Lucene search
K

17380 matches found

Krebs on Security
Krebs on Security
added yesterday4 views

Felons, Fraudsters Flog Offensive Cybersecurity Startup

A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platfor...

5.9AI score
Exploits0
Circl
Circl
added last week11 views

CVE-2026-54430

creationtimestamp| type| source ---|---|--- 2026-07-02 13:15:02+00:00| seen| https://cert.pl/en/posts/2026/07/CVE-2026-54430 2026-07-02 23:17:00+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpp62olsut2i 2026-07-03 03:29:23+00:00| seen|...

5.1CVSS5.7AI score0.00121EPSS
Exploits0References3
EUVD
EUVD
added last week7 views

EUVD-2026-41370

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Stored XSS. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References1
Cvelist
Cvelist
added last week32 views

CVE-2026-4772 Stored XSS in TR7's WAF-ASP

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Stored XSS. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117...

5.4CVSS0.00133EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added last week8 views

CVE-2026-4772

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Stored XSS. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added last week32 views

CVE-2026-4770 DOM-Based XSS in TR7's WAF-ASP

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in TR7 Cyber ​​Defense Inc. Web Application Firewall allows DOM-Based XSS. This issue affects Web Application Firewall: from v1.0.42.239 before v1.4.0.117...

4.6CVSS0.00133EPSS
Exploits0References1
EUVD
EUVD
added last week7 views

EUVD-2026-41369

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in TR7 Cyber ​​Defense Inc. Web Application Firewall allows DOM-Based XSS. This issue affects Web Application Firewall: from v1.0.42.239 before v1.4.0.117...

4.6CVSS5.8AI score0.00133EPSS
Exploits0References1
CVE
CVE
added last week13 views

CVE-2026-4770

The CVE-2026-4770 entry concerns TR7 Cyber Defense Inc. Web Application Firewall (WAF). The affected component is the Web Application Firewall, with versions from 1.0.42.239 up to, but not including, 1.4.0.117. The vulnerability is a DOM-Based Cross-Site Scripting (XSS) issue arising from imprope...

4.6CVSS5.8AI score0.00133EPSS
Exploits0References1
Circl
Circl
added last week6 views

CVE-2026-13876

creationtimestamp| type| source ---|---|--- 2026-07-02 07:22:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260702 2026-07-06 07:17:35+00:00| seen| https://www.hkcert.org/security-bulletin/microsoft-edge-multiple-vulnerabilities20260706...

6.5CVSS5.9AI score0.00227EPSS
Exploits0References2
Circl
Circl
added last week5 views

CVE-2026-45997

creationtimestamp| type| source ---|---|--- 2026-07-02 06:45:27+00:00| seen| https://www.hkcert.org/security-bulletin/ubuntu-linux-kernel-multiple-vulnerabilities20260702 2026-07-06 06:16:13+00:00| seen| https://www.hkcert.org/security-bulletin/debian-linux-kernel-multiple-vulnerabilities20260706...

5.5CVSS5.9AI score0.00123EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/02 12:0 a.m.5 views

Malicious code in @marketfront/infopopup (npm)

The @marketfront/infopopup package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6.1AI score
Exploits0References2
Circl
Circl
added 2026/07/01 2:51 a.m.6 views

CVE-2026-39868

creationtimestamp| type| source ---|---|--- 2026-07-01 02:51:08+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0818 2026-07-01 16:00:58+00:00| seen| https://www.thezdi.com/blog/2026/6/30/the-june-2026-apple-security-update-review 2026-07-02 01:00:42+00:00| seen|...

9.1CVSS7.1AI score0.00371EPSS
Exploits0References5
Circl
Circl
added 2026/07/01 2:43 a.m.5 views

CVE-2026-53236

creationtimestamp| type| source ---|---|--- 2026-07-01 02:43:43+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0812 2026-07-06 06:51:22+00:00| seen| https://www.hkcert.org/security-bulletin/debian-linux-kernel-multiple-vulnerabilities20260706...

5.5CVSS5.9AI score0.0018EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/29 1:24 p.m.5 views

WordPress Lighthouse theme <= 1.2.12 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Lighthouse versions = 1.2.12...

8.1CVSS5.8AI score0.00282EPSS
Exploits0Affected Software1
Circl
Circl
added 2026/06/25 1:37 p.m.6 views

CVE-2018-20596

creationtimestamp| type| source ---|---|--- 2026-06-25 13:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mp4kfcn3oa2j...

9.8CVSS7.3AI score0.01142EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/06/24 8:55 a.m.9 views

DoJ Seizes Huione Cloud Account Tied to Cyber Scam Money Laundering

The U.S. Department of Justice DoJ on Tuesday announced the seizure of a cloud computing account put to use by subsidiaries of Cambodia-based corporate conglomerate HuiOne Group, as the Treasury unveiled fresh sanctions against nine individuals and 26 entities linked to Prince Group. "These...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/23 3:56 a.m.11 views

OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws

OpenAI on Monday said it's releasing an improved version of its GPT‑5.5‑Cyber model to trusted defenders as part of the Daybreak initiative the artificial intelligence AI company announced last month. Calling GPT‑5.5‑Cyber its "strongest model yet for finding and helping patch software...

7.5CVSS6.1AI score0.07237EPSS
Exploits0
EUVD
EUVD
added 2026/06/22 12:31 a.m.9 views

EUVD-2026-38198

A security vulnerability has been detected in Radware Cyber Controller up to 10.11.0. This affects an unknown part of the component HTML Report Generation. The manipulation leads to HTML injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be...

5.1CVSS5.3AI score0.00195EPSS
Exploits0References5
NVD
NVD
added 2026/06/21 11:16 p.m.10 views

CVE-2026-12812

A security vulnerability has been detected in Radware Cyber Controller up to 10.11.0. This affects an unknown part of the component HTML Report Generation. The manipulation leads to HTML injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be...

5.1CVSS0.00195EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/21 10:15 p.m.22 views

CVE-2026-12812 Radware Cyber Controller HTML Report Generation HTML injection

A security vulnerability has been detected in Radware Cyber Controller up to 10.11.0. This affects an unknown part of the component HTML Report Generation. The manipulation leads to HTML injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be...

5.1CVSS0.00195EPSS
Exploits0References4
Rows per page
Query Builder