Lucene search
K

372 matches found

RedhatCVE
RedhatCVE
added 2026/02/14 1:28 a.m.8 views

CVE-2025-9292

A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful...

2CVSS5.6AI score0.00342EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/13 12:21 a.m.35 views

CVE-2025-9292 Permissive Web Security Policy Allows Cross-Origin Access Control Bypass on Omada Cloud Controllers

A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful...

2CVSS0.00342EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/02/12 12:0 a.m.7 views

Nikto Web Scanner 2.6.0

Nikto is an Open Source GPL web server scanner which performs comprehensive tests against web servers for multiple items, including thousands of potentially dangerous files/programs, checks for outdated versions of over 1500 server components, and version specific problems on hundreds of servers...

5.6AI score
Exploits0
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.7 views

NETGEAR’s various products have security vulnerabilities

NETGEAR R6260 is a product of the American company NETGEAR. The NETGEAR R6260 is a router. The NETGEAR R6230 is also a router. Netgear R7000 is another product of NETGEAR. The Netgear R7000 is a wireless router. Several NETGEAR products have security vulnerabilities. These vulnerabilities stem fr...

7.7CVSS6.1AI score0.00274EPSS
Exploits1References2
hivepro
hivepro
added 2026/01/12 12:58 p.m.9 views

Firefox Security Vulnerabilities: An Expert Guide

For any vulnerability management team, the daily flood of alerts can be overwhelming. When your scanner flags dozens of new CVEs, it’s easy to see browser-related issues as lower priority. Yet, a critical flaw in a widely used application like Firefox can be the initial foothold an attacker needs...

10CVSS7.2AI score0.01894EPSS
Exploits6
The Hacker News
The Hacker News
added 2025/12/15 11:55 a.m.13 views

A Browser Extension Risk Guide After the ShadyPanda Campaign

In early December 2025, security researchers exposed a cybercrime campaign that had quietly hijacked popular Chrome and Edge browser extensions on a massive scale. A threat group dubbed ShadyPanda spent seven years playing the long game, publishing or acquiring harmless extensions, letting them r...

7.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/12/04 12:42 p.m.7 views

Update Chrome now: Google fixes 13 security issues affecting billions

Google has released an update for its Chrome browser that includes 13 security fixes, four of which are classified as high severity. One of these was found in Chrome’s Digital Credentials feature–a tool that lets you share verified information from your digital wallet with websites so you can pro...

8.8CVSS6.9AI score0.00393EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/12/03 4:27 p.m.16 views

Claude Code Command Validation Bypass Allows Arbitrary Code Execution

Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. Users on...

9.8CVSS8.1AI score0.00639EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/12 5:7 p.m.6 views

CVE-2025-12940

Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610 and WAX610Y AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points. An user having access to the syslog server can read the logs containing these credentials. This issue affects...

5.5CVSS6.9AI score0.00243EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/10/16 12:0 a.m.4 views

Clam AntiVirus Toolkit 1.5.1

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs ar...

7.1AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-6070

Malware in sbrugna...

7.5CVSS7.5AI score0.02347EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2021-25583

Malware in sbrugna...

7.6CVSS6AI score0.01615EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-2059

Malware in sbrugna...

9CVSS8.2AI score0.01324EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-7298

Malware in sbrugna...

5.8CVSS6.8AI score0.01718EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-26880

Malicious code in bioql PyPI...

7.2CVSS7.2AI score0.03695EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-43319

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.00172EPSS
Exploits0References1
OSV
OSV
added 2025/10/03 8:3 p.m.5 views

CVE-2025-59829 Claude Code: Permission deny bypass is possible through symlink

Claude Code is an agentic coding tool. Versions below 1.0.120 failed to account for symlinks when checking permission deny rules. If a user explicitly denied Claude Code access to a file and Claude Code had access to a symlink pointing to that file, it was possible for Claude Code to access the...

2.3CVSS6.8AI score0.00396EPSS
Exploits0References3
Malwarebytes
Malwarebytes
added 2025/09/16 7:48 p.m.7 views

Update your Apple devices to fix dozens of vulnerabilities

Apple has released security updates for iPhones, iPads, Apple Watches, Apple TVs, and Macs as well as for Safari, and Xcode to fix dozens of vulnerabilities which could give cybercriminals access to sensitive data. How to update your devices How to update your iPhone or iPad For iOS and iPadOS...

6.5CVSS6AI score0.00441EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2025/08/21 12:4 p.m.7 views

All Apple users should update after company patches zero-day vulnerability in all platforms

Apple has released security updates for iPhones, iPads and Macs to fix a zero-day vulnerability a vulnerability which Apple was previously unaware of that is reportedly being used in targeted attacks. The updates cover: iOS 18.6.2 and iPadOS 18.6.2 iPhone XS and later, iPad Pro 13-inch, iPad Pro...

8.8CVSS7.1AI score0.19972EPSS
Exploits9
Tenable Nessus
Tenable Nessus
added 2025/08/06 12:0 a.m.5 views

Fedora 43 : micropython (2025-4f95f160be)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-4f95f160be advisory. Automatic update for micropython-1.25.0-1.fc43. Changelog Fri May 9 2025 Charalampos Stratakis - 1.25.0-1 - Update to 1.25.0 - Security fixes for...

7.5CVSS7.4AI score0.00685EPSS
Exploits2References3
Rows per page
Query Builder