30291 matches found
Fake Google and Cloudflare verification pages spread multiple malware families
Updated July 6 to add connections with SyncTDS and TrafficTDS ClickFix attacks, which trick people into running malicious commands themselves, continue to evolve. This latest campaign uses fake Google and Cloudflare verification pages to convince victims to infect their own devices. A single...
CVE-2026-58652
luci-app-travelmate and the travelmate package contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL is granted config-wide UCI write access to the travelmate configuration. While the LuCI UI restricts the auto-login script picker to...
CVE-2026-58652 luci-app-travelmate - Arbitrary Command Execution via UCI Script Parameter
luci-app-travelmate and the travelmate package contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL is granted config-wide UCI write access to the travelmate configuration. While the LuCI UI restricts the auto-login script picker to...
CVE-2026-58652
The issue affects luci-app-travelmate and the travelmate package. A LuCI/rpcd session with the luci-app-travelmate write ACL gains config-wide UCI write access to the travelmate configuration, and the backend travelmate service (running as root) reads raw UCI values for script and script_args and...
CVE-2026-58521
creationtimestamp| type| source ---|---|--- 2026-07-02 07:32:27+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpnjbpfbp42u...
CVE-2026-20213
creationtimestamp| type| source ---|---|--- 2026-07-02 07:01:42+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpnhkpqzvl2d 2026-07-02 09:45:16+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1941 2026-07-02 13:50:32+00:00| seen|...
CVE-2026-57267
creationtimestamp| type| source ---|---|--- 2026-07-02 04:53:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpnagdaerv2v 2026-07-02 18:26:04+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mponsh6i2e2r...
CVE-2026-24242
creationtimestamp| type| source ---|---|--- 2026-07-02 02:19:12+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmxrl6ign2t 2026-07-02 08:18:37+00:00| seen| https://bsky.app/profile/qiancx.bsky.social/post/3mpnluamnha2g 2026-07-02 08:18:37+00:00| seen|...
CVE-2026-14429
creationtimestamp| type| source ---|---|--- 2026-07-02 02:00:24+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mpmwpwlcgx2v 2026-07-02 08:27:34+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260702 2026-07-02 15:27:48+00:00|...
next.js: Next.js: Unauthorized access to protected content via middleware bypass
A flaw was found in Next.js. App Router applications that use middleware or proxy-based authorization checks are vulnerable to unauthorized access. A remote attacker can exploit this by crafting specific .rsc and segment-prefetch URLs, which bypass the intended middleware rules. This allows acces...
PT-2026-55309
Name of the Vulnerable Software and Affected Versions react-native-receive-sharing-intent affected versions not specified Description A path traversal issue exists where a co-resident malicious application can write files outside the intended cache directory. This occurs when a crafted display na...
CVE-2026-14381
CVE-2026-14381 affects Google Chrome’s WebAppInstalls UI. A crafted HTML page can trigger UI spoofing due to an incorrect security UI in WebAppInstalls prior to Chrome 150.0.7871.46. Impact: remote attacker could spoof UI. Mitigation: update to Chrome 150.0.7871.46 or later (Chromium-based). Refe...
CVE-2026-34108
creationtimestamp| type| source ---|---|--- 2026-07-01 21:49:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpmipkig2x2e 2026-07-02 08:40:50+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpnn3xnxqi2u...
CVE-2026-55660
Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable stored XSS and session takeover. The library registers window message listeners — the useTina overlay handler,...
EUVD-2026-41145
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App installation to perform certain write operations on public repositories outside the token's intended scope. This was possible because the authorization...
CVE-2026-55660
Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable stored XSS and session takeover. The library registers window message listeners — the useTina overlay handler,...
GHSA-4J6X-2764-M8GH Rancher has over-inclusive team membership expansion in GitHub App authentication provider
Impact A vulnerability has been identified within Rancher Manager in the GitHub App authentication provider. When evaluating permissions, the provider incorrectly expands user team memberships to include all teams within the associated GitHub organization, rather than restricting access to the...
CVE-2026-13878
creationtimestamp| type| source ---|---|--- 2026-07-01 20:39:07+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmergu3q22q 2026-07-02 07:22:06+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260702...
CVE-2026-54672
A flaw was found in electron-updater, a component used for automatic updates in Electron applications. This vulnerability arises because AppImage targets, built by app-builder-lib, incorrectly add the current working directory to the dynamic linker search path when setting the LDLIBRARYPATH...
CVE-2026-14258
creationtimestamp| type| source ---|---|--- 2026-07-01 11:43:39+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mplgtxfpjx23 2026-07-01 12:43:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mplk6tti5626 2026-07-01 15:30:43+00:00| seen|...