publicly known security weaknesses through vulnerabl...

7.7CVSS0.00108EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago7 views

EUVD-2023-60599

HCL Traveler for Microsoft Outlook HTMO is susceptible to vulnerabilities due to .NET Framework 4.5 being out of service. Since .NET Framework 4.5 has reached end-of-life and no longer receives security updates, it may expose the application to publicly known security weaknesses through vulnerabl...

7.7CVSS5.8AI score0.00108EPSS
Exploits0References1
CVE
CVE
added 6 days ago10 views

CVE-2023-37524

Technical details (affected product/version, root cause, and remediation) are not publicly available in the provided documents. Monitor for updates from official sources regarding CVE-2023-37524.

7.7CVSS5.8AI score0.00108EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago29 views

CVE-2023-37524 HCL Traveler for Microsoft Outlook (HTMO) is susceptible to vulnerabilities due to .NET Framework 4.5 being out of service

HCL Traveler for Microsoft Outlook HTMO is susceptible to vulnerabilities due to .NET Framework 4.5 being out of service. Since .NET Framework 4.5 has reached end-of-life and no longer receives security updates, it may expose the application to publicly known security weaknesses through vulnerabl...

7.7CVSS0.00108EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago12 views

PT-2026-53036

Name of the Vulnerable Software and Affected Versions HCL Traveler for Microsoft Outlook HTMO affected versions not specified Description The application is susceptible to security weaknesses because it relies on .NET Framework 4.5, which has reached end-of-life. As this framework no longer...

7.7CVSS5.7AI score0.00108EPSS
Exploits0References5
EUVD
EUVD
added last week21 views

EUVD-2026-31658

Cargo crates in third party registries can override the cached source of other crates...

6.5CVSS5.8AI score0.00294EPSS
Exploits0References5
EUVD
EUVD
added last week13 views

EUVD-2026-31654

Cargo can be coerced to share credentials between registries...

6.5CVSS7.1AI score0.00328EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/24 7:43 p.m.15 views

CVE-2026-48028 Mastodon: Removal of integrity-protected JSON entries from signed activities

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures does not sufficiently protect the activities from a certain class of spoofing, allowing threat actors...

6.5CVSS0.00124EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:16 p.m.8 views

CVE-2026-44957

A missing access control check when invoking various modify methods in the XML‑RPC API of Revive Adserver 6.0.6 and earlier. The API allowed entities to be reassigned to different parent entities, leading to inconsistent ownership relationships. This issue was exploitable only in combination with...

4.3CVSS0.00235EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/06/22 12:45 p.m.35 views

Google Sets Sept. 30 Deadline for Android Developer Verification in Four Countries

Google has set September 30, 2026, as the day it begins enforcing Android developer verification in the first four countries, and the major device-maker app stores are in from the start. On that date, certified Android phones in Brazil, Indonesia, Singapore, and Thailand will block normal install...

5.9AI score
Exploits0
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Apache2

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch, especially when an extremely large input buffer is used. Although no code distributed with the server can be forced to make such a call, third-party modules or Lua scripts that us...

9.1CVSS7AI score0.05729EPSS
Exploits0References2
NVD
NVD
added 2026/06/18 2:17 p.m.12 views

CVE-2026-11718

An authentication bypass vulnerability exists in the generic opaque token validation path validateOpaqueToken of googleapis/mcp-toolbox. When the toolbox validates an opaque token via an OAuth 2.0 introspection endpoint RFC 7662, it decodes the response into an introspectResp struct. However, the...

9.3CVSS0.00204EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/06/18 1:58 p.m.19 views

The Scripts on Your Checkout Page Are Now a PCI DSS Problem

An independent PCI assessor tested Reflectiz against the new PCI DSS rules. Here is the verdict: See the full QSA assessment here → When a customer types their card number into your checkout, their browser is running far more than your code. Analytics tags, a tag manager, a support widget, a...

5.7AI score
Exploits0
Cvelist
Cvelist
added 2026/06/18 11:52 a.m.16 views

CVE-2026-11718

An authentication bypass vulnerability exists in the generic opaque token validation path validateOpaqueToken of googleapis/mcp-toolbox. When the toolbox validates an opaque token via an OAuth 2.0 introspection endpoint RFC 7662, it decodes the response into an introspectResp struct. However, the...

9.3CVSS0.00204EPSS
Exploits0References1
Rows per page
Query Builder