Lucene search
+L

3677 matches found

OSV
OSV
added 2026/06/15 11:36 a.m.12 views

MAL-2026-5831 Malicious code in unicocheck-ios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bafc91c569cf42c5f1ff68531a8d5238919f595368ffa90b7d4e5bcc74fe9788 package.json declares a preinstall lifecycle script that runs curl against https://webhook.site/fe1246c2-ac04-4493-b223-fe34ba26b79f with query...

5.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 11:36 a.m.24 views

Malicious code in unicocheck-ios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bafc91c569cf42c5f1ff68531a8d5238919f595368ffa90b7d4e5bcc74fe9788 package.json declares a preinstall lifecycle script that runs curl against https://webhook.site/fe1246c2-ac04-4493-b223-fe34ba26b79f with query...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/15 12:0 a.m.28 views

Linux Distros Unpatched Vulnerability : CVE-2026-52719

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the...

7.1CVSS6AI score0.00301EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.7 views

SUSE SLES15 Security Update : glibc (SUSE-SU-2026:2333-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2333-1 advisory. This update for glibc fixes the following issues - CVE-2026-4046: assertion failure when converting inputs may be used to remotely...

9.8CVSS5.5AI score0.00502EPSS
Exploits3References10
CVE
CVE
added 2026/06/12 9:3 p.m.33 views

CVE-2026-49397

CVE-2026-49397 affects Nezha Monitoring (2.x). Private services (EnableShowInService: false) are leaked via per-server endpoints and service history endpoints due to inconsistent filtering: CopyStats() hides private services in the public listing, but Get/GetSortedList() and endpoints like GET /a...

5.3CVSS5.2AI score0.00253EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 8:25 p.m.20 views

CVE-2026-45085

CVE-2026-45085 affects Discourse with the chat plugin (calendar-capable variant also involved). The issues span four authorization/disclosure problems observed in versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1. They include:...

5.3CVSS5.3AI score0.00213EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/12 2:17 p.m.11 views

CVE-2026-47141 vm2: NodeVM observability builtins leak host process and HTTP request data

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The diagnosticschannel, asynchooks, and perfhooks builtins are not blocked by the dangerous builtin denylist. These modules...

6.9CVSS5.3AI score0.00308EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 2:17 p.m.3 views

CVE-2026-47141 vm2: NodeVM observability builtins leak host process and HTTP request data

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The diagnosticschannel, asynchooks, and perfhooks builtins are not blocked by the dangerous builtin denylist. These modules...

6.9CVSS6AI score0.00308EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/11 8:48 p.m.9 views

CVE-2026-12025

Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

5.5AI score0.00227EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/11 8:48 p.m.38 views

CVE-2026-12025

Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

0.00227EPSS
Exploits0References2
HackRead
HackRead
added 2026/06/11 8:5 p.m.18 views

ShinyHunters Leak 40GB of University of Nottingham Student Data

ShinyHunters hackers leak 40GB of University of Nottingham personal and financial data, allegedly impacting 450,000 students and staff records...

5.4AI score
Exploits0
EUVD
EUVD
added 2026/06/11 6:47 p.m.9 views

EUVD-2025-210110

An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to leak sensitive user information...

5.3CVSS5.4AI score0.0023EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 6:47 p.m.9 views

CVE-2025-46308

An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to leak sensitive user information...

5.4AI score0.0023EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/11 12:21 p.m.9 views

WordPress Fortis For WooCommerce plugin < 1.3.1 - Sensitive API Key Disclosure vulnerability

Sensitive API Key Disclosure vulnerability discovered by WPScan Team in WordPress Plugin Fortis for WooCommerce versions 1.3.1...

7.5CVSS5.4AI score0.00404EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

Cerebrate 信息泄露漏洞

Cerebrate is an open-source platform developed by Cerebrate. It aims to act as an interconnected coordinator for trusted contact information providers and other security tools. Prior to version 1.37 of Cerebrate, there was a vulnerability involving information leakage, which stemmed from exposing...

5.1CVSS5.3AI score0.00242EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/10 5:38 p.m.10 views

keycloak-rhel9: Organization Data Leak After Feature Disabled in Keycloak

A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect OIDC token with the 'organization' scope. This allows organization metadata to be disclosed in...

4.3CVSS5.3AI score0.00214EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2026/06/10 8:42 a.m.6 views

Security update for glibc

This update for glibc fixes the following issues CVE-2026-4046: assertion failure when converting inputs may be used to remotely crash an application bsc1261206. CVE-2026-5450: stdio-common: scanf %mc pattern will cause heap overflow when width 1024 bsc1262465. CVE-2026-5928: libio: ungetwc could...

8.7CVSS5.5AI score0.00502EPSS
Exploits3References12
OSV
OSV
added 2026/06/10 8:42 a.m.4 views

SUSE-SU-2026:2333-1 Security update for glibc

This update for glibc fixes the following issues - CVE-2026-4046: assertion failure when converting inputs may be used to remotely crash an application bsc1261206. - CVE-2026-5450: stdio-common: scanf %mc pattern will cause heap overflow when width 1024 bsc1262465. - CVE-2026-5928: libio: ungetwc...

9.8CVSS5.5AI score0.00502EPSS
Exploits3References7
OSV
OSV
added 2026/06/09 8:25 p.m.13 views

MAL-2026-5472 Malicious code in getd-web-corporativa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6751d3ca04c2ae596f7e809e339770edaed576060d361c061311960b0a3a7033 On npm install, postinstall.js performs an HTTPS GET to a hardcoded webhook.site receiver, leaking the installer's hostname, OS username, platform,...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:16 p.m.14 views

Malicious code in ac_semantic-ui_ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8b97f7d3e69494d0415e13aec8d9d51ce1f5912d8c1de45a1e563e2d1b01d3d package.json declares a postinstall hook that runs canary.js, which issues an HTTP GET to bare IP 157.230.17.236 on port 80 with query parameters...

5.4AI score
Exploits0References1
Rows per page
Query Builder