CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Wallarm Lab•added 1 hour ago•1 views

Introducing the Wallarm AI Control Platform: One closed loop for AI security and API security.

TL;DR - AI deployment has outpaced AI governance. Most enterprises running AI on AWS cannot answer four basic security questions about what's running, what it's doing,how to stop it, and how to prove it's under control. - The Wallarm AI Control Platform closes this gap: one platform for Discover,...

HackRead•added 2 hours ago•2 views

Lazarus Group Uses npm Brandjacking Campaign to Target Developers

North Korean Lazarus Group targets npm developers with brandjacking packages that mimic trusted tools, drop malware and put credentials at risk...

The Hacker News•added 2 hours ago•5 views

China-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South Africa

A new China-linked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K., Germany, Italy, and South Africa. These efforts have been complemented by a "rapid operational tempo" and a continually evolving malware arsenal comprising known...

5.9AI score

Talos Blog•added 2 hours ago•2 views

Winning the cyber marathon with Tony Giandomenico

In the high-speed world of cybersecurity, the difference between a breach and a breakthrough often comes down to endurance. Tony Giandomenico, Senior Director of Product Management with Cisco Talos, joins me to discuss how he balances the intensity of leading major product launches with the...

5.7AI score

Talos Blog•added 2 hours ago•1 views

Hypotheses, telemetry, and human judgment: Inside Cisco Talos Threat Hunting

By Ron Scott-Adams Most security tools operate on a simple principle: If a known-bad pattern appears, fire an alert. This works well enough for many threats, but it fails against adversaries who closely study detection thresholds and deliberately stay under them. Cisco Talos Threat Hunting operat...

5.7AI score

The Hacker News•added 3 hours ago•3 views

FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads

Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell. According to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously reported activity cluster dubbed...

6.1AI score

RedhatCVE•added 4 hours ago•6 views

CVE-2026-44211

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches...

9.6CVSS5.8AI score0.00018EPSS

Exploits1References1

The Hacker News•added 4 hours ago•7 views

Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS

Cybersecurity researchers have flagged a large-scale operation that impersonates open-source and freeware projects to funnel unsuspecting users through a Traffic Distribution System TDS and deliver malware families like Remus Stealer, AnimateClipper, and the SessionGate framework. "The sites are...

The Hacker News•added 5 hours ago•4 views

Hackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five Months

Unknown attackers spent at least five months inside the Outlook mailbox of a senior executive at a major global stock exchange, copying the inbox out in small, repeated batches and routing it through Dropbox and OneDrive so the traffic blended into normal cloud activity. Symantec and Carbon Black...

NVD•added 5 hours ago•3 views

CVE-2026-50207

The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity...

8.5CVSS

NVD•added 5 hours ago•2 views

CVE-2026-3820

There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process...

7.2CVSS

Cvelist•added 6 hours ago•6 views

CVE-2026-3820 Supermicro BMC's SMTP service contains a command injection vulnerability

7.2CVSS

CVE•added 6 hours ago•10 views

CVE-2026-3820

The CVE-2026-3820 entry pertains to Supermicro BMC’s SMTP service on the AS-2115HS-TNR. The vulnerability allows an attacker to obtain administrator privileges by injecting specially crafted characters into the SMTP service configuration, which can lead to command execution when the process is in...

ATTACKERKB•added 6 hours ago•4 views

CVE-2026-3820

Exploits0References2Affected Software1

EUVD•added 6 hours ago•3 views

EUVD-2026-34226

Vulnrichment•added 6 hours ago•3 views

CVE-2026-3820 Supermicro BMC's SMTP service contains a command injection vulnerability

IBM Security Bulletins•added 6 hours ago•1 views

Security Bulletin: A vulnerability has been identified in the Netty framework used by IBM DevOps Plan (CVE-2025-58057)

Summary A vulnerability has been identified in the Netty framework used by IBM DevOps Plan. Vulnerability Details CVEID:CVE-2025-58057 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients...

7.5CVSS5.7AI score0.00063EPSS

Exploits1Affected Software1

EUVD•added 7 hours ago•2 views

EUVD-2026-34219

The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity...

8.5CVSS5.8AI score