Lucene search
+L

129526 matches found

nvd
nvd
added 1 hour ago5 views

CVE-2026-45695

Kopia is a cross-platform backup tool for Windows, macOS, and Linux with fast incremental backups, client-side end-to-end encryption, compression, and data deduplication. Prior to 0.23.0, Kopia's HTTP server started with --without-password accepts unauthenticated requests to /api/v1/repo/exists a...

9.8CVSS0.00109EPSS
Exploits0References4
cve
cve
added 2 hours ago77 views

CVE-2026-45695

Kopia is a cross-platform backup tool for Windows, macOS, and Linux with fast incremental backups, client-side end-to-end encryption, compression, and data deduplication. Prior to 0.23.0, Kopia's HTTP server started with --without-password accepts unauthenticated requests to /api/v1/repo/exists a...

9.8CVSS6.1AI score0.00109EPSS
Exploits0References4
cvelist
cvelist
added 2 hours ago5 views

CVE-2026-45695 Kopia: Unauthenticated RCE via SSH ProxyCommand Injection when --insecure --without-password is used

Kopia is a cross-platform backup tool for Windows, macOS, and Linux with fast incremental backups, client-side end-to-end encryption, compression, and data deduplication. Prior to 0.23.0, Kopia's HTTP server started with --without-password accepts unauthenticated requests to /api/v1/repo/exists a...

9.8CVSS0.00109EPSS
Exploits0References4
attackerkb
attackerkb
added 2 hours ago2 views

CVE-2026-45695

Kopia is a cross-platform backup tool for Windows, macOS, and Linux with fast incremental backups, client-side end-to-end encryption, compression, and data deduplication. Prior to 0.23.0, Kopia's HTTP server started with --without-password accepts unauthenticated requests to /api/v1/repo/exists a...

9.8CVSS0.00109EPSS
Exploits0References5Affected Software1
redhat
redhat
added 3 hours ago4 views

github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability

A flaw was found in github.com/jackc/pgx, a PostgreSQL driver for Go. This memory-safety vulnerability could allow an attacker to cause various impacts, such as denial of service DoS or potentially arbitrary code execution, by exploiting memory corruption issues. The exact method of exploitation...

9.8CVSS6.2AI score0.00561EPSS
Exploits0References5
securelist
securelist
added 4 hours ago4 views

HelloNet campaign — new malicious modules launched through the ViPNet update system

UPD 16.07.2026: Added rules to protect companies using our SIEM system Kaspersky SIEM, and listed events for developing custom detection rules or conducting Threat hunting. UPD 16.07.2026: Added detection of the malicious activity using Kaspersky Managed Detection and Response. UPD 16.07.2026:...

6.4AI score
Exploits0
osv
osv
added 5 hours ago2 views

RLSA-2026:40841 Important: maven:3.8 security update

Maven is a software project management and comprehension tool. Based on the concept of a project object model POM, Maven can manage a project's build, reporting and documentation from a central piece of information. Security Fixes: org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Travers...

8.3CVSS6.1AI score0.00663EPSS
Exploits0References2
rocky
rocky
added 5 hours ago4 views

maven:3.8 security update

An update is available for module.maven, module.apache-commons-lang3, apache-commons-io, slf4j, apache-commons-codec, jsr-305, module.cdi-api, plexus-containers, guava, httpcomponents-client, cdi-api, module.sisu, module.plexus-classworlds, plexus-interpolation, module.httpcomponents-core,...

8.8CVSS6.1AI score0.00663EPSS
Exploits0
redhatcve
redhatcve
added 6 hours ago2 views

CVE-2026-60082

A flaw was found in perl-DBI, a database interface for Perl. This vulnerability arises when the DBI library processes inconsistent data, specifically when a statement handle lacks fields but is associated with a non-empty data row. This inconsistency can cause the internal row-buffer to attempt...

9.1CVSS6AI score0.00209EPSS
Exploits0References6
thn
thn
added 6 hours ago4 views

New Agent Data Injection Attack Can Make AI Agents Misclick or Run Attacker Commands

Ask an AI agent to summarize the reviews on a product page, and a single planted review can make it click "Buy Now" instead. Ask a coding assistant to apply a maintainer's fix from a GitHub thread, and a fake comment can make it run a stranger's command on your computer. Neither trick hijacks the...

