Lucene search
K

1041640 matches found

The Hacker News
The Hacker News
added 1 hour ago6 views

Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker

U.S. prosecutors linked an alleged Scattered Spider hacker to a break-in at a luxury jewelry retailer using a persistent Windows device ID, according to a newly unsealed federal complaint. Microsoft records tied that ID first to the account the attackers used to keep access during the May 2025...

6AI score
Exploits0
PyPA
PyPA
added 4 hours ago4 views

Plaintext storage of tokens in pulp_ansible

The collection remote for pulpansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API instead of marking it as write only...

5.5CVSS6.1AI score0.00276EPSS
Exploits1References7Affected Software1
Malwarebytes
Malwarebytes
added 5 hours ago2 views

Scammers are using AI to sell impossible flowers

We've had problems with deepfake celebrity scams, non-consensual deepfake sexual material, and deepfake politicians. Now we have to deal with… deepfake plants? Yup, AI seed slop is now a thing. 404 Media documented scammers marketing seeds for plants that supposedly bloom in the shape of birds,...

5.9AI score
Exploits0
NVD
NVD
added 10 hours ago7 views

CVE-2026-42200

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL initialization script generateinitscripts method in app/Actions/Database/StartPostgresql.php filename handling did not sufficiently restrict paths, allowing an...

8.8CVSS
Exploits0References4
NVD
NVD
added 10 hours ago5 views

CVE-2026-42145

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the file upload endpoint app/Http/Controllers/UploadController.php for database backup restore uploads did not enforce file type or size validation, allowing an authenticat...

3.1CVSS
Exploits0References4
NVD
NVD
added 10 hours ago5 views

CVE-2026-34170

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GithubApp apiurl field is used as the base URL for server-side HTTP requests without allowlisting or private IP blocking, allowing an authenticated user to configure a...

4.3CVSS
Exploits0References1
NVD
NVD
added 10 hours ago6 views

CVE-2026-34057

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the database import Livewire component app/Livewire/Project/Database/Import.php allows client-controlled container and server properties to reach shell commands without...

8.8CVSS
Exploits0References3
OSV
OSV
added 10 hours ago4 views

ROOT-APP-NPM-CVE-2026-48815 CVE-2026-48815 in @rootio/sigstore - Patched by Root

Root has patched CVE-2026-48815 in the @rootio/sigstore package for Root:npm. Multiple fixed versions available...

5.9AI score
Exploits0
OSV
OSV
added 10 hours ago14 views

ROOT-APP-PYPI-CVE-2026-41182 CVE-2026-41182 in rootio-langsmith - Patched by Root

Root has patched CVE-2026-41182 in the rootio-langsmith package for Root:PyPI. Multiple fixed versions available...

5.3CVSS5.8AI score0.00214EPSS
Exploits0
OSV
OSV
added 10 hours ago4 views

ROOT-APP-PYPI-GHSA-F4XH-W4CJ-QXQ8 GHSA-f4xh-w4cj-qxq8 in rootio-langsmith - Patched by Root

Root has patched GHSA-f4xh-w4cj-qxq8 in the rootio-langsmith package for Root:PyPI. Multiple fixed versions available...

5.8AI score
Exploits0
OSV
OSV
added 10 hours ago15 views

ROOT-APP-PYPI-CVE-2026-45134 CVE-2026-45134 in rootio-langsmith - Patched by Root

Root has patched CVE-2026-45134 in the rootio-langsmith package for Root:PyPI. Multiple fixed versions available...

7.1CVSS5.8AI score0.00199EPSS
Exploits0
OSV
OSV
added 10 hours ago5 views

ROOT-APP-PYPI-GHSA-RR7J-V2Q5-CHGV GHSA-rr7j-v2q5-chgv in rootio-langsmith - Patched by Root

Root has patched GHSA-rr7j-v2q5-chgv in the rootio-langsmith package for Root:PyPI. Multiple fixed versions available...

5.3CVSS5.3AI score
Exploits0
OSV
OSV
added 10 hours ago15 views

ROOT-APP-PYPI-CVE-2026-25528 CVE-2026-25528 in rootio-langsmith - Patched by Root

Root has patched CVE-2026-25528 in the rootio-langsmith package for Root:PyPI. Multiple fixed versions available...

5.8CVSS5.3AI score0.00282EPSS
Exploits0
OSV
OSV
added 11 hours ago5 views

ROOT-APP-MAVEN-CVE-2026-54512 CVE-2026-54512 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root

Root has patched CVE-2026-54512 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...

8.1CVSS5.8AI score0.00617EPSS
Exploits1
OSV
OSV
added 11 hours ago6 views

ROOT-APP-MAVEN-CVE-2026-54513 CVE-2026-54513 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root

Root has patched CVE-2026-54513 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...

8.1CVSS5.8AI score0.00677EPSS
Exploits0
OSV
OSV
added 11 hours ago3 views

ROOT-APP-PYPI-CVE-2026-48809 CVE-2026-48809 in rootio-python-engineio - Patched by Root

Root has patched CVE-2026-48809 in the rootio-python-engineio package for Root:PyPI. Multiple fixed versions available...

5.9AI score
Exploits0
OSV
OSV
added 11 hours ago3 views

ROOT-APP-PYPI-CVE-2026-48802 CVE-2026-48802 in rootio-python-engineio - Patched by Root

Root has patched CVE-2026-48802 in the rootio-python-engineio package for Root:PyPI. Multiple fixed versions available...

5.9AI score
Exploits0
Cvelist
Cvelist
added 11 hours ago7 views

CVE-2026-34170 Coolify: Server-Side Request Forgery via attacker-controlled GitHub App API URL

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GithubApp apiurl field is used as the base URL for server-side HTTP requests without allowlisting or private IP blocking, allowing an authenticated user to configure a...

4.3CVSS
Exploits0References1
CVE
CVE
added 11 hours ago11 views

CVE-2026-34170

CVE-2026-34170 affects Coolify before 4.0.0-beta.471, where the GithubApp api_url field is used as the base URL for server-side HTTP requests without proper allowlisting or private IP blocking. An authenticated user can configure a GitHub App source that makes Coolify issue requests to internal s...

4.3CVSS6AI score
Exploits0References1
EUVD
EUVD
added 11 hours ago4 views

EUVD-2026-41997

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GithubApp apiurl field is used as the base URL for server-side HTTP requests without allowlisting or private IP blocking, allowing an authenticated user to configure a...

4.3CVSS6AI score
Exploits0References1
Rows per page
Query Builder