Lucene search
K

690 matches found

Circl
Circl
added 2026/07/02 1:7 a.m.8 views

CVE-2026-13786

creationtimestamp| type| source ---|---|--- 2026-07-02 01:07:06+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmtqn6fd32i 2026-07-02 07:18:34+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260702 2026-07-06 06:54:04+00:00| seen|...

8.8CVSS5.9AI score0.00379EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/29 1:37 p.m.13 views

CVE-2026-45582 n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parameters

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.3, the workflow telemetry sanitizer could retain partial fragments of URL-shaped node parameters before sending workflow data to the project's anonymous telemetry...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References4
OSV
OSV
added 2026/05/29 6:10 a.m.10 views

BELL-CVE-2026-45924

Bulletin has no description...

5.5CVSS5.7AI score0.0012EPSS
Exploits0References1
OSV
OSV
added 2026/05/10 8:17 p.m.5 views

MINI-CG5V-RM8J-985J

Bulletin has no description...

6.1CVSS5.7AI score0.00371EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2026/05/06 4:17 p.m.8 views

Google Chrome’s silent 4GB AI download problem [updated]

Google Chrome has been quietly downloading a 4GB AI model onto users' devices without asking first. Security researcher Alexander Hanff, aka ThatPrivacyGuy, reports that Chrome has been silently installing Gemini Nano, Google's on-device AI model, as a file called weights.bin stored in the...

5.7AI score
Exploits0
OpenVAS
OpenVAS
added 2026/04/13 12:0 a.m.6 views

SUSE: Security Advisory (SUSE-SU-2026:20997-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.7CVSS6.7AI score0.00519EPSS
Exploits1References4
Fedora
Fedora
added 2026/03/31 1:9 a.m.6 views

[SECURITY] Fedora 42 Update: stgit-2.5.5-5.fc42

Stacked Git, StGit for short, is an application for managing Git commits as a stack of patches. With a patch stack workflow, multiple patches can be developed concurrently a nd efficiently, with each patch focused on a single concern, resulting in both a clean Git commit history and improved...

6.5CVSS5.8AI score0.00379EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.7 views

PT-2026-25749

HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation processes...

5.8CVSS5.8AI score0.00141EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/05 8:25 p.m.5 views

CVE-2026-26999

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. A remote unauthenticated client can exploit this vulnerability by sending an incomplete Transport Layer Security TLS record, which causes the TLS handshake to stall indefinitely. This can lead to resource exhaustion, such as fi...

7.5CVSS5.7AI score0.00539EPSS
Exploits0References6
OSV
OSV
added 2026/02/13 8:55 p.m.3 views

GHSA-C7PH-F7JM-XV4W rPGP's integrity protection of encrypted data was not always checked

Summary For some messages, rPGP returned incorrectly decrypted data without signaling that integrity protection was invalid. Details When decrypting SEIPD Symmetrically Encrypted and Integrity Protected Data Packet, rPGP previously did not under all circumstances report the absence of valid...

6.3CVSS5.5AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/13 8:55 p.m.11 views

rPGP's integrity protection of encrypted data was not always checked

Summary For some messages, rPGP returned incorrectly decrypted data without signaling that integrity protection was invalid. Details When decrypting SEIPD Symmetrically Encrypted and Integrity Protected Data Packet, rPGP previously did not under all circumstances report the absence of valid...

5.5AI score
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/12 6:14 p.m.5 views

CVE-2025-41117

A cross site scripting flaw has been discovered in Grafana's Explore Traces view. This view can be rendered as raw HTML and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API...

6.8CVSS5AI score0.0026EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/03 5:1 a.m.4 views

Malicious Package

Overview baileys-ud is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/22 8:10 a.m.3 views

CVE-2026-24332

Discord through 2026-01-16 allows gathering information about whether a user's client state is Invisible and not actually offline because the response to a WebSocket API request includes the user in the presences array with "status": "offline", whereas offline users are omitted from the presences...

4.3CVSS5.5AI score0.0026EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/01/17 3:31 p.m.166 views

ai_bouncer

AiBouncer AI-powered HTTP request classification for Ruby on...

7.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/16 12:0 a.m.9 views

PT-2026-3252

Name of the Vulnerable Software and Affected Versions ConnectWise PSA versions prior to 2026.1 Description Certain session cookies were not configured with the HttpOnly attribute in affected versions. This could potentially allow client-side scripts to access session cookie values. Recommendation...

6.5CVSS5.9AI score0.00352EPSS
Exploits0References6
EUVD
EUVD
added 2026/01/06 2:34 a.m.5 views

EUVD-2026-1134

Malicious code in eslint-supertest npm...

6.6AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/01 2:16 p.m.4 views

CVE-2025-66384

app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmpname...

8.2CVSS6.9AI score0.00315EPSS
Exploits0References1
OSV
OSV
added 2025/11/25 9:21 a.m.5 views

MAL-2025-191462 Malicious code in react-svgs-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 081ba740ebfdae5dfc4f53bf53b7658227f6fc78a9c8866727d95d2467991f3e The package react-svgs-helper was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References1
EUVD
EUVD
added 2025/11/21 6:47 p.m.6 views

EUVD-2025-198319

hpke-js is a Hybrid Public Key Encryption HPKE module built on top of Web Cryptography API. Prior to version 1.7.5, the public SenderContext Seal API has a race condition which allows for the same AEAD nonce to be re-used for multiple Seal calls. This can lead to complete loss of Confidentiality...

9.1CVSS6.3AI score0.00193EPSS
Exploits0References4
Rows per page
Query Builder