Lucene search
K

649132 matches found

Github Security Blog
Github Security Blog
added 1 hour ago3 views

Ruby CSS Parser: SSRF and Local File Disclosure in `CssParser::Parser#read_remote_file`

Summary CssParser::Parserreadremotefile and therefore loaduri!, and the @import-following branch of addblock! issues HTTP/HTTPS requests against any host, port and URI it is handed, with no scheme allowlist, no host / IP filtering, and no protection against link-local, loopback or RFC‑1918...

Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 3 hours ago11 views

The vulnerabilities in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel allow a hacker to cause a service failure.

The vulnerability in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel systems relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a system failure...

7CVSS6.1AI score0.00121EPSS
Exploits0References5Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 5 hours ago5 views

Security Bulletin: Multiple vulnerabilities affect IBM Cloud Pak System

Summary Multiple vulnerabilities affect IBM Cloud Pak System. These vulnerabilties have been addressed with IBM Cloud Pak System 2.3.5.1. Vulnerability Details CVEID:CVE-2025-9230 DESCRIPTION: Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption c...

8.3CVSS7.5AI score0.01744EPSS
Exploits1Affected Software1
Malwarebytes
Malwarebytes
added 5 hours ago3 views

Turn off this Meta setting before someone generates AI images of you

Every consumer app has a settings menu that lets you make decisions about things like notifications or dark mode. Meta has just decided that anyone can generate AI images of you from your public Instagram account by typing your Instagram handle into a prompt. On July 7, Meta launched its AI image...

5.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 6 hours ago2 views

gstreamer1-plugins-good: GStreamer: Heap buffer overflow in WavPack decoder via integer overflow

A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation 4 blocksamples channels in gstwavpackdechandleframe causes a very small heap allocation. The WavPack library then writes...

7.6CVSS6.4AI score0.003EPSS
Exploits0References4
GithubExploit
GithubExploit
added 6 hours ago12 views

exploitarium

https://discord.gg/WytKH65ZR join up for research, help, documen...

9.2CVSS7.3AI score0.00732EPSS
Exploits11
NVD
NVD
added 6 hours ago4 views

CVE-2026-15000

The Connect Contact Form 7 and Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Mailchimp Merge Field Values in all versions up to, and including, 0.9.78.06 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS
Exploits0References10
IBM Security Bulletins
IBM Security Bulletins
added 7 hours ago3 views

Security Bulletin: IBM Operational Decision Manager for May 2026 - Multiple CVEs addressed

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Operational Decision Manager Vulnerability Details CVEID:CVE-2026-40973 DESCRIPTION: A local attacker on the same host as the application may be able to take contr...

8.7CVSS7.7AI score0.01125EPSS
Exploits1Affected Software1
The Hacker News
The Hacker News
added 7 hours ago3 views

Meta's New AI Image Tool Lets Others Use Your Public Instagram Photos in AI Images

Meta has announced that its new artificial intelligence AI model Muse Image lets people use public Instagram posts and reels to generate AI content, and it's enabled by default. "You can also @-mention Instagram accounts in the Meta AI app to bring specific Instagram profiles right into your...

5.9AI score
Exploits0
CVE
CVE
added 8 hours ago8 views

CVE-2026-15000

The CVE-2026-15000 entry concerns the Connect Contact Form 7 and Mailchimp plugin for WordPress, showing a Stored Cross-Site Scripting vulnerability via Mailchimp Merge Field Values in all versions up to 0.9.78.06. The issue arises from insufficient input sanitization and output escaping, enablin...

7.2CVSS6.2AI score
Exploits0References10
Cvelist
Cvelist
added 8 hours ago5 views

CVE-2026-15000 Connect Contact Form 7 and Mailchimp <= 0.9.78.06 - Unauthenticated Stored Cross-Site Scripting via Mailchimp Merge Field Values

The Connect Contact Form 7 and Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Mailchimp Merge Field Values in all versions up to, and including, 0.9.78.06 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 8 hours ago2 views

CVE-2026-15000

The Connect Contact Form 7 and Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Mailchimp Merge Field Values in all versions up to, and including, 0.9.78.06 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS6.2AI score
Exploits0References11
EUVD
EUVD
added 8 hours ago4 views

EUVD-2026-42523

The Connect Contact Form 7 and Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Mailchimp Merge Field Values in all versions up to, and including, 0.9.78.06 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS6.2AI score
Exploits0References10
Rockylinux
Rockylinux
added 9 hours ago3 views

gstreamer1-plugins-good security update

An update is available for gstreamer1-plugins-good. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GStreamer is a streaming media framework based on graphs of...

7.6CVSS6.2AI score0.003EPSS
Exploits0
Rockylinux
Rockylinux
added 9 hours ago3 views

libsolv security update

An update is available for libsolv. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libsolv packages provide a library for resolving package dependencies usi...

7.8CVSS6.2AI score0.00205EPSS
Exploits1
RedHat Linux
RedHat Linux
added 9 hours ago4 views

podman: Podman: Information disclosure via malicious container image environment variables

A flaw was found in Podman, a tool for managing OCI containers and pods. A malicious container image can be crafted with an environment variable that has a key but no value, or an asterisk , to trick Podman. This vulnerability causes Podman to pass host environment variables into the container...

7.5CVSS5.9AI score0.0026EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 9 hours ago4 views

golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions

A flaw was found in golang.org/x/crypto/ssh/agent. When a key was added to a remote agent, security restrictions, known as constraint extensions, were not properly processed during the request. This allowed these restrictions to be silently removed when keys were forwarded, leading to the...

9.1CVSS6AI score0.00346EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 9 hours ago3 views

golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses

A flaw was found in golang.org/x/crypto/ssh. A remote malicious SSH peer can exploit this by sending unsolicited global request responses, which fills an internal buffer and blocks the connection's read loop. This prevents the associated resources from being released, leading to a resource leak p...

9.1CVSS6.1AI score0.00513EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 9 hours ago4 views

golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey

A flaw was found in golang.org/x/crypto/ssh/knownhosts. This vulnerability occurs because the system did not correctly check for the revocation status of a SignatureKey belonging to a Certificate Authority CA. A remote attacker could potentially exploit this by presenting a revoked key, leading t...

9.1CVSS6AI score0.00469EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 9 hours ago5 views

golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate

A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to...

7.5CVSS5.9AI score0.00369EPSS
Exploits0References8
Rows per page
Query Builder