Lucene search
+L

12699 matches found

Cvelist
Cvelist
added 2026/07/09 2:15 p.m.42 views

CVE-2026-54800

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application ships with a default configuration that disables all OPC UA security mechanisms. This could allow an attacker to gain unauthorized...

6.3CVSS0.00146EPSS
Exploits0References1
CVE
CVE
added 2026/07/09 2:15 p.m.11 views

CVE-2026-54800

CVE-2026-54800 affects CPCI85 Central Processing/Communication and SICORE Base system (all versions < V26.20 /

6.3CVSS5.9AI score0.00146EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/09 2:15 p.m.36 views

CVE-2026-54799

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application contains a vulnerability in its firmware update mechanism's signature validation process. This could allow an attacker to install...

8.4CVSS0.00127EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/09 2:15 p.m.8 views

EUVD-2026-42594

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application contains a vulnerability in its firmware update mechanism's signature validation process. This could allow an attacker to install...

8.4CVSS6.3AI score0.00127EPSS
Exploits0References1
OSV
OSV
added 2026/07/09 12:52 p.m.4 views

OESA-2026-2929 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: ipc: limit nextid allocation to the valid ID range The checkpoint/restore sysctl path can request the next SysV IPC id through ids-nextid. ipcidralloc currently...

9.8CVSS6.1AI score0.00742EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/09 11:20 a.m.16 views

Malicious code in testing-d3do (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c008bcf9a72a02f11c556396a39d6de999bfad0cfa389ddac01929d19bb34d8 On npm install, this package's postinstall script collects host identifiers os.hostname, os.userInfo, current working directory, and external IPv4...

5.9AI score
Exploits0References1
NVD
NVD
added 2026/07/08 11:16 p.m.6 views

CVE-2026-15121

Use after free in WebRTC in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00306EPSS
Exploits0References2
OSV
OSV
added 2026/07/08 10:7 p.m.8 views

CVE-2026-54779 CoreWCF: SAML token replay protection is inoperative

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token replay protection is inoperative because DefaultTokenReplayCache.TryAdd does not reject duplicate tokens when DetectReplayedTokens is enabled, allowing a captur...

5.9CVSS6.1AI score0.00268EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/08 10:1 p.m.37 views

CVE-2026-54777 CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF NetNamedPipe transport accepts attachment to a pre-existing named pipe instance, allowing local interception of NetNamedPipe traffic when an attacker races NamedPipeListen...

6.5CVSS0.00088EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/08 12:55 a.m.25 views

Malicious code in proton_pfff (crates.io)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5acb95a7594a27e0298f3994338f43788dc9e4f46d5c467c54432fd020f48af4 Source: ossf-package-analysis 0aa190f5fe08b29ab6f7230c099bdc2a201b7d5212f434f9e44b2be1feba5de1 The OpenSSF Package Analysis project identified...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/08 12:20 a.m.17 views

Malicious code in rio-design-tokens (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed72d8256a1831ef61f01d101c9b9de21db822516cb3b61d1fffd1ef7b3bb0c7 [email protected] is a dependency-confusion attack package. package.json declares preinstall: node index.js, so npm install auto-executes...

5.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.10 views

PT-2026-56230

Name of the Vulnerable Software and Affected Versions Joomla! Core affected versions not specified Description An improper access check allows unauthorized users to access datasets within the com privacy webservice endpoints. Recommendations At the moment, there is no information about a newer...

8.8CVSS6.1AI score0.0024EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/06 4:52 a.m.6 views

nodejs: Node.js: Certification validation bypass in TLS host verification

A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security TLS host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integri...

4.3CVSS6.3AI score0.00258EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/07/06 12:0 a.m.8 views

Siemens SIMATIC S7 PLC Web Server Improper Neutralization of Input During Web Page Generation (CVE-2026-25786)

Affected devices do not properly validate and sanitize PLC/station name rendered on the 'communication' parameters page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page. If a...

9.3CVSS7AI score0.0037EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/05 8:25 p.m.13 views

Malicious code in gen-ai-opt-in (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3653831a01d3068b12688a9f6ae11926a1b1edde27f8f37a6c48f3f0dba99231 On npm install, postinstall.js executes automatically and collects installer host identifiers os.hostname, os.userInfo.username plus public IP/geo da...

5.9AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/05 3:29 p.m.20 views

Malicious code in wsh4-nmp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f4958e0d564fad3efe079f48b02579eb052190951bc2ce2bf3d8bc067575c36 package.json declares scripts.postinstall = 'node index.js'. On install, index.js unconditionally POSTs installer-identifying data — the absolute...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/05 3:16 p.m.15 views

Malicious code in @adobesign/as-dev-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6752e4d30c584cb5ca6f67265c983257c1531aa306b47ec00b43ddae83fe2532 The package's package.json declares a postinstall lifecycle hook that pipes the output of whoami through curl to a hardcoded Burp Collaborator...

5.9AI score
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/07/05 1:58 a.m.6 views

SUSE CVE-2026-53360

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use As per the GHCB spec, when using GHCB v2+ require the software scratch area to reside in the GHCB's shared buffer. Note, things like Page State Change PSC requests rely...

6AI score0.00183EPSS
Exploits0References4
CVE
CVE
added 2026/07/04 11:53 a.m.43 views

CVE-2026-53360

The CVE-2026-53360 entry concerns a Linux kernel KVM/SEV issue: if GHCB v2+ is used, in-GHCB scratch area must reside in the shared buffer. The root cause is a bounds check flaw in snp_begin_psc() where idx_end is validated against VMGEXIT_PSC_MAX_COUNT (253) but not against the actual buffer siz...

8.8CVSS6AI score0.00183EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/04 11:53 a.m.11 views

EUVD-2026-41667

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use As per the GHCB spec, when using GHCB v2+ require the software scratch area to reside in the GHCB's shared buffer. Note, things like Page State Change PSC requests rely...

6AI score0.00183EPSS
Exploits0References4
Rows per page
Query Builder