Lucene search
K

9973 matches found

The Hacker News
The Hacker News
added 13 hours ago10 views

U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support

The U.S. Treasury Department's Office of Foreign Assets Control OFAC has designated two individuals and a VPN service provider for enabling ransomware actors' and other cybercriminals' malicious activities, including ransomware attacks against Americans. The VPN, named First VPN Service 1VPNS, ha...

6.1AI score
Exploits0
Nuclei
Nuclei
added 14 hours ago10 views

LogDash Activity Log <= 1.1.3 - SQL Injection

The LogDash Activity Log plugin for WordPress is vulnerable to SQL Injection via the username parameter in all versions up to, and including, 1.1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

5.4CVSS6.1AI score0.00748EPSS
Exploits1References2
Nuclei
Nuclei
added 14 hours ago30 views

Kaseya VSA 2017 ConnectWise ManagedITSync - Remote Code Execution

ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run...

9.8CVSS7.2AI score0.86706EPSS
Exploits1References2
Circl
Circl
added yesterday5 views

CVE-2026-57714

creationtimestamp| type| source ---|---|--- 2026-07-13 10:56:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjjrvbgcs2g 2026-07-13 11:11:34+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjknmwz7j2a 2026-07-13 11:20:04+00:00| seen|...

9.3CVSS6.1AI score0.004EPSS
Exploits0References4
Circl
Circl
added yesterday5 views

CVE-2026-9492

creationtimestamp| type| source ---|---|--- 2026-07-13 04:30:25+00:00| seen| https://infosec.exchange/users/offseq/statuses/116910786151566204 2026-07-13 04:30:27+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mqiuaepo5j2r 2026-07-13 05:00:25+00:00| seen|...

8.5CVSS6.1AI score0.00109EPSS
Exploits0References8
Circl
Circl
added 2 days ago6 views

CVE-2026-15486

creationtimestamp| type| source ---|---|--- 2026-07-12 09:28:06+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqgufolnd62c 2026-07-12 11:27:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqh342n5je26...

6.5CVSS6.6AI score0.0105EPSS
Exploits0References2
Circl
Circl
added 3 days ago11 views

CVE-2026-9282

creationtimestamp| type| source ---|---|--- 2026-07-11 07:30:25+00:00| seen| https://infosec.exchange/users/offseq/statuses/116900169327845158 2026-07-11 07:30:27+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mqe5efmorb2x 2026-07-11 07:36:29+00:00| seen|...

7.5CVSS6.1AI score0.00676EPSS
Exploits0References7
Snyk
Snyk
added 4 days ago3 views

CSV Injection

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to CSV Injection through the postActivityReport process. An attacker can cause arbitrary formula execution in spreadsheet software by injecting a specially crafted User-Agent...

7.3CVSS6.3AI score0.00269EPSS
Exploits0References2
NVD
NVD
added 4 days ago6 views

CVE-2026-55452

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction stores the request User-Agent header and ReportsController::postActivityReport writes that value to the Activity Report CSV without formula escaping, allowing a low-privileged authenticated user to store a...

7.3CVSS0.00269EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42997

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction stores the request User-Agent header and ReportsController::postActivityReport writes that value to the Activity Report CSV without formula escaping, allowing a low-privileged authenticated user to store a...

4.8CVSS6.2AI score0.00269EPSS
Exploits0References3
CVE
CVE
added 4 days ago11 views

CVE-2026-55452

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction stores the request User-Agent header and ReportsController::postActivityReport writes that value to the Activity Report CSV without formula escaping, allowing a low-privileged authenticated user to store a...

7.3CVSS6.2AI score0.00269EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-55452 Snipe-IT: CSV formula injection in Activity Report export

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction stores the request User-Agent header and ReportsController::postActivityReport writes that value to the Activity Report CSV without formula escaping, allowing a low-privileged authenticated user to store a...

4.8CVSS0.00269EPSS
Exploits0References3
NVD
NVD
added 4 days ago7 views

CVE-2026-61460

Krayin CRM through 2.2.3 contains an insecure direct object reference vulnerability in LeadController, PersonController, OrganizationController, QuoteController, and ActivityController that allows authenticated users to edit, update, or delete records owned by other users. Attackers can modify CR...

8.8CVSS0.0028EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42981

Krayin CRM through 2.2.3 contains an insecure direct object reference vulnerability in LeadController, PersonController, OrganizationController, QuoteController, and ActivityController that allows authenticated users to edit, update, or delete records owned by other users. Attackers can modify CR...

8.8CVSS6.1AI score0.0028EPSS
Exploits0References3
Circl
Circl
added 4 days ago6 views

CVE-2026-15378

creationtimestamp| type| source ---|---|--- 2026-07-10 10:08:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqbvpddyrq2r 2026-07-10 10:30:26+00:00| seen| https://infosec.exchange/users/offseq/statuses/116895214843907721 2026-07-10 10:30:28+00:00| seen|...

9.3CVSS6.1AI score0.00424EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago10 views

Malicious code in testing-d3do (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c008bcf9a72a02f11c556396a39d6de999bfad0cfa389ddac01929d19bb34d8 On npm install, this package's postinstall script collects host identifiers os.hostname, os.userInfo, current working directory, and external IPv4...

5.9AI score
Exploits0References1
NVD
NVD
added 5 days ago6 views

CVE-2026-13450

The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.9.4 via the 'access' parameter due to missing validation on a user controlled key. This...

5.3CVSS0.00408EPSS
Exploits0References14
Cvelist
Cvelist
added 5 days ago28 views

CVE-2026-13450 GamiPress <= 7.9.4 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure via 'access' Parameter

The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.9.4 via the 'access' parameter due to missing validation on a user controlled key. This...

5.3CVSS0.00408EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-13450

The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.9.4 via the 'access' parameter due to missing validation on a user controlled key. This...

5.3CVSS5.9AI score0.00408EPSS
Exploits0References15
CVE
CVE
added 5 days ago15 views

CVE-2026-13450

The CVE describes a vulnerability in the GamiPress WordPress plugin (versions up to 7.9.4) where Insecure Direct Object Reference is triggered via the access parameter due to missing validation on a user-controlled key. This allows unauthenticated attackers to view private GamiPress activity log ...

5.3CVSS5.9AI score0.00408EPSS
Exploits0References14
Rows per page
Query Builder