Lucene search
K

6471 matches found

CNNVD
CNNVD
added 2026/06/05 12:0 a.m.8 views

Termix 安全漏洞

Termix is a server management platform developed by Karmaa’s individual developers. Versions of Termix 1.7.0 and later contain security vulnerabilities. These vulnerabilities stem from the disabling of TLS certificate verification, which may allow man-in-the-middle attackers to intercept and modi...

8CVSS5.4AI score0.00168EPSS
Exploits1References2
HackRead
HackRead
added 2026/06/04 10:53 a.m.20 views

Five Eyes Warns Chinese Spies Are Using Fake Job Ads to Target Military Staff

Five Eyes warns that Chinese spies are using fake job ads on LinkedIn, Indeed, and Upwork to target military staff and steal sensitive data...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.10 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the ability to access internal multimedia session archives without authentication, and lax cross-site resource sharing rules...

8.8CVSS5.2AI score0.00257EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/06/02 6:21 p.m.25 views

Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine

The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation. Per Sekoia, the activity involves the weaponization of CVE-2025-8088, a path traversal flaw in WinRAR,...

8.8CVSS6.5AI score0.80906EPSS
Exploits35
Malwarebytes
Malwarebytes
added 2026/06/02 9:3 a.m.26 views

Fake virus alerts are invading mobile games

Sometimes it happens. You’re happily playing a game on your phone or laptop when suddenly alarms pop up out of nowhere: " Your device is infected!" " Your iCloud is full!" " Your account is restricted for watching porn!" Some games can be played for free if you agree to watch ads, and in others y...

5.7AI score
Exploits0
HackRead
HackRead
added 2026/06/01 10:46 a.m.19 views

Fake Purchase Order Emails Spread Fileless PureLogs Malware via RAR Archives

Hackers are using fake purchase order emails and process hollowing to deploy fileless PureLogs malware to steal Windows users' browser, crypto, and Discord data...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/30 5:6 p.m.23 views

Malicious code in discord-ban (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4e19806a65bf83b5648eb280baedca899972d98e8c3f921080390458e8394413 Package steals data from web browsers credentials, credit cards, history, ... --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

5.8AI score
Exploits0References1
Wired Threat Level
Wired Threat Level
added 2026/05/30 10:30 a.m.36 views

Cybercrime Crew Claims It Hacked Mike Lindell’s MyPillow

Plus: A ransomware group is now stealing data in person, BusPatrol wants to hand its license plate surveillance data to the cops, and more...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/05/29 4:41 p.m.37 views

CVE-2026-6824 CP Plus 8 Ch. Network Video Recorder Cross-site Scripting

A stored cross-site scripting XSS vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can inject malicious scripts, which are then persistently stored on the device backend. When administrators o...

8.4CVSS0.00373EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

CP Plus CP Series 跨站脚本漏洞

The CP Plus CP Series is a series of video surveillance and security device products developed by CP Plus Company. The CP Plus CP Series contains a cross-site scripting vulnerability. This vulnerability stems from insufficient input cleaning in certain functional modules, allowing attackers to...

8.4CVSS5.7AI score0.00373EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/28 12:0 a.m.21 views

Malicious code in @cloudplatform-single-spa/paas-redis (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

5.8AI score
Exploits0References1
The Hacker News
The Hacker News
added 2026/05/27 11:48 a.m.27 views

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control C2 channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages and extensions. "Since...

6.2AI score
Exploits0
NVD
NVD
added 2026/05/27 4:16 a.m.27 views

CVE-2026-48999

Attackers carefully craft malicious scripts, such as JavaScript, and inject them into target systems; when other users access pages containing such malicious content, the scripts are automatically loaded and executed in the victim's browser.Attackers can thereby steal user cookies, hijack session...

5.7CVSS0.00169EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/27 4:13 a.m.5 views

SUSE CVE-2023-46575

A SQL injection vulnerability exists in Meshery prior to version v0.6.179, enabling a remote attacker to retrieve sensitive information and execute arbitrary code through the “order” parameter...

9.8CVSS7.7AI score0.01276EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/27 2:25 a.m.9 views

CVE-2026-48999 Stored Cross-Site Scripting (XSS) vulnerability in ZTE ZXUniPOS NDS-LTE product

Attackers carefully craft malicious scripts, such as JavaScript, and inject them into target systems; when other users access pages containing such malicious content, the scripts are automatically loaded and executed in the victim's browser.Attackers can thereby steal user cookies, hijack session...

5.7CVSS5.9AI score0.00169EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 2:25 a.m.18 views

EUVD-2026-32041

Attackers carefully craft malicious scripts, such as JavaScript, and inject them into target systems; when other users access pages containing such malicious content, the scripts are automatically loaded and executed in the victim's browser.Attackers can thereby steal user cookies, hijack session...

5.7CVSS5.9AI score0.00169EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.13 views

PT-2026-43489

Attackers carefully craft malicious scripts, such as JavaScript, and inject them into target systems; when other users access pages containing such malicious content, the scripts are automatically loaded and executed in the victim's browser.Attackers can thereby steal user cookies, hijack session...

5.3CVSS5.9AI score0.00169EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/26 4:56 p.m.13 views

EUVD-2026-31895

Twenty is an open source CRM. In 1.18.0 and earlier, the file serving endpoints in Twenty CRM at /files/ and /file/:fileFolder/:id serve uploaded files using fileStream.piperes without setting any Content-Type, Content-Disposition, or X-Content-Type-Options response headers. This allows an...

8.7CVSS5.8AI score0.00258EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.16 views

PT-2026-43301

Name of the Vulnerable Software and Affected Versions Twenty versions prior to 1.18.1 Description An issue exists in the file serving endpoints '/files/' and '/file/:fileFolder/:id' where uploaded files are served using fileStream.piperes without specifying Content-Type, Content-Disposition, or...

8.7CVSS5.8AI score0.00258EPSS
Exploits1References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 6:46 p.m.12 views

Malicious code in peertube-plugin-google-analytics-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c66b6ebad55556f956fbc181293327eb4051d2ec6de6436a24d027fac58e580 This PeerTube plugin advertises itself as a Google Analytics integration but its client-side script client/common-client-plugin.js:8 registers a...

5.8AI score
Exploits0References1
Rows per page
Query Builder