Lucene search
K

1108830 matches found

NVD
NVD
added 14 minutes ago1 views

CVE-2026-15183

Multiple input validation vulnerabilities in the Snowflake Spark Connector spark-snowflake versions prior to 3.2.1 can allow attackers to exfiltrate OAuth client credentials, execute arbitrary SQL with the connector's Snowflake role, or redirect COPY operations to attacker-controlled storage. An...

9.2CVSS
Exploits0References1
NVD
NVD
added 14 minutes ago1 views

CVE-2026-15076

In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...

8.2CVSS
Exploits0References1
NVD
NVD
added 14 minutes ago0 views

CVE-2026-15416

A flaw was identified in Argo CD, the GitOps engine used by Red Hat OpenShift GitOps, that could allow an unauthenticated attacker with network access to the Argo CD repo-server to achieve remote code execution. Under certain conditions, the attacker may then manipulate cached data to deploy...

8.9CVSS
Exploits0References6
The Hacker News
The Hacker News
added 28 minutes ago2 views

Grok Build Uploads Entire Git Repositories to xAI Storage, Not Just Files It Reads

xAI's Grok Build coding CLI was uploading entire Git repositories, full commit history and all, to a Google Cloud Storage bucket run by xAI, not just the files a coding task needed. A researcher publishing as cereblab, testing version 0.2.93, captured one of those uploads, cloned the git bundle o...

Exploits0
CVE
CVE
added 34 minutes ago2 views

CVE-2026-15416

A flaw was identified in Argo CD, the GitOps engine used by Red Hat OpenShift GitOps, that could allow an unauthenticated attacker with network access to the Argo CD repo-server to achieve remote code execution. Under certain conditions, the attacker may then manipulate cached data to deploy...

8.9CVSS
Exploits0References6
Cvelist
Cvelist
added 34 minutes ago1 views

CVE-2026-15416 Argo-cd: argo cd unauthenticated remote code execution in repo-server via generatemanifest grpc endpoint

A flaw was identified in Argo CD, the GitOps engine used by Red Hat OpenShift GitOps, that could allow an unauthenticated attacker with network access to the Argo CD repo-server to achieve remote code execution. Under certain conditions, the attacker may then manipulate cached data to deploy...

8.9CVSS
Exploits0References6
CVE
CVE
added 48 minutes ago2 views

CVE-2026-15183

Multiple input validation vulnerabilities in the Snowflake Spark Connector spark-snowflake versions prior to 3.2.1 can allow attackers to exfiltrate OAuth client credentials, execute arbitrary SQL with the connector's Snowflake role, or redirect COPY operations to attacker-controlled storage. An...

9.2CVSS
Exploits0References1
Cvelist
Cvelist
added 48 minutes ago2 views

CVE-2026-15183 Input Validation Vulnerabilities in Snowflake Spark Connector

Multiple input validation vulnerabilities in the Snowflake Spark Connector spark-snowflake versions prior to 3.2.1 can allow attackers to exfiltrate OAuth client credentials, execute arbitrary SQL with the connector's Snowflake role, or redirect COPY operations to attacker-controlled storage. An...

9.2CVSS
Exploits0References1
CVE
CVE
added 1 hour ago7 views

CVE-2026-15076

In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...

8.2CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 1 hour ago3 views

CVE-2026-15076

In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...

8.2CVSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 1 hour ago5 views

CVE-2026-15076

In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...

8.2CVSS
Exploits0References1
The Hacker News
The Hacker News
added 1 hour ago5 views

U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support

The U.S. Treasury Department's Office of Foreign Assets Control OFAC has designated two individuals and a VPN service provider for enabling ransomware actors' and other cybercriminals' malicious activities, including ransomware attacks against Americans. The VPN, named First VPN Service 1VPNS, ha...

6.1AI score
Exploits0
GithubExploit
GithubExploit
added 1 hour ago7 views

Digital-Archiving-Solutions-RCE-PoC

LPD Server — Shell Injection Exploit RFC 1179 Disclaimer...

6.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 1 hour ago5 views

Moderate: Red Hat Security Advisory: libreoffice security update

An update for libreoffice is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common...

7.8CVSS0.00078EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 1 hour ago5 views

LibreOffice: LibreOffice: Denial of Service via crafted OOXML documents

A flaw was found in LibreOffice. A remote attacker could exploit this out-of-bounds write vulnerability by tricking a user into opening a specially crafted OOXML Office Open XML document with mismatched encryption salt parameters. This could lead to a denial of service DoS, making the application...

7.8CVSS0.00078EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 1 hour ago4 views

CVE-2026-12413

A flaw was found in Libreswan's IKEv2 fragment reassembly mechanism. When a VPN gateway processes incoming split network packets fragments containing unexpected data, an off-by-one boundary validation error triggers an internal program safety check assertion failure. A remote, unauthenticated...

7.5CVSS0.00597EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2 hours ago8 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Apple Mac_Os_X

ICMP Timestamp Scanner — CVE-1999-0524 ╔═══════════════...

4CVSS6.7AI score0.31586EPSS
Exploits2
RedhatCVE
RedhatCVE
added 3 hours ago2 views

CVE-2026-59869

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker could exploit this vulnerability by providing a specially crafted YAML document containing a chain of mappings with merge keys. This could cause the parser to consume excessive CPU resources, leading to a Denial o...

7.5CVSS0.0035EPSS
Exploits1References8
The Hacker News
The Hacker News
added 3 hours ago11 views

Microsoft Maps Three Salesforce Attack Paths Tied to a Year of ShinyHunters Activity

Attackers whose methods line up with the data-extortion group ShinyHunters have spent the past year walking into corporate Salesforce environments without exploiting a single flaw in the platform. The way in has been the trust the organization had already extended, usually through the OAuth...

6.1AI score
Exploits0
GithubExploit
GithubExploit
added 3 hours ago7 views

Exploit for CVE-2026-52614

CVE-2026-52614 – RuoYi v4.8.3 filterKeyword bypass SQL injec...

6.2AI score
Exploits0
Rows per page
Query Builder