9.3CVSS6.1AI score0.05776EPSS
Exploits1
thn
thn
added 6 hours ago7 views

Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoor

An advanced malware previously attributed to a China-linked threat actor has resurfaced after more than four years within a Taiwan manufacturing firm, along with a previously unreported backdoor dubbed Stupig. Daxin "srt64.sys", as the kernel-mode rootkit is referred to, was first documented by...

6.2AI score
Exploits0
githubexploit
githubexploit
added 6 hours ago16 views

Exploit for SQL Injection in Apache Fineract

🛡️ CVE-2026-57821 – Apache Fineract SQL Injection ⚠️ LEG...

8.1CVSS6.4AI score0.00286EPSS
Exploits1
redhat
redhat
added 6 hours ago6 views

Important: Red Hat Security Advisory: maven:3.8 security update

An update for the maven:3.8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.8CVSS6.1AI score0.00663EPSS
Exploits0References2
redhat
redhat
added 6 hours ago5 views

org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method

A flaw was found in plexus-utils. This vulnerability, known as a Directory Traversal, exists within the extractFile method. An attacker can exploit this to execute unauthorized code on the system in the context of the current working user...

8.8CVSS6.2AI score0.00663EPSS
Exploits0References9
redhatcve
redhatcve
added 7 hours ago4 views

CVE-2026-15392

A flaw was found in DBD::File. The completetablename method, responsible for building absolute table file paths, does not verify if the file is a symbolic link. This oversight allows a local attacker to create a symbolic link within the data directory that points to an arbitrary file outside of t...

7.7CVSS6.1AI score0.00205EPSS
Exploits0References6
nuclei
nuclei
added 8 hours ago3 views

WP Go Maps < 10.0.10 - Unauthenticated Marker Information Disclosure

WP Go Maps WordPress plugin 10.0.10 contains an information disclosure vulnerability caused by lack of approval-state filtering on the public single-marker REST endpoint, letting unauthenticated users access unapproved marker records including PII and geographic coordinates, exploit requires no...

5.3CVSS6.1AI score0.00225EPSS
Exploits0References2
nuclei
nuclei
added 8 hours ago126 views

BigAnt Server 5.6.06 - Improper Access Control

BigAnt Server 5.6.06 is susceptible to improper access control. The software utililizes weak password hashes. An attacker can craft a password hash and thereby possibly possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-23348 info: name: BigAn...

5.3CVSS6.3AI score0.02899EPSS
Exploits1References5
nuclei
nuclei
added 8 hours ago81 views

WordPress InPost Gallery <2.1.4.1 - Local File Inclusion

WordPress InPost Gallery plugin before 2.1.4.1 is susceptible to local file inclusion. The plugin insecurely uses PHP's extract function when rendering HTML views, which can allow attackers to force inclusion of malicious files and URLs. This, in turn, can enable them to execute code remotely on...

9.8CVSS7.2AI score0.09519EPSS
Exploits2References5
nuclei
nuclei
added 8 hours ago76 views

Dapr Dashboard 0.1.0-0.10.0 - Improper Access Control

Dapr Dashboard 0.1.0 through 0.10.0 is susceptible to improper access control. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-38817 info: name: Dapr Dashboard 0.1.0-0.10.0 - Improper Access Control author: For3stCo1d...

7.5CVSS7AI score0.03026EPSS
Exploits1References5
nuclei
nuclei
added 8 hours ago85 views

Shirne CMS 1.2.0 - Local File Inclusion

Shirne CMS 1.2.0 is vulnerable to local file inclusion which could cause arbitrary file read via /static/ueditor/php/controller.php. id: CVE-2022-37299 info: name: Shirne CMS 1.2.0 - Local File Inclusion author: pikpikcu severity: medium description: Shirne CMS 1.2.0 is vulnerable to local file...

6.5CVSS6.7AI score0.02998EPSS
Exploits1References5
Rows per page
Query Builder