Lucene search
K

464 matches found

CVE
CVE
added 2026/06/22 3:30 p.m.19 views

CVE-2026-11943

CVE-2026-11943 affects Akaunting 3.1.21 and is an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoice and bill detail pages. An authenticated user can store HTML/JavaScript in their own profile name, which can be reflected in the UI. The CVSS4 vector ...

4.8CVSS5.7AI score0.00261EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 3:30 p.m.7 views

EUVD-2026-38270

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoice and bill detail pages. An authenticated user can store HTML/JavaScript in their own profile name...

4.8CVSS5.7AI score0.00261EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 3:30 p.m.30 views

CVE-2026-11943 Akaunting 3.1.21 - Authenticated stored XSS in document timeline

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoice and bill detail pages. An authenticated user can store HTML/JavaScript in their own profile name...

4.8CVSS0.00261EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/12 2:33 p.m.99 views

sbom-risk-analyzer

SBOM-Risk-Analyzer Exploitability-weighted vulnerability pri...

5.5AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2026/06/10 8:28 p.m.13 views

Trump Risks Key Surveillance Authority Over ‘Unqualified’ Spy-Chief Pick

US lawmakers are alarmed that Bill Pulte, a housing official with no intelligence experience, is poised to take charge of one of the government's most powerful surveillance tools...

5.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/06/09 1:57 p.m.15 views

Meta’s face-recognition code raises new concerns about smart glasses

Meta’s smart glasses are once again at the center of a privacy debate due to face recognition. WIRED reports that Meta had quietly embedded unreleased face-recognition code, internally called “NameTag,” into its Meta AI companion app, which powers the company’s smart glasses. The code was not...

5.6AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2026/06/08 8:57 p.m.15 views

Bill to Create Independent US Cyber Force Wants to Place It Under the US Army

It looks like we're finally making progress towards an independent US Cyber Force: https://www.csis.org/programs/strategic-technologies-program/projects/commission-us-cyber-force-generation However, this bill by Sen Gillibrand to put it under the Army isn't the best idea...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/01 12:0 a.m.17 views

Poking around in the Dark: Why a Shared Understanding of Components Matters

By listing the components included in an application, Software Bills of Materials SBOMs are intended to support the timely identification of vulnerable components and ensure the security of the software supply chain. However, we question the underlying assumption that there is agreement on the...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/27 12:0 a.m.29 views

S3C2 Summit 2025-07: Government Secure Supply Chain Summit

Software supply chains, while providing immense economic and software development value, are only as strong as their weakest link. Over the past several years, there has been an exponential increase in cyberattacks specifically targeting vulnerable links in critical software supply chains. The...

5.8AI score
Exploits0
Wolfi
Wolfi
added 2026/05/12 7:48 a.m.15 views

GHSA-389R-GV7P-R3RP vulnerabilities

Vulnerabilities for packages: cerbos, crossplane, flux, apko, gomplate, grype, argocd-image-updater, kaniko, argo-workflows, argo-cd, kargo, bom, pulumi-kubernetes-operator, trivy-operator, gitea, wolfictl, syft, kubescape, grafana, gptscript, pulumi, external-secrets-operator, nfpm, kots,...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2026/05/09 7:48 p.m.18 views

GHSA-PMWQ-PJRM-6P5R vulnerabilities

Vulnerabilities for packages: docker-compose, crossplane, kyverno-notation-aws, buildkitd, docker, bom, trivy-operator, kubescape, falcoctl, ko, tekton-chains, policy-controller, goreleaser, guac, trivy, ratify, docker-cli-buildx, gitsign, dagger, slsa-verifier, kyverno, skaffold, gitlab-runner,...

5.9AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2026/04/24 3:10 p.m.6 views

The Latest Push to Extend Key US Spy Powers Is Still a Mess

A US surveillance program that lets the FBI view Americans’ communications without a warrant is up for renewal. A new bill aims to address mounting lawmaker concerns—with smoke and mirrors...

5.3AI score
Exploits0
Fedora
Fedora
added 2026/04/13 1:11 a.m.6 views

[SECURITY] Fedora 43 Update: trivy-0.69.3-1.fc43

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more...

7.8CVSS6.9AI score0.00626EPSS
Exploits3
Packet Storm News
Packet Storm News
added 2026/04/04 12:0 a.m.2 views

Towards Predicting Multi-Vulnerability Attack Chains in Software Supply Chains from Software Bill of Materials Graphs

Software supply chain security compromises often stem from cascaded interactions of vulnerabilities, for example, between multiple vulnerable components. Yet, Software Bill of Materials SBOM-based pipelines for security analysis typically treat scanner findings as independent per-CVE Common...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/02 12:0 a.m.6 views

Architectural Implications of the UK Cyber Security and Resilience Bill

The UK Cyber Security and Resilience CS&R Bill represents the most significant reform of UK cyber legislation since the Network and Information Systems NIS Regulations 2018. While existing analysis has addressed the Bill's regulatory requirements, there is a critical gap in guidance on the...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2026/03/31 7:48 a.m.11 views

GHSA-GM2X-2G9H-CCM8 vulnerabilities

Vulnerabilities for packages: cerbos, crossplane, flux, apko, gomplate, grype, argocd-image-updater, kaniko, argo-workflows, argo-cd, kargo, bom, pulumi-kubernetes-operator, trivy-operator, gitea, wolfictl, syft, kubescape, grafana, gptscript, pulumi, external-secrets-operator, nfpm, kots, trivy,...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/03/30 12:45 p.m.113 views

sboms

No d...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/03/30 12:45 p.m.111 views

spdx-sboms

No d...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 8:3 p.m.3 views

CVE-2026-33481

A flaw was found in Syft, a tool for generating Software Bill of Materials SBOM. When Syft scans large or highly compressed archives, it unpacks them into temporary storage. If this process exhausts the temporary storage, Syft fails to properly clean up these files. This can lead to the temporary...

5.3CVSS5.7AI score0.00408EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.8 views

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.3 contained security...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References3
Rows per page
Query Builder