Lucene search
K

867 matches found

OSV
OSV
added 3 days ago4 views

PYSEC-2026-494 Excessive Attack Surface in pyload-ng

Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41...

9.8CVSS5.8AI score0.0072EPSS
Exploits1References6
Cvelist
Cvelist
added 5 days ago34 views

CVE-2025-59868 HCL Traveler for Microsoft Outlook (HTMO) is susceptible to sensitive data exposure

HCL Traveler for Microsoft Outlook HTMO is susceptible to a sensitive data exposure vulnerability which could allow an attacker to exploit application information to then attempt additional attacks and cause unknown behavior in the application...

5.5CVSS0.00108EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-38060

js-toml vulnerable to CPU exhaustion via On^2 BigInt construction on radix-prefixed integer literals...

7.5CVSS5.8AI score0.00415EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.14 views

PT-2026-50594

Name of the Vulnerable Software and Affected Versions Claude Code versions 0.2.54 through 2.1.162 Description The WebFetch tool pre-approved the hostname 'huggingface.co' as a bare hostname, allowing any path on that domain to be auto-approved without a permission prompt or restrictions from...

6CVSS5.9AI score0.00403EPSS
Exploits0References4
HackRead
HackRead
added 2026/06/11 2:0 p.m.11 views

Criminal IP at Infosecurity Europe 2026: Introducing AITEM, the Next Chapter of Attack Surface Management

Torrance, United States / California, 11th June 2026, CyberNewswire...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/11 12:0 a.m.6 views

Joern 4.0.556

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

5.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/10 11:45 a.m.10 views

CVE-2026-47774

A denial-of-service vulnerability was found in Envoy's HTTP/2 HPACK header compression implementation. A remote attacker could send a specially crafted HTTP/2 request that triggers disproportionately large memory allocations on the server, leading to resource exhaustion and denial of service...

7.5CVSS5.7AI score0.00708EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:29 p.m.13 views

Malicious code in ui-ng-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 198750c8e5d6f4d8a3f3f788a2fd9286f43b5a447bb0e3495b50663c44ddd2a7 Package [email protected] is an empty shell index.js exports , no author, no description, no functionality with a single dependency declared as...

5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/06/09 12:0 a.m.8 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the @Query regex parameter binding when a bound parameter is placed inside a regular expression literal using \Q...\E quoting e.g. @Query" name : /^\\Q?0\\E$/ "...

8.2CVSS5.3AI score0.00262EPSS
Exploits0References2
OSV
OSV
added 2026/06/08 11:2 p.m.7 views

GHSA-5XRH-QMMQ-W6CH Netty: SCTP reassembly nests buffers without bound

For each non-complete SctpMessage fragment the handler does fragments.putstreamId, Unpooled.wrappedBufferfrag, byteBuf, wrapping the previous accumulator and the new slice into a new CompositeByteBuf every time. After N fragments the accumulator is an N-deep chain of composites, each holding...

7.5CVSS5.7AI score0.00371EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/06/07 4:26 a.m.83 views

defi-exploit-pipeline

DeFi Exploit Pipeline Pipeline otomatis untuk menganalisis sm...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.8 views

CVE-2026-34277

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Fluid Core. Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...

6.6CVSS7.3AI score0.00218EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/30 2:6 a.m.15 views

SUSE CVE-2026-42534

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the jostle logic that could defeat its purpose and degrade resolution performance. Retransmits of the same query could renew the age of slow running queries and not allow the jostle logic to see them as aged and potentia...

5.9CVSS5.7AI score0.00519EPSS
Exploits0References9
Packet Storm News
Packet Storm News
added 2026/05/29 12:0 a.m.15 views

Joern 4.0.551

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/27 10:59 a.m.94 views

Hunting-Bugs

2026 Practical Bug Bounty Guide Built on real-world experie...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/27 12:0 a.m.13 views

Joern 4.0.548

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

5.9AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/05/26 9:35 p.m.13 views

From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities

In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. References 4. Learn more Microsoft Defender Experts identified an active cryptojacking campaign in which malicious download sites are surfaced not only through traditional search engine poisoning, but also through A...

6AI score
Exploits0
hivepro
hivepro
added 2026/05/26 10:1 a.m.11 views

CrowdStrike vs Hive Pro: VM Compared

CrowdStrike vs Hive Pro for Vulnerability Management CrowdStrike vs Hive Pro is not a simple feature checklist. It is a decision about how your security team wants to manage exposure: through an endpoint-centered platform that extends into vulnerability assessment, or through a vendor-neutral...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/26 9:13 a.m.21 views

CERT-In Recommends 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks

The Indian Computer Emergency Response Team CERT-In has issued new guidelines requiring organizations to patch critical security vulnerabilities in internet-exposed systems within 12 hours of being flagged where "feasible" to safeguard against potential threats stemming from threat actors' abuse ...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/23 12:16 a.m.21 views

Arcane: Missing admin authorization on global variables endpoint

Summary The PUT /api/environments/id/templates/variables endpoint, which writes the system-wide .env.global file used for variable substitution in every project's compose file, is missing an admin authorization check. Any authenticated non-admin user can call this endpoint with their bearer token...

8.8CVSS6AI score0.00245EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder