Lucene search
K

1867 matches found

Nuclei
Nuclei
added yesterday51 views

Rukovoditel <= 3.2.1 - Cross Site Scripting

A stored cross-site scripting XSS vulnerability in the Users Alerts feature /index.php?module=usersalerts/usersalerts of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add". id:...

5.4CVSS6.3AI score0.00929EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/07/02 4:0 p.m.14 views

How GitHub used secret scanning to reach inbox zero

Several years ago, GitHub Security launched an initiative to assess and improve our overall secrets hygiene. As part of that effort, we piloted the Secret Scanning capability that was under development at the time. That's when we found more than 20,000 secrets spread across our 15,000+...

5.9AI score
Exploits0
Circl
Circl
added 2026/07/02 9:45 a.m.11 views

CVE-2026-20244

creationtimestamp| type| source ---|---|--- 2026-07-02 09:45:22+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1941 2026-07-02 13:50:32+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mpo6fqhjmd2f 2026-07-02 13:55:08+00:00| seen|...

7.5CVSS5.7AI score0.00389EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:53 p.m.8 views

Malicious code in @alerts/components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a825df408053d3df39c8fe0790b9e99ef97e51f60765549e1931709b86fcf30b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/06/29 4:53 p.m.7 views

MAL-2026-6599 Malicious code in @alerts/components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a825df408053d3df39c8fe0790b9e99ef97e51f60765549e1931709b86fcf30b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.12 views

GHSA-MPWR-8VM7-H73F vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure-storage, crossplane-provider-azure-security, crossplane-provider-azure-servicebus, crossplane-provider-azure-operationsmanagement, x509-certificate-exporter-fips, x509-certificate-exporter, crossplane-provider-azure-signalrservice, grafana,...

6.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/24 8:38 p.m.9 views

CVE-2026-13208

A flaw was found in KubeVirt's virt-handler domain notify server. The gRPC handlers for HandleDomainEvent and HandleK8SEvent derive the VMI identity namespace/name solely from the request body without validating it against the connection's origin. Each virt-launcher pod connects through a per-VMI...

6.5CVSS5.8AI score0.0009EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 3:50 p.m.11 views

Malicious code in security-alerts-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f881805b709189d00bc52dc57c407bfecdae44fb343f92634a301c31525f6b0 Despite advertising itself as a breach-monitoring SDK, this package executes a remote-access trojan and credential harvester against any installer th...

6AI score
Exploits0References5
OSV
OSV
added 2026/06/23 3:50 p.m.16 views

MAL-2026-6327 Malicious code in security-alerts-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f881805b709189d00bc52dc57c407bfecdae44fb343f92634a301c31525f6b0 Despite advertising itself as a breach-monitoring SDK, this package executes a remote-access trojan and credential harvester against any installer th...

6AI score
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/23 12:13 p.m.4 views

CVE-2026-56784 OpenRemote < 1.25.0 IDOR via Bulk Alarm Deletion Endpoint

OpenRemote before 1.25.0 contains an insecure direct object reference IDOR vulnerability in the bulk alarm deletion endpoint that allows authenticated users to permanently delete alarms belonging to other tenants by supplying arbitrary alarm IDs. The removeAlarms method in AlarmResourceImpl.java...

8.6CVSS6AI score0.00258EPSS
Exploits0References2
Circl
Circl
added 2026/06/21 6:0 p.m.5 views

CVE-2025-48643

creationtimestamp| type| source ---|---|--- 2026-06-21 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/android-multiple-vulnerabilities20260622 2026-06-21 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1931...

7.8CVSS5.8AI score0.00084EPSS
Exploits0References2
Circl
Circl
added 2026/06/21 6:0 p.m.5 views

CVE-2025-48640

creationtimestamp| type| source ---|---|--- 2026-06-21 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/android-multiple-vulnerabilities20260622 2026-06-21 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1931...

8CVSS5.8AI score0.00094EPSS
Exploits0References2
Fedora
Fedora
added 2026/06/21 1:1 a.m.6 views

[SECURITY] Fedora 44 Update: alertmanager-0.33.0-1.fc44

The Alertmanager handles alerts sent by client applications such as the Prometheus server. It takes care of deduplicating, grouping, and routing them to the correct receiver integrations such as email, PagerDuty, or OpsGenie. It a lso takes care of silencing and inhibition of alerts...

5.5CVSS5.8AI score0.00168EPSS
Exploits1
Snyk
Snyk
added 2026/06/19 9:43 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the removeAlarms process. An attacker can permanently delete alarm records belonging to other tenants by supplying arbitrary alarm IDs in a bulk delete request. This can result in...

9.6CVSS5.9AI score0.00258EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37638

Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...

7.5CVSS5.2AI score0.00381EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2026-37639

Subscriber Privilege Escalation in SMS Alert Order Notifications = 3.9.4 versions...

9.8CVSS5.2AI score0.0045EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-54802

Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...

7.5CVSS0.00381EPSS
Exploits0References1
Circl
Circl
added 2026/06/16 9:0 p.m.10 views

CVE-2026-35298

creationtimestamp| type| source ---|---|--- 2026-06-16 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1923 2026-06-17 05:31:59+00:00| seen| https://www.acn.gov.it/portale/w/critical-patch-update-di-oracle-8 2026-06-17 11:55:09+00:00| seen|...

9.1CVSS5.8AI score0.00453EPSS
Exploits0References4
Circl
Circl
added 2026/06/16 9:0 p.m.8 views

CVE-2026-46825

creationtimestamp| type| source ---|---|--- 2026-06-16 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1923 2026-06-17 11:55:15+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3moiaxrr3n52v...

6CVSS5AI score0.00159EPSS
Exploits0References2
Circl
Circl
added 2026/06/16 9:0 p.m.8 views

CVE-2026-46765

creationtimestamp| type| source ---|---|--- 2026-06-16 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1923 2026-06-17 05:31:59+00:00| seen| https://www.acn.gov.it/portale/w/critical-patch-update-di-oracle-8 2026-06-19 04:07:07+00:00| seen|...

9.9CVSS5.8AI score0.00402EPSS
Exploits0References3
Rows per page
Query Builder