Lucene search
K

33 matches found

The Hacker News
The Hacker News
added 2026/06/24 5:19 p.m.15 views

CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday warned of active exploitation of a critical security flaw impacting Lantronix EDS5000 Series devices, urging Federal Civilian Executive Branch FCEB agencies to apply the fixes by June 26, 2026. The vulnerability in question...

9.8CVSS7.5AI score0.01131EPSS
Exploits1
Circl
Circl
added 2026/05/14 10:0 a.m.6 views

CVE-2025-38708

creationtimestamp| type| source ---|---|--- 2026-05-14 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-134-10...

7.8CVSS7.2AI score0.00157EPSS
Exploits0References1
CISA
CISA
added 2026/03/18 12:0 p.m.13 views

CISA Urges Endpoint Management System Hardening After Cyberattack Against US Organization

CISA is aware of malicious cyber activity targeting endpoint management systems of U.S. organizations based on the March 11, 2026 cyberattack against U.S.-based medical technology firm Stryker Corporation, which affected their Microsoft environment.1 To defend against similar malicious cyber...

5.9AI score
Exploits0References10
Information Security Automation
Information Security Automation
added 2026/03/02 10:4 p.m.9 views

About Remote Code Execution – Microsoft Word (CVE-2026-21514) vulnerability

About Remote Code Execution - Microsoft Word CVE-2026-21514 vulnerability. This vulnerability is from February Microsoft Patch Tuesday. Reliance on Untrusted Inputs in a Security Decision CWE-807 in Microsoft Office Word allows an unauthenticated attacker to bypass OLE security features when...

7.8CVSS6.2AI score0.01517EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/02/26 4:57 p.m.167 views

Exploit for Deserialization of Untrusted Data in Facebook React

VPS Continuous Scanner A lightweight orchestrator and worker...

10CVSS7.8AI score0.99562EPSS
Exploits372
Circl
Circl
added 2025/08/14 10:0 a.m.3 views

CVE-2024-26736

creationtimestamp| type| source ---|---|--- 2025-08-14 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-15...

7.8CVSS7.3AI score0.00263EPSS
Exploits0References1
HackRead
HackRead
added 2025/07/23 6:15 p.m.4 views

FBI and CISA Warn of Interlock Ransomware Targeting Critical Infrastructure

FBI warns of Interlock ransomware using unique tactics to hit businesses and critical infrastructure with double extortion...

7.3AI score
Exploits0
CISA
CISA
added 2025/07/02 12:0 p.m.3 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-6554link is external Google Chromium V8 Type Confusion Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors an...

8.1CVSS7.3AI score0.06564EPSS
In wildExploits5References6
HackRead
HackRead
added 2025/05/13 8:35 p.m.6 views

CISA Adds TeleMessage Vulnerability to KEV List Following Breach

CISA adds TeleMessage flaw to KEV list, urges agencies to act within 3 weeks after a breach exposed…...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/04/29 12:0 a.m.5 views

PT-2025-18218 · Undefined · Undefined

🛡️ ALERT: CISA Adds Broadcom & Commvault Vulnerabilities to KEV Database These flaws are actively exploited in the wild. If you're running affected products, patch ASAP. 📌 Broadcom ID: CVE-2023-12345 📌 Commvault ID: CVE-2024-67890 📆 Mitigation deadline: Insert date if known https://t.co/dtEaewjtfL...

6.6AI score
Exploits3References1
The Hacker News
The Hacker News
added 2025/02/07 12:52 p.m.27 views

CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0994 CVSS v4 score: 8.6, a deserialization of...

8.6CVSS9.1AI score0.27426EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/01/31 1:10 p.m.24 views

CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors

The U.S. Cybersecurity and Infrastructure Security Agency CISA and the Food and Drug Administration FDA have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors. The vulnerability, tracked as CVE-2025-0626 , carries a CVS...

9.3CVSS7.7AI score0.01276EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/01/15 12:0 a.m.5 views

PT-2025-1273

Name of the Vulnerable Software and Affected Versions SimpleHelp versions 5.5.7 and earlier Description SimpleHelp remote support software is affected by multiple path traversal vulnerabilities. These flaws allow unauthenticated remote attackers to download arbitrary files from the SimpleHelp hos...

9.1CVSS9.6AI score0.95151EPSS
Exploits2References156
CISA
CISA
added 2024/09/17 12:0 p.m.4 views

CISA and FBI Release Secure by Design Alert on Eliminating Cross-Site Scripting Vulnerabilities

Today, CISA and FBI released a Secure by Design Alert, Eliminating Cross-Site Scripting Vulnerabilities, as a part of our ongoing effort to reduce the prevalence of vulnerability classes at scale. Vulnerabilities like cross-site scripting XSS continue to appear in software, enabling threat actors...

5.9AI score
Exploits0References4
GithubExploit
GithubExploit
added 2024/03/30 9:56 p.m.350 views

Exploit for Embedded Malicious Code in Tukaani Xz

CVE-2024-3094 Detection and Remediation Script This script is...

10CVSS9.9AI score0.85974EPSS
Exploits40
CISA
CISA
added 2023/12/15 12:0 p.m.7 views

CISA Secure by Design Alert Urges Manufacturers to Eliminate Default Passwords

Today, CISA published guidance on How Manufacturers Can Protect Customers by Eliminating Default Passwords as a part of our new Secure by Design SbD Alert series. This SbD Alert urges technology manufacturers to proactively eliminate the risk of default password exploitation by implementing...

7.3AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/12/04 6:0 p.m.8 views

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References10
RedHat Linux
RedHat Linux
added 2023/10/18 10:55 p.m.5 views

golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References9
RedHat Linux
RedHat Linux
added 2023/10/16 9:9 a.m.9 views

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References10
RedHat Linux
RedHat Linux
added 2023/10/16 9:0 a.m.8 views

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References10
Rows per page
Query Builder