Lucene search
K

192400 matches found

Krebs on Security
Krebs on Security
added 2026/03/11 4:20 p.m.9 views

Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker

A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker , a global medical technology company based in Michigan. News reports out of Ireland, Stryker's largest hub outside of the United States, said the company sent home mo...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/11 4:17 p.m.6 views

CVE-2026-3429

A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an attacker who has already obtained a victim’s password can delete the victim’s registered...

4.2CVSS5.8AI score0.00251EPSS
Exploits0References5
CVE
CVE
added 2026/03/11 3:2 p.m.9 views

CVE-2026-3946

CVE-2026-3946 affects PHPEMS 11.0. The vulnerability is in an unknown function of the file /index.php?ask=app-ask, where manipulation of the askcontent argument yields cross-site scripting. This can be exploited remotely; the exploit is public. The provided data does not specify a fixed version, ...

5.1CVSS4.3AI score0.00191EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/11 2:56 p.m.6 views

CraftCMS has an RCE vulnerability via relational conditionals in the control panel

A Remote Code Execution vulnerability exists in the Craft CMS 5 conditions system. The BaseElementSelectConditionRule::getElementIds method passes user-controlled string input through renderObjectTemplate -- an unsandboxed Twig rendering function with escaping disabled. Any authenticated Control...

9.3CVSS5.9AI score0.00665EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/11 2:16 p.m.5 views

CVE-2026-32059

OpenClaw version 2026.2.22-2 prior to 2026.2.23 tools.exec.safeBins validation for sort command fails to properly validate GNU long-option abbreviations, allowing attackers to bypass denied-flag checks via abbreviated options. Remote attackers can execute sort commands with abbreviated long optio...

8.8CVSS5.9AI score0.00495EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/11 1:32 p.m.33 views

CVE-2026-32062 OpenClaw 2026.2.21-2 < 2026.2.22 - Unauthenticated WebSocket Resource Exhaustion via Media Stream

OpenClaw versions 2026.2.21-2 up to, but not including, 2026.2.22, and @openclaw/voice-call versions 2026.2.21 up to, but not including, 2026.2.22 accept media-stream WebSocket upgrades before stream validation, allowing unauthenticated clients to establish connections. Remote attackers can hold...

8.7CVSS0.00426EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/11 1:19 p.m.5 views

CVE-2026-22614

The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper with the project file. This security issue has bee...

6.1CVSS5.8AI score0.00082EPSS
Exploits0References1
NVD
NVD
added 2026/03/11 1:16 p.m.5 views

CVE-2026-3943

A vulnerability was found in H3C ACG1000-AK230 up to 20260227. This affects an unknown part of the file /webui/?aaaportalauthlocalsubmit. The manipulation of the argument suffix results in command injection. The attack can be launched remotely. The exploit has been made public and could be used...

7.5CVSS0.40802EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/11 12:32 p.m.91 views

CVE-2026-3943 H3C ACG1000-AK230 aaa_portal_auth_local_submit command injection

A vulnerability was found in H3C ACG1000-AK230 up to 20260227. This affects an unknown part of the file /webui/?aaaportalauthlocalsubmit. The manipulation of the argument suffix results in command injection. The attack can be launched remotely. The exploit has been made public and could be used...

7.5CVSS0.40802EPSS
Exploits0References4
HackRead
HackRead
added 2026/03/11 12:14 p.m.7 views

BlackSanta Malware Targets HR Staff with Fake CV Downloads

Aryaka researchers have identified a new threat from a Russian-speaking group using 'BlackSanta' malware. By disguising attacks as job applications, hackers are bypassing security to target recruitment workflows...

5.8AI score
Exploits0
CVE
CVE
added 2026/03/11 9:25 a.m.14 views

CVE-2026-1993

CVE-2026-1993 describes an vulnerability in the ExactMetrics – Google Analytics Dashboard for WordPress plugin. Affected versions 7.1.0 through 9.0.2 suffer from Improper Privilege Management: the update_settings() function accepts arbitrary plugin setting names without a whitelist of allowed nam...

8.8CVSS5.9AI score0.0038EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2026/03/11 7:31 a.m.6 views

UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours

A threat actor known as UNC6426 leveraged keys stolen following the supply chain compromise of the nx npm package last year to completely breach a victim's cloud environment within a span of 72 hours. The attack started with the theft of a developer's GitHub token, which the threat actor then use...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/11 7:8 a.m.6 views

CVE-2025-15603

A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/startwindows.bat of the component JWT Key Handler. Such manipulation of the argument WEBUISECRETKEY leads to insufficiently random values. It is possible to launch the attack...

6.3CVSS5.3AI score0.00289EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/11 7:8 a.m.4 views

CVE-2026-28512

Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. From 2.0.0 to before 2.4.0, a flaw in callback URL validation allowed crafted redirecturi values containing URL userinfo @ to bypass legitimate callback pattern checks. If an attacker can trick a...

7.1CVSS5.8AI score0.00204EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/11 4:25 a.m.3 views

CVE-2026-2413 Ally – Web Accessibility & Usability <= 4.0.3 - Unauthenticated SQL Injection via URL Path

The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user-supplied URL parameter in the getglobalremediations method, where it is directly concatenated...

7.5CVSS5.8AI score0.02289EPSS
Exploits1References4
NVD
NVD
added 2026/03/11 4:17 a.m.5 views

CVE-2026-23817

A vulnerability in the web-based management interface of AOS-CX Switches could allow an unauthenticated remote attacker to redirect users to an arbitrary URL...

6.5CVSS0.00288EPSS
Exploits0References1
CVE
CVE
added 2026/03/11 2:19 a.m.17 views

CVE-2026-21297

CVE-2026-21297 affects Adobe Commerce (Magento) versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier and is an Incorrect Authorization vulnerability that could bypass security features. A low-privileged attacker may gain limited unauthorized access to a feature, ...

4.3CVSS5.8AI score0.0035EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/11 12:31 a.m.7 views

EUVD-2025-208555

Exposure of resource to wrong sphere in the UEFI PdaSmm module for some IntelR reference platforms may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...

5.6CVSS5.7AI score0.00103EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/11 12:31 a.m.8 views

EUVD-2025-208542

Improper buffer restrictions in some UEFI firmware for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable data manipulation. This result may potentially occur via local access whe...

5.6CVSS5.9AI score0.00095EPSS
Exploits0References2
Redos
Redos
added 2026/03/11 12:0 a.m.8 views

ROS-20260311-73-0010

A vulnerability in the application programming interface of the Grafana monitoring and surveillance platform involves insecure privilege management. Exploitation of the vulnerability could allow a remote attacker to escalate privileges and gain unauthorized access to protected information...

8.1CVSS5.8AI score0.00647EPSS
Exploits1
Rows per page
Query Builder