Lucene search
K

304344 matches found

RedhatCVE
RedhatCVE
added 5 days ago5 views

CVE-2026-41696

A flaw was found in Spring Data MongoDB. Repository query methods that use regular expression regex parameter binding perform insufficient validation of the bound parameter. A remote attacker can exploit this by supplying a crafted string, which could lead to breaking out of the intended regular...

5.9CVSS5.8AI score0.00262EPSS
Exploits0References4
The Hacker News
The Hacker News
added 5 days ago15 views

Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS hosts. "This attack avoids the most common npm execution paths through lifecycle scripts, perhaps...

6.3AI score
Exploits0
OSV
OSV
added 5 days ago6 views

MAL-2026-6572 Malicious code in rebrandly-domains-digger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d1744d2a299b9ef0526f49b4b2297fcd6c72581c51a3359801db56318d8cfda The package declares a preinstall hook that runs node callback.js. On npm install, callback.js collects installer-side identifiers — os.hostname,...

5.8AI score
Exploits0References2
OSV
OSV
added 5 days ago4 views

MAL-2026-6573 Malicious code in rebrandly-domains-search-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d4464320c8530d582d35f85ce95045182d82e1dd63a830644bcb68f05bdf10e Package [email protected] is an empty module index.js exports an empty object whose package.json preinstall hook runs node...

5.8AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago10 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana within Instana Agent container image build 1.0.320 Vulnerability Details CVEID:CVE-2026-42009 DESCRIPTION: A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Securit...

9.8CVSS7.4AI score0.01335EPSS
Exploits2Affected Software1
RedHat Linux
RedHat Linux
added 5 days ago10 views

libxslt: use-after-free with key data stored cross-RVT

A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash...

5.5CVSS6AI score0.00161EPSS
Exploits0References6
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-40020

A weakness has been identified in GPAC up to 26.02.0. This affects an unknown part of the file src/utils/baseencoding.c of the component ISOBMFF Parser. Executing a manipulation can lead to highly compressed data. The attack needs to be launched locally. The exploit has been made available to the...

4.8CVSS5.3AI score0.00112EPSS
Exploits0References8
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-13523 GPAC ISOBMFF base_encoding.c data amplification

A weakness has been identified in GPAC up to 26.02.0. This affects an unknown part of the file src/utils/baseencoding.c of the component ISOBMFF Parser. Executing a manipulation can lead to highly compressed data. The attack needs to be launched locally. The exploit has been made available to the...

4.8CVSS0.00112EPSS
Exploits0References8
CVE
CVE
added 5 days ago14 views

CVE-2026-13523

GPAC (up to 26.02.0) is affected in the ISOBMFF Parser component, specifically the file src/utils/base_encoding.c. A manipulation can lead to data amplification, with local access required. The issue has a publicly available exploit and a remediation patch has been released. Vendor-provided fix a...

4.8CVSS5.3AI score0.00112EPSS
Exploits0References8
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-40010

A security flaw has been discovered in MyScale MyScaleDB up to 1.8.0. This vulnerability affects the function SegmentId::getCacheKey in the library src/VectorIndex/Common/SegmentId.h. The manipulation results in insufficient verification of data authenticity. It is possible to launch the attack...

5CVSS5.4AI score0.00133EPSS
Exploits0References8
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-40004

A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function strtouint64 of the file openviking/storage/vectordb/utils/strtouint64.py of the component Local VectorDB Primary-key Label Handler. The manipulation of the argument ID results in insufficient verificatio...

5CVSS5.5AI score0.00138EPSS
Exploits0References8
NVD
NVD
added 5 days ago8 views

CVE-2026-13513

A security flaw has been discovered in MyScale MyScaleDB up to 1.8.0. This vulnerability affects the function SegmentId::getCacheKey in the library src/VectorIndex/Common/SegmentId.h. The manipulation results in insufficient verification of data authenticity. It is possible to launch the attack...

5CVSS0.00133EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-53284

Name of the Vulnerable Software and Affected Versions phpUploader versions prior to 2.0.2 Description An unauthenticated information disclosure exists where remote attackers can access the full contents of the uploaded-files database table by visiting any page of the application. The index model...

8.7CVSS5.8AI score0.00365EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-53269

Name of the Vulnerable Software and Affected Versions FrontAccounting versions prior to 2.4.20 Description An issue exists in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data. By injecting UNION SELECT payloads into the PARAM 0 POST paramete...

7.1CVSS6AI score0.00148EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 5 days ago10 views

PT-2026-53711

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A permissions issue exists where visiting a website may leak sensitive data. This was addressed by...

6.5CVSS5.9AI score0.00312EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-53659

Name of the Vulnerable Software and Affected Versions Gorse versions prior to 0.5.10 Description An authentication bypass exists in the HTTP API when the admin api key is left empty, which is the default configuration. This occurs because improper input validation treats an empty key as a disabli...

9.8CVSS5.8AI score0.03016EPSS
Exploits2References9
Redos
Redos
added 5 days ago4 views

ROS-20260629-73-0005

The vulnerability in ImageMagick is related to a lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

9.2CVSS6AI score0.00895EPSS
Exploits0
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-53692

Name of the Vulnerable Software and Affected Versions AWS Application Load Balancer affected versions not specified Description Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer when AWS WAF is enabled may allow remote actors to bypass managed rule body inspection. B...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References10
Circl
Circl
added 6 days ago8 views

CVE-2026-13512

creationtimestamp| type| source ---|---|--- 2026-06-28 23:34:59+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mpf575sg2g25 2026-06-29 01:58:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpff7uizmg27...

6.5CVSS6.6AI score0.0022EPSS
Exploits0References2
CVE
CVE
added 6 days ago12 views

CVE-2026-13513

Summary: CVE-2026-13513 affects MyScale MyScaleDB up to 1.8.0, impacting SegmentId::getCacheKey in src/VectorIndex/Common/SegmentId.h. The issue is described as insufficient verification of data authenticity and can be exploited remotely with high attack complexity; exploit maturity is labeled as...

5CVSS5.4AI score0.00133EPSS
Exploits0References7
Rows per page
Query Builder