Lucene search
K

399074 matches found

Github Security Blog
Github Security Blog
added 16 minutes ago1 views

Kerberos Hub private key (X-Kerberos-Hub-PrivateKey) leaked to cross-host redirect target due to redirect-following HTTP client without CheckRedirect

Summary The Kerberos Hub upload path sends the agent's Hub credentials in the custom X-Kerberos-Hub-PrivateKey and X-Kerberos-Hub-PublicKey request headers to the operator-configured Hub URL config.HubURI. The HTTP client used &http.Client in UploadKerberosHub is constructed without a CheckRedire...

Exploits0References3Affected Software1
NVD
NVD
added 32 minutes ago2 views

CVE-2026-54886

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to render an SFTP channel permanently unresponsive. The handledata/4 function in sshsftpd contains a catch-all clause that accepts channel data of any type. When...

5.3CVSS
Exploits0References5
NVD
NVD
added 32 minutes ago2 views

CVE-2026-55950

Time-of-check Time-of-use TOCTOU race condition vulnerability in Erlang/OTP ssl dtlspacketdemux module allows an unauthenticated remote attacker to crash all active DTLS sessions on a listener. A DTLS server listener uses a single shared dtlspacketdemux genserver process to route incoming UDP...

8.7CVSS
Exploits0References5
GithubExploit
GithubExploit
added 1 hour ago7 views

Exploit for Improper Verification of Cryptographic Signature in Simple-Help Simplehelp

CVE-2026-48558: SimpleHelp OIDC Authentication Bypass !WAR...

10CVSS6.8AI score0.0116EPSS
Exploits1
Cvelist
Cvelist
added 1 hour ago4 views

CVE-2026-55950 DTLS listener crash via race condition in dtls_packet_demux causes denial of service for all sessions

Time-of-check Time-of-use TOCTOU race condition vulnerability in Erlang/OTP ssl dtlspacketdemux module allows an unauthenticated remote attacker to crash all active DTLS sessions on a listener. A DTLS server listener uses a single shared dtlspacketdemux genserver process to route incoming UDP...

8.7CVSS
Exploits0References5
CVE
CVE
added 1 hour ago4 views

CVE-2026-55950

Time-of-check Time-of-use TOCTOU race condition vulnerability in Erlang/OTP ssl dtlspacketdemux module allows an unauthenticated remote attacker to crash all active DTLS sessions on a listener. A DTLS server listener uses a single shared dtlspacketdemux genserver process to route incoming UDP...

8.7CVSS5.8AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added 1 hour ago1 views

CVE-2026-55950

Time-of-check Time-of-use TOCTOU race condition vulnerability in Erlang/OTP ssl dtlspacketdemux module allows an unauthenticated remote attacker to crash all active DTLS sessions on a listener. A DTLS server listener uses a single shared dtlspacketdemux genserver process to route incoming UDP...

8.7CVSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 1 hour ago4 views

CVE-2026-54886 SSH SFTP server denial of service via extended channel data infinite loop

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to render an SFTP channel permanently unresponsive. The handledata/4 function in sshsftpd contains a catch-all clause that accepts channel data of any type. When...

5.3CVSS
Exploits0References5
CVE
CVE
added 1 hour ago4 views

CVE-2026-54886

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to render an SFTP channel permanently unresponsive. The handledata/4 function in sshsftpd contains a catch-all clause that accepts channel data of any type. When...

5.3CVSS6AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added 1 hour ago2 views

CVE-2026-54886

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to render an SFTP channel permanently unresponsive. The handledata/4 function in sshsftpd contains a catch-all clause that accepts channel data of any type. When...

5.3CVSS
Exploits0References6Affected Software1
Microsoft Secure
Microsoft Secure
added 1 hour ago3 views

Improving security posture across the Microsoft partner ecosystem

The Deputy CISO blog series is where Microsoft Deputy Chief Information Security Officers CISOs share their thoughts on what is most important in their respective domains. In this series, you will get practical advice, tactics to start and stop deploying, forward-looking commentary on where the...

5.8AI score
Exploits0
EUVD
EUVD
added 2 hours ago2 views

EUVD-2026-41394

A malicious actor with access to the network could exploit a Server-Side Request Forgery SSRF vulnerability found in UniFi Talk Application to execute a Denial of Service DoS attack and bypass authentication in certain UniFi Talk API endpoints...

7.5CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago2 views

EUVD-2026-41380

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi Network Application to execute a Denial of Service DoS attack on the application...

7.5CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2 hours ago2 views

mcp-memory-service: Missing Authentication on Document API Endpoints Allows Unauthenticated Memory Read/Write/Delete

Missing Authentication on Document API Endpoints Allows Unauthenticated Memory Read/Write/Delete Summary All HTTP routes under /api/documents/ in mcp-memory-service are served without any authentication dependency, even when the server is configured with an API key MCPAPIKEY or OAuth. An...

Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2 hours ago5 views

ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories

This week’s security news is mostly about weak spots. Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in different ways. Everything looks normal until someone tests a small gap and finds a way through. This is not one big break. It is small permissions, weak check...

7.8CVSS7.8AI score0.06749EPSS
Exploits3
NVD
NVD
added 2 hours ago6 views

CVE-2026-55113

A malicious actor with access to the network could exploit a Server-Side Request Forgery SSRF vulnerability found in UniFi Talk Application to execute a Denial of Service DoS attack and bypass authentication in certain UniFi Talk API endpoints...

7.5CVSS
Exploits0References1
NVD
NVD
added 2 hours ago5 views

CVE-2026-54405

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi Network Application to execute a Denial of Service DoS attack on the application...

7.5CVSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2 hours ago2 views

CVE-2026-55113

A malicious actor with access to the network could exploit a Server-Side Request Forgery SSRF vulnerability found in UniFi Talk Application to execute a Denial of Service DoS attack and bypass authentication in certain UniFi Talk API endpoints...

7.5CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 2 hours ago3 views

CVE-2026-55113

A malicious actor with access to the network could exploit a Server-Side Request Forgery SSRF vulnerability found in UniFi Talk Application to execute a Denial of Service DoS attack and bypass authentication in certain UniFi Talk API endpoints...

7.5CVSS
Exploits0References1
CVE
CVE
added 2 hours ago6 views

CVE-2026-55113

CVE-2026-55113 involves a Server-Side Request Forgery (SSRF) in the UniFi Talk Application that can allow a remote attacker with network access to cause a Denial of Service and bypass authentication on certain UniFi Talk API endpoints. The vulnerability affects the UniFi Talk platform’s API surfa...

7.5CVSS5.8AI score
Exploits0References1
Rows per page
Query Builder