Lucene search
K

6901 matches found

EUVD
EUVD
added 2026/06/04 7:4 a.m.10 views

EUVD-2026-34219

The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity...

8.5CVSS5.8AI score0.00133EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/06/03 2:56 p.m.12 views

Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag

A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps. Any other app on the same phone could ask for the signed-in user's token and get it, then read email, open files, browse t...

7.7CVSS5.8AI score0.00249EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-44578

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in...

8.6CVSS5.9AI score0.38696EPSS
Exploits9References2
Fedora
Fedora
added 2026/06/02 1:11 a.m.16 views

[SECURITY] Fedora 43 Update: perl-Catalyst-Plugin-Authentication-0.10026-1.fc43

The authentication plugin provides generic user support for Catalyst apps. It is the basis for both authentication checking the user is who they claim to be, and authorization allowing the user to do what the system authorizes them to do...

5.1CVSS5.8AI score0.00196EPSS
Exploits0
Fedora
Fedora
added 2026/06/02 12:54 a.m.15 views

[SECURITY] Fedora 44 Update: perl-Catalyst-Plugin-Authentication-0.10026-1.fc44

The authentication plugin provides generic user support for Catalyst apps. It is the basis for both authentication checking the user is who they claim to be, and authorization allowing the user to do what the system authorizes them to do...

5.1CVSS5.8AI score0.00196EPSS
Exploits0
EUVD
EUVD
added 2026/06/02 12:31 a.m.15 views

EUVD-2026-33801

In multiple functions of PackageInstallerService.java, there is a possible way to install unverified apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00067EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-46629

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in Isolated Web Apps allows a remote attacker to execute arbitrary code inside a sandbox by using a malicious file. Recommendations Update to version...

9.6CVSS6.4AI score0.00493EPSS
Exploits0References437
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.10 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability, which was caused by improper implementation of the Isolated Web Apps component. This vulnerability could allow remote attackers to execute arbitrary code in...

8.8CVSS6AI score0.00386EPSS
Exploits0References3
NVD
NVD
added 2026/06/01 10:16 p.m.12 views

CVE-2026-0089

In multiple functions of PackageInstallerService.java, there is a possible way to install unverified apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00067EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 9:14 p.m.10 views

CVE-2026-0089

In multiple functions of PackageInstallerService.java, there is a possible way to install unverified apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00067EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/01 9:14 p.m.28 views

CVE-2026-0089

In multiple functions of PackageInstallerService.java, there is a possible way to install unverified apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00067EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 9:14 p.m.25 views

CVE-2026-0089

The CVE-2026-0089 issue affects the PackageInstallerService.java component and enables installation of unverified apps due to a missing permission check, enabling local privilege escalation with no extra execution privileges required and no user interaction needed. The core impact is local escala...

7.8CVSS5.9AI score0.00067EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.10 views

CVE-2026-0089

In multiple functions of PackageInstallerService.java, there is a possible way to install unverified apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00067EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.10 views

Malicious Package

Overview abuden24 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertising...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.11 views

Malicious Package

Overview ishowfeet5 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisi...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.9 views

Malicious Package

Overview nottuff18 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.12 views

Malicious Package

Overview nottuff21 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.19 views

Malicious Package

Overview speed5 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertising...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.10 views

Malicious Package

Overview abuden5 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertising...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.11 views

Malicious Package

Overview ishowfeet8 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisi...

9.8CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder