Lucene search
K

6794 matches found

Nuclei
Nuclei
added yesterday77 views

Gogs <= 0.13.3 - Remote Code Execution

Gogs self-hosted Git service versions 0.13.3 and earlier contain a critical symlink bypass vulnerability that circumvents the fix for CVE-2024-55947. Authenticated users can exploit improper symbolic link handling in the PutContents API to overwrite files outside the repository by committing a...

8.8CVSS7.6AI score0.7654EPSS
Exploits18References4
Circl
Circl
added 3 days ago4 views

CVE-2026-39868

creationtimestamp| type| source ---|---|--- 2026-07-01 02:51:08+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0818 2026-07-01 16:00:58+00:00| seen| https://www.thezdi.com/blog/2026/6/30/the-june-2026-apple-security-update-review 2026-07-02 01:00:42+00:00| seen|...

9.1CVSS7.1AI score0.00371EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 9:36 p.m.22 views

CVE-2026-9776

ATEN Unizon contains a directory traversal flaw in writeFileToHttpServletResponse that allows remote disclosure of sensitive information without authentication. The issue stems from improper validation of a user-supplied path used in file operations, enabling an attacker to access data in the SYS...

7.5CVSS7AI score0.0158EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-52125

Name of the Vulnerable Software and Affected Versions ATEN Unizon affected versions not specified Description An issue in the ImportDeviceList method allows authenticated remote attackers to execute arbitrary code in the context of SYSTEM. This occurs due to insufficient validation of a...

7.2CVSS7.5AI score0.01477EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 5:57 p.m.66 views

Security Bulletin: MySQL 0-day exploit (CVE-2016-6662)

Question Security Bulletin: MySQL 0-day exploit CVE-2016-6662 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All Versions","Edition":"","Line of...

10CVSS8.4AI score0.6773EPSS
Exploits16Affected Software1
The Hacker News
The Hacker News
added 2026/06/17 12:36 p.m.17 views

Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development

Microsoft has formally disclosed that it's working to release a patch to address a Defender zero-day codenamed RoguePlanet. The vulnerability has now been assigned the CVE identifier CVE-2026-50656 CVSS score: 7.8, with the tech giant describing it as a privilege escalation flaw. "Microsoft is...

7.8CVSS5.6AI score0.03391EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/06/17 7:38 a.m.26 views

145 Mastra npm Packages Compromised via Hijacked Contributor Account

As many as 145 npm packages associated with the Mastra namespace "@mastra/", a popular open-source JavaScript and TypeScript framework for building artificial intelligence AI applications, have been compromised as part of a software supply chain attack codenamed easy-day-js , per findings from...

6AI score
Exploits0
NCSC
NCSC
added 2026/06/16 1:13 p.m.16 views

Vulnerabilities found in Check Point Remote and Mobile Access VPN-products

Check Point has identified vulnerabilities in Remote and Mobile Access VPN products, specifically those implemented using the IKEv1 key exchange protocol. Two vulnerabilities have been identified in Check Point Security Gateways and Remote Access VPN environments that utilize the outdated IKEv1...

9.3CVSS6AI score0.70099EPSS
Exploits5References3
The Hacker News
The Hacker News
added 2026/06/15 1:49 p.m.21 views

⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More

Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod. This week is the same lesson in a new form: phishing kits are easier to rent, AI names are useful bait, old login paths still fail, and forgotten...

8.8CVSS7.4AI score0.01654EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.17 views

PT-2026-49259

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager affected versions not specified Description A directory or path traversal issue exists in the web UI of Cisco Catalyst SD-WAN Manager formerly SD-WAN vManage. The flaw stems from improper validation of user-suppli...

6.8CVSS6.3AI score0.07683EPSS
Exploits2References81
Wired Threat Level
Wired Threat Level
added 2026/06/13 10:30 a.m.21 views

The FCC Wants to Kill Burner Phones

Plus: AI bug hunting fuels Microsoft’s biggest-ever Patch Tuesday, ShinyHunters ransomware gang exploits an Oracle zero-day, and more...

