Lucene search
K

30291 matches found

Malwarebytes
Malwarebytes
added 2026/07/02 4:5 p.m.26 views

Fake Google and Cloudflare verification pages spread multiple malware families

Updated July 6 to add connections with SyncTDS and TrafficTDS ClickFix attacks, which trick people into running malicious commands themselves, continue to evolve. This latest campaign uses fake Google and Cloudflare verification pages to convince victims to infect their own devices. A single...

6.1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/07/02 12:28 p.m.8 views

CVE-2026-58652

luci-app-travelmate and the travelmate package contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL is granted config-wide UCI write access to the travelmate configuration. While the LuCI UI restricts the auto-login script picker to...

7.7CVSS6.1AI score0.00482EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/07/02 12:28 p.m.35 views

CVE-2026-58652 luci-app-travelmate - Arbitrary Command Execution via UCI Script Parameter

luci-app-travelmate and the travelmate package contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL is granted config-wide UCI write access to the travelmate configuration. While the LuCI UI restricts the auto-login script picker to...

7.7CVSS0.00482EPSS
Exploits0References7
CVE
CVE
added 2026/07/02 12:28 p.m.17 views

CVE-2026-58652

The issue affects luci-app-travelmate and the travelmate package. A LuCI/rpcd session with the luci-app-travelmate write ACL gains config-wide UCI write access to the travelmate configuration, and the backend travelmate service (running as root) reads raw UCI values for script and script_args and...

7.7CVSS6.1AI score0.00482EPSS
Exploits0References7
Circl
Circl
added 2026/07/02 7:32 a.m.8 views

CVE-2026-58521

creationtimestamp| type| source ---|---|--- 2026-07-02 07:32:27+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpnjbpfbp42u...

9.8CVSS5.8AI score0.00283EPSS
Exploits0References1
Circl
Circl
added 2026/07/02 7:1 a.m.7 views

CVE-2026-20213

creationtimestamp| type| source ---|---|--- 2026-07-02 07:01:42+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpnhkpqzvl2d 2026-07-02 09:45:16+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1941 2026-07-02 13:50:32+00:00| seen|...

7.5CVSS7.1AI score0.00463EPSS
Exploits0References7
Circl
Circl
added 2026/07/02 4:53 a.m.7 views

CVE-2026-57267

creationtimestamp| type| source ---|---|--- 2026-07-02 04:53:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpnagdaerv2v 2026-07-02 18:26:04+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mponsh6i2e2r...

8.3CVSS5.8AI score0.0022EPSS
Exploits0References2
Circl
Circl
added 2026/07/02 2:19 a.m.7 views

CVE-2026-24242

creationtimestamp| type| source ---|---|--- 2026-07-02 02:19:12+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmxrl6ign2t 2026-07-02 08:18:37+00:00| seen| https://bsky.app/profile/qiancx.bsky.social/post/3mpnluamnha2g 2026-07-02 08:18:37+00:00| seen|...

7.8CVSS5.8AI score0.00148EPSS
Exploits0References3
Circl
Circl
added 2026/07/02 2:0 a.m.8 views

CVE-2026-14429

creationtimestamp| type| source ---|---|--- 2026-07-02 02:00:24+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mpmwpwlcgx2v 2026-07-02 08:27:34+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260702 2026-07-02 15:27:48+00:00|...

8.3CVSS5.9AI score0.00228EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.5 views

next.js: Next.js: Unauthorized access to protected content via middleware bypass

A flaw was found in Next.js. App Router applications that use middleware or proxy-based authorization checks are vulnerable to unauthorized access. A remote attacker can exploit this by crafting specific .rsc and segment-prefetch URLs, which bypass the intended middleware rules. This allows acces...

7.5CVSS5.9AI score0.01416EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.12 views

PT-2026-55309

Name of the Vulnerable Software and Affected Versions react-native-receive-sharing-intent affected versions not specified Description A path traversal issue exists where a co-resident malicious application can write files outside the intended cache directory. This occurs when a crafted display na...

7.7CVSS6.1AI score0.00138EPSS
Exploits0References7
CVE
CVE
added 2026/07/01 10:21 p.m.16 views

CVE-2026-14381

CVE-2026-14381 affects Google Chrome’s WebAppInstalls UI. A crafted HTML page can trigger UI spoofing due to an incorrect security UI in WebAppInstalls prior to Chrome 150.0.7871.46. Impact: remote attacker could spoof UI. Mitigation: update to Chrome 150.0.7871.46 or later (Chromium-based). Refe...

6.5CVSS5.8AI score0.00211EPSS
Exploits0References2Affected Software1
Circl
Circl
added 2026/07/01 9:49 p.m.8 views

CVE-2026-34108

creationtimestamp| type| source ---|---|--- 2026-07-01 21:49:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpmipkig2x2e 2026-07-02 08:40:50+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpnn3xnxqi2u...

9.8CVSS5.8AI score0.00549EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 9:17 p.m.6 views

CVE-2026-55660

Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable stored XSS and session takeover. The library registers window message listeners — the useTina overlay handler,...

7.6CVSS0.00196EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 9:3 p.m.8 views

EUVD-2026-41145

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App installation to perform certain write operations on public repositories outside the token's intended scope. This was possible because the authorization...

5.3CVSS5.8AI score0.00215EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/01 9:0 p.m.6 views

CVE-2026-55660

Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable stored XSS and session takeover. The library registers window message listeners — the useTina overlay handler,...

7.6CVSS5.7AI score0.00196EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2026/07/01 8:51 p.m.2 views

GHSA-4J6X-2764-M8GH Rancher has over-inclusive team membership expansion in GitHub App authentication provider

Impact A vulnerability has been identified within Rancher Manager in the GitHub App authentication provider. When evaluating permissions, the provider incorrectly expands user team memberships to include all teams within the associated GitHub organization, rather than restricting access to the...

8.8CVSS5.7AI score0.0037EPSS
Exploits0References7
Circl
Circl
added 2026/07/01 8:39 p.m.9 views

CVE-2026-13878

creationtimestamp| type| source ---|---|--- 2026-07-01 20:39:07+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmergu3q22q 2026-07-02 07:22:06+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260702...

9.6CVSS5.8AI score0.0028EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/01 1:29 p.m.8 views

CVE-2026-54672

A flaw was found in electron-updater, a component used for automatic updates in Electron applications. This vulnerability arises because AppImage targets, built by app-builder-lib, incorrectly add the current working directory to the dynamic linker search path when setting the LDLIBRARYPATH...

7.8CVSS5.9AI score0.00129EPSS
Exploits0References5
Circl
Circl
added 2026/07/01 11:43 a.m.11 views

CVE-2026-14258

creationtimestamp| type| source ---|---|--- 2026-07-01 11:43:39+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mplgtxfpjx23 2026-07-01 12:43:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mplk6tti5626 2026-07-01 15:30:43+00:00| seen|...

6.5CVSS5.9AI score0.00248EPSS
Exploits0References10
Rows per page
Query Builder