Lucene search
K

1287759 matches found

The Hacker News
The Hacker News
added 11 minutes ago1 views

GitHub 'Verified' Commits Can Be Rewritten Into New Hashes Without Breaking Signatures

New research shows that a signed Git commit's hash is not the one-of-a-kind name that much of the software world assumes it to be. Given any signed commit, someone without the signing key can mint a second commit with the same files, author, and date, and a valid signature, GitHub still stamps...

Exploits0
BDU FSTEC
BDU FSTEC
added 15 minutes ago21 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS7AI score0.00385EPSS
Exploits0References11Affected Software9
BDU FSTEC
BDU FSTEC
added 15 minutes ago9 views

The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager lies in the lack of a mechanism for verifying input data during backup scenarios. This allows a malicious actor to execute arbitrary code with SYSTEM privileges.

The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager is related to deficiencies in the mechanism for verifying input data during backup scenario execution. Exploiting this vulnerability could allow an attacker, operating...

9.1CVSS6.1AI score0.00625EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 15 minutes ago12 views

The vulnerability of the Directum Web Agent component of the Directum RX system, which arises due to insufficient validation of input data, allows a perpetrator to execute arbitrary code.

The vulnerability of the Directum Web Agent component of the Directum RX system exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially crafted file...

8.5CVSS6.1AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 15 minutes ago14 views

The vulnerability of the Directum HR Pro system, which exists due to insufficient verification of input data, allows a perpetrator to disclose protected information.

The vulnerability of the Directum HR Pro system exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to disclose protected information by sending a specially crafted POST request...

7.7CVSS5.7AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 15 minutes ago13 views

The vulnerability of the Directum RX ECM system, related to deficiencies in access control, allows a perpetrator to compromise data integrity.

The vulnerability of the Directum RX ECM system is related to deficiencies in access control. Exploiting this vulnerability could allow a remote attacker to compromise data integrity...

5CVSS5.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 16 minutes ago0 views

Security Bulletin: IBM Operational Decision Manager for June 2026 - Multiple CVEs addressed

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Operational Decision Manager Vulnerability Details CVEID:CVE-2026-9828 DESCRIPTION: Deserialization of untrusted data vulnerability in QOS.CH Sarl logback...

9.8CVSS0.00686EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 26 minutes ago1 views

389-ds-base: 389-ds-base: integer overflow in SASL packet length bypasses size limit leading to heap buffer overflow

An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer...

7.6CVSS6.2AI score0.00539EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 26 minutes ago1 views

389-ds-base: 389-ds-base: Heap buffer overflow in sasl_io_recv() via padded SASL UNBIND

A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. After a successful SASL bind with integrity protection SSF 0, an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet that is copied into a 512-byte heap receive buffer...

8.8CVSS6.1AI score0.00549EPSS
Exploits0References4
The Hacker News
The Hacker News
added 32 minutes ago1 views

The Verification Step Is the New ATO Battleground in 2026

For years, account takeover ATO followed a predictable script. Attackers bought stolen credentials in bulk, ran them through automated tools, and waited for matches. Credential stuffing was cheap, scalable, and for defenders, relatively well understood. That era is ending. Not because attackers...

Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 40 minutes ago0 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by a Denial of Service vulnerability due to pyasn1

Summary pyasn1 is used by IBM Cloud Pak for Data System 1.0 as a generic ASN.1 encoding and decoding library for Python applications. CVE-2026-30922 affects pyasn1's ASN.1 decoder, where processing of crafted payloads containing deeply nested SEQUENCE or SET tags with indefinite length markers...

7.5CVSS0.0058EPSS
Exploits1Affected Software1
The Hacker News
The Hacker News
added 41 minutes ago2 views

GitHub Copilot Refuses Harmful Requests in Chat, Then Writes Them in Code

An AI coding assistant that refuses to answer a dangerous request in its chat box can answer it anyway if the same request is broken into small, ordinary-looking steps inside a code editor. That is the finding of a new study of GitHub Copilot by researchers Abhishek Kumar and Carsten Maple. The...

5.9AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 45 minutes ago0 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by a Regular Expression Denial of Service vulnerability due to idna

Summary idna is used by IBM Cloud Pak for Data System 1.0 as a Python library for Internationalized Domain Names in Applications IDNA encoding and decoding. CVE-2026-45409 affects idna's encode function, where processing of arbitrarily large domain name inputs exploits the validcontexto function...

6.9CVSS0.00408EPSS
Exploits0Affected Software1
Schneier on Security
Schneier on Security
added 59 minutes ago2 views

Cybersecurity and the Gap Between Skill and Ability

Last week, national security agencies from the Five Eyes--that's the rich, English-language-speaking countries club--jointly released a statement warning of the increasing cyber risks of AI models: in particular, their ability to autonomously hack into systems and networks. The statement was more...

6AI score
Exploits0
GithubExploit
GithubExploit
added 1 hour ago5 views

Exploit for CVE-2026-40047

camel-docling CLI Argument Injection / Path Traversal Reproduc...

9.1CVSS6AI score0.01257EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 1 hour ago0 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses multiple packages which are vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite - Monitor Component uses next-15.5.14.tgz, tomcat-embed-core-10.1.54.jar, systeminformation-5.31.4.tgz, jackson-core-2.19.2.jar, jackson-core-2.19.4.jar, jackson-core-2.20.0.jar, jackson-core-2.21.0.jar which are vulnerable to CVE-2026-44572, CVE-2026-44573,...

8.6CVSS0.38696EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 1 hour ago0 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by multiple vulnerabilities due to cryptography

Summary cryptography is used by IBM Cloud Pak for Data System 1.0 as a Python package providing cryptographic primitives and recipes for secure communications. Multiple vulnerabilities affect the cryptography package. CVE-2024-12797 involves missing error reporting in RFC7250 Raw Public Key RPK...

8.2CVSS0.02357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 1 hour ago0 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by a command injection vulnerability due to Click

Summary Click is used by IBM Cloud Pak for Data System 1.0 as a command-line interface creation library for Python applications. CVE-2026-7246 affects Click's click.edit function, which fails to properly neutralize special elements in input, allowing attackers to inject and execute arbitrary...

7.2CVSS0.0081EPSS
Exploits1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 1 hour ago1 views

Malicious code in @vwfs-its/sf-sac-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2e08b57aacea0c5dcc883413eddf7737e7a45fa2c21bd5381d4e80235b3ef182 The OpenSSF Package Analysis project identified '@vwfs-its/sf-sac-frontend' @ 20.1.1 npm as malicious. It is considered malicious because: - The...

5.9AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 1 hour ago0 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by a sensitive information caching vulnerability due to Flask

Summary Flask is used by IBM Cloud Pak for Data System 1.0 as a WSGI web application framework. CVE-2026-27205 affects Flask's session handling, where certain forms of session object access such as the Python in operator fail to set the Vary: Cookie header, resulting in session-specific responses...

4.3CVSS0.00374EPSS
Exploits0Affected Software1
Rows per page
Query Builder