Lucene search
K

7864 matches found

Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.10 views

PT-2026-25958

Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment v54.9.0 and below on all platforms allows any user who has bypassed the firewall to potentially replace droplets and therefore applications allowing them to access secure application information...

7.5CVSS5.8AI score0.00199EPSS
Exploits0References3
Cloud Foundry
Cloud Foundry
added 2026/03/17 12:0 a.m.7 views

CVE-2026-22727 - Unprotected internal endpoints | Cloud Foundry

Severity HIGH CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 Vendor CloudFoundry Foundation Versions Affected Capi Release: 1.226.0 and below CF Deployment: v5 4.9.0 and below Description An attacker with access to the Cloud Foundry internal network could potentially inject malicious code into ...

7.5CVSS5.9AI score0.00199EPSS
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/03/16 4:0 p.m.5 views

Help on the line: How a Microsoft Teams support call led to compromise

In our eighth Cyberattack Series report, Microsoft Incident Response—the Detection and Response Team DART—investigates a recent identity-first, human-operated intrusion that relied less on exploiting software vulnerabilities and more on deception and legitimate tools. After a customer reached out...

6.2AI score
Exploits0
Cvelist
Cvelist
added 2026/03/16 1:27 p.m.22 views

CVE-2025-10461 Global file reads caused by improper URL checks in webserver

Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker filesystem modules allows file access. This issue affects smartLink SW-HT: through 1.42 smartLink SW-PN: through 1.03...

5.3CVSS0.00369EPSS
Exploits0References2
CVE
CVE
added 2026/03/16 1:27 p.m.19 views

CVE-2025-10461

The CVE-2025-10461 affects Softing Industrial Automation GmbH smartLinks running in Docker (filesystem modules), where improper URL checks enable global file reads. Affected versions: smartLink SW-HT up to 1.42 and smartLink SW-PN up to 1.03. Root cause is insufficient URL validation allowing acc...

5.3CVSS5.8AI score0.00369EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.5 views

PT-2026-25710

Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker filesystem modules allows file access. This issue affects smartLink SW-HT: through 1.42 smartLink SW-PN: through 1.03...

5.3CVSS5.8AI score0.00369EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/03/16 12:0 a.m.3 views

Evasive Intelligence: Lessons from Malware Analysis for Evaluating AI Agents

Artificial intelligence AI systems are increasingly adopted as tool-using agents that can plan, observe their environment, and take actions over extended time periods. This evolution challenges current evaluation practices where the AI models are tested in restricted, fully observable settings. I...

5.8AI score
Exploits0
OSV
OSV
added 2026/03/13 3:47 p.m.3 views

GHSA-8JHH-JCQG-MJ5P OpenClaw: Channel commands could bypass account-scoped `configWrites` restrictions

Summary In affected versions of openclaw, channel-initiated config mutations were authorized against the originating account's configWrites policy but did not consistently re-check the targeted account scope. An authorized sender on one account could mutate protected sibling-account configuration...

6.5CVSS5.9AI score
Exploits0References3
GithubExploit
GithubExploit
added 2026/03/13 10:19 a.m.122 views

Exploit for CVE-2026-1311

CVE-2026-1311 CVE-2026-1311 Sample PHP Payload Files...

8.8CVSS5.9AI score0.00734EPSS
Exploits1
NCSC
NCSC
added 2026/03/12 2:42 p.m.8 views

Vulnerabilities fixed in GitLab

GitLab fixed vulnerabilities in versions 18.9.2, 18.8.6 and 18.7.6 The vulnerabilities included several issues, including incorrect authorization checks that allowed authenticated users to access sensitive data, such as metadata from private repositories, and enabling denial-of-service situations...

8.7CVSS5.8AI score0.00523EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/12 2:23 p.m.10 views

EUVD-2026-11383

ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle...

5.3CVSS5.8AI score0.00278EPSS
Exploits0References2
Veeam
Veeam
added 2026/03/12 12:0 a.m.39 views

Vulnerabilities Resolved in Veeam Backup & Replication 13.0.1.2067

All vulnerabilities documented in this article were resolved in Veeam Backup & Replication 13.0.1.2067. Veeam Software Security Commitment Veeam® is committed to ensuring its products protect customers from potential risks. As part of that commitment, we operate a Vulnerability Disclosure Program...

9.9CVSS7.7AI score0.01329EPSS
Exploits0Affected Software1
Microsoft Secure
Microsoft Secure
added 2026/03/11 9:0 p.m.12 views

Contagious Interview: Malware delivered through fake developer job interviews

Microsoft Defender Experts has observed the Contagious Interview campaign, a sophisticated social engineering operation active since at least December 2022. Microsoft continues to detect activity associated with this campaign in recent customer environments, targeting software developers at...

6.4AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/03/11 9:0 p.m.21 views

Contagious Interview: Malware delivered through fake developer job interviews

Microsoft Defender Experts has observed the Contagious Interview campaign, a sophisticated social engineering operation active since at least December 2022. Microsoft continues to detect activity associated with this campaign in recent customer environments, targeting software developers at...

6.3AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/11 7:25 p.m.4 views

CVE-2026-31957 Himmelblau unset domain configuration can allow any-tenant authentication at first login for remote deployments

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for...

10CVSS5.9AI score0.00501EPSS
Exploits0References1
NVD
NVD
added 2026/03/11 5:16 p.m.4 views

CVE-2025-12555

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that, under certain conditions, could have allowed an authenticated user to access previous pipeline job information on projects with repository and CI/CD...

4.3CVSS0.00243EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/03/11 4:7 p.m.6 views

CVE-2025-12555

Removed by vendor...

4.3CVSS5.8AI score0.00243EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/03/11 12:24 a.m.14 views

Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access

Description: Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including private/internal IP ranges RFC 1918, localhost, or cloud metadata endpoints. This enables...

8.8CVSS5.8AI score0.023EPSS
Exploits1References3Affected Software2
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.8 views

PT-2026-24721

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that, under certain conditions, could have allowed an authenticated user to access previous pipeline job information on projects with repository and CI/CD...

4.3CVSS5.8AI score0.00243EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/03/10 6:48 p.m.6 views

MCP Atlassian has SSRF via unvalidated X-Atlassian-Jira-Url / X-Atlassian-Confluence-Url headers

Summary An unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to an arbitrary attacker-controlled URL by supplying two custom HTTP headers without an Authorization header. No authentication is required. The...

8.2CVSS6.1AI score0.13589EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder