Lucene search
K

29 matches found

Github Security Blog
Github Security Blog
added 2026/04/10 3:34 p.m.6 views

Vikunja has Algorithmic Complexity DoS in Repeating Task Handler

Summary The addRepeatIntervalToTime function uses an On loop that advances a date by the task's RepeatAfter duration until it exceeds the current time. By creating a repeating task with a 1-second interval and a due date far in the past, an attacker triggers billions of loop iterations, consuming...

6.5CVSS5.8AI score0.00347EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.3 views

PT-2026-31950

Name of the Vulnerable Software and Affected Versions: Vikunja versions prior to 2.3.0 Description: Vikunja, a self-hosted task management platform, contains an issue where the addRepeatIntervalToTime function uses an inefficient loop. An attacker can create a repeating task with a 1-second...

6.5CVSS5.9AI score0.00347EPSS
Exploits1References9
Wired Threat Level
Wired Threat Level
added 2026/02/27 10:0 a.m.4 views

Data Broker Breaches Fueled Nearly $21 Billion in Identity-Theft Losses

A report copublished by WIRED sparked a probe into opt-out pages hidden by data brokers. Now congressional Democrats say breaches tied to the industry have cost people tens of billions of dollars...

6AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2026/02/18 5:22 p.m.8 views

A Vast Trove of Exposed Social Security Numbers May Put Millions at Risk of Identity Theft

A database left accessible to anyone online contained billions of records, including sensitive personal data that criminals appear to have not yet exploited...

5.6AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2026/02/11 4:32 p.m.6 views

CBP Signs Clearview AI Deal to Use Face Recognition for ‘Tactical Targeting’

US Border Patrol intelligence units will gain access to a face recognition tool built on billions of images scraped from the internet...

5.5AI score
Exploits0
HackRead
HackRead
added 2026/01/29 3:0 p.m.6 views

This startup aims to solve crypto’s broken key management problem

Crypto security firm Sodot launches Exchange API Vault to stop API key theft, securing billions in assets while supporting low latency, high frequency trading...

5.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/12/15 3:39 p.m.13 views

Pig butchering is the next “humanitarian global crisis” (Lock and Code S06E25)

This week on the Lock and Code podcast … This is the story of the world's worst scam and how it is being used to fuel entire underground economies that have the power to rival nation-states across the globe. This is the story of "pig butchering." "Pig butchering" is a violent term that is used to...

7.1AI score
Exploits0
HackRead
HackRead
added 2025/12/04 1:16 p.m.5 views

WebXR Flaw Hits 4 Billion Chromium Users, Update Your Browser Now

Cybersecurity startup AISLE discovered a Medium severity flaw in the WebXR component of Chrome, Edge, and other Chromium browsers. Over 4 billion devices were at risk. Update now...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/10/31 11:33 a.m.9 views

Update Chrome now: 20 security fixes just landed

Google has released an update for its Chrome browser that includes 20 security fixes, several of which are classed as high severity. Most of these flaws were found in Chrome’s V8 engine—the part of Chrome and other Chromium-based browsers that runs JavaScript. Chrome is by far the world’s most...

8.8CVSS8.5AI score0.06806EPSS
Exploits1
Malwarebytes
Malwarebytes
added 2025/10/24 1:35 p.m.6 views

Is AI moving faster than its safety net?

You’ve probably noticed that artificial intelligence, or AI, has been everywhere lately—news, phones, apps, even in your browser. It seems like everything suddenly wants to be “powered by AI.“ If it’s not, it’s considered old school and boring. It’s easy to get swept up in the promise: smarter...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/09/17 1:45 p.m.8 views

224 malicious apps removed from the Google Play Store after ad fraud campaign discovered

Researchers have discovered a large ad fraud campaign on Google Play Store. The Satori Threat Intelligence and Research team found 224 malicious apps which were downloaded over 38 million times and generated up to 2.3 billion ad requests per day. They named the campaign "SlopAds." Ad fraud is a...

6.7AI score
Exploits0
HackRead
HackRead
added 2025/08/25 2:7 p.m.5 views

National Public Data Relaunches Despite 2.9 Billion SSNs Breach

It is business as usual at National Public Data NPD despite the breach that exposed 3 billion Social Security numbers and the subsequent leak...

7.3AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2025/08/19 2:11 p.m.8 views

493 Cases of Sextortion Against Children Linked to Notorious Scam Compounds

Scam compounds in Cambodia, Myanmar, and Laos have conned people out of billions. New research shows they may be linked to child sextortion crimes too...

7.3AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2024/09/30 10:0 a.m.7 views

The Pig Butchering Invasion Has Begun

Scamming operations that once originated in Southeast Asia are now proliferating around the world, likely raking in billions of dollars in the process...

7.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/05/01 12:0 a.m.6 views

PT-2024-12094 · Xiaomi · Xiaomi File Manager

Name of the Vulnerable Software and Affected Versions: Xiaomi File Manager affected versions not specified Description: A path traversal vulnerability exists in the Xiaomi File Manager application, caused by unfiltered special characters. This allows attackers to overwrite and execute code in...

9.8CVSS7.8AI score0.00518EPSS
Exploits0References8
HackRead
HackRead
added 2023/10/24 6:44 p.m.23 views

Social Login Flaws in Popular Websites Risked Billions of User Accounts

By Deeba Ahmed The critical API security flaws in the social sign-in and OAuth Open Authentication implementations affected high-profile companies like… This is a post from HackRead.com Read the original post: Social Login Flaws in Popular Websites Risked Billions of User Accounts...

7AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2023/05/03 12:0 p.m.19 views

Google Is Rolling Out Passkeys, the Password-Killing Tech, to All Accounts

The tech industry’s transition to passkeys gets its first massive boost with the launch of the alternative login scheme for Google’s billions of users...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/03 10:18 a.m.3 views

New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices

A pair of serious security defects has been disclosed in the Trusted Platform Module TPM 2.0 reference library specification that could potentially lead to information disclosure or privilege escalation. One of the vulnerabilities, CVE-2023-1017 , concerns an out-of-bounds write, while the other,...

7.8CVSS6.8AI score0.05552EPSS
Exploits0
The Hacker News
The Hacker News
added 2023/02/23 12:32 p.m.3 views

The Secret Vulnerability Finance Execs are Missing

The Other Risk in Finance A few years ago, a Washington-based real estate developer received a document link from First American – a financial services company in the real estate industry – relating to a deal he was working on. Everything about the document was perfectly fine and normal. The odd...

6.8AI score
Exploits0
NVD
NVD
added 2022/08/03 6:15 a.m.24 views

CVE-2022-35737

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API...

7.5CVSS0.19193EPSS
Exploits2References6
Rows per page
Query Builder