5.3AI score
Exploits0
HackRead
HackRead
added 2026/06/12 2:6 p.m.9 views

ShinyHunters Target Universities in Oracle PeopleSoft Zero-Day Attack

Google says ShinyHunters exploited Oracle PeopleSoft zero-day to steal data from 100+ organisations, with universities making up most victims...

5.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2026/06/12 1:43 p.m.11 views

Active Exploitation of Oracle PeopleSoft Zero-Day (CVE-2026-35273)

Overview On June 10, 2026, Oracle published a security alert for CVE-2026-35273, a critical vulnerability in the Updates Environment Management component of PeopleSoft Enterprise PeopleTools. Oracle released an out-of-band patch the same day as the advisory, underscoring the urgency of remediatio...

9.8CVSS6.9AI score0.9233EPSS
Exploits3
OSV
OSV
added 2026/06/12 12:25 p.m.8 views

OESA-2026-2638 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: A vulnerability was found in Apache HTTP Server Web Server affected version not known. It has been rated as critical.Using CWE to declare the problem leads to CWE-404. The product does not release or...

7.5CVSS5.2AI score0.11471EPSS
Exploits7References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.14 views

Fedora 43 : xorg-x11-server-Xwayland (2026-557e726e74)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-557e726e74 advisory. Update to xwayland 24.1.12, Security fixes for: ZDI-CAN-30136, ZDI-CAN-30159, ZDI-CAN-30160, ZDI-CAN-30161, ZDI-CAN-30163, ZDI-CAN-30164, ZDI-CAN-30165,...

5.5AI score
Exploits0References1
The Hacker News
The Hacker News
added 2026/06/11 8:29 p.m.19 views

ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities

The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities hardest. Google's Mandiant attributes it to the group it tracks as UNC6240, and dates the activity...

9.8CVSS6.6AI score0.9233EPSS
Exploits3
Packet Storm News
Packet Storm News
added 2026/06/11 12:0 a.m.15 views

DIG: Oracle-Guided Directed Input Generation for One-Day Vulnerabilities

One-day vulnerabilities pose significant risks due to delayed or incomplete patch adoption. Generating proof-of-concept PoC inputs is therefore essential for assessing real-world impact. The key challenge is identifying necessary constraints for triggering the vulnerability and solving them...

5.4AI score
Exploits0
Opera Security Advisories
Opera Security Advisories
added 2026/06/11 12:0 a.m.19 views

Update your browser: Security fix for Chrome zero-day CVE-2026-11645

News, Security Update your browser: Security fix for Chrome zero-day CVE-2026-11645 Share June 11th, 2026 Hi everyone! The latest patches to Opera’s browsers address several recent vulnerabilities, including a zero-day exploit CVE-2026-11645. We recommend updating your browsers to the latest...

8.8CVSS7.3AI score0.01654EPSS
Exploits4References1
The Hacker News
The Hacker News
added 2026/06/10 9:38 a.m.22 views

Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs

Microsoft on Tuesday released fixes for a record 206 security vulnerabilities impacting its software portfolio, including three flaws that have been publicly disclosed at the time of release. Of the 206 flaws, 39 are rated Critical, and 167 are rated Important in severity. This includes 63...

9.8CVSS7.3AI score0.48438EPSS
Exploits5
The Hacker News
The Hacker News
added 2026/06/10 5:22 a.m.114 views

Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows

The anonymous security researcher going by the name Chaotic Eclipse aka Nightmare-Eclipse has released a proof-of-concept PoC exploit for yet another Microsoft Defender zero-day named RoguePlanet. "The exploit is a race condition, so it's a hit or miss," the researcher, who published the exploit...

7.8CVSS6.4AI score0.08371EPSS
Exploits2
Rows per page
Query Builder