Lucene search
K

7470 matches found

Nuclei
Nuclei
added 8 hours ago87 views

WordPress Laborator Neon Theme 2.0 - Cross-Site Scripting

WordPress Laborator Neon theme 2.0 contains a cross-site scripting vulnerability via the data/autosuggest-remote.php q parameter. id: CVE-2019-20141 info: name: WordPress Laborator Neon Theme 2.0 - Cross-Site Scripting author: knassar702 severity: medium description: WordPress Laborator Neon them...

6.1CVSS6.4AI score0.05008EPSS
Exploits1References5
The Hacker News
The Hacker News
added 4 days ago20 views

GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses

Cybersecurity researchers have flagged a new ransomware family called GodDamn that employs the PoisonX kernel driver to neutralize security software as part of its defense evasion strategy. According to a new report published by the Threat Hunter Team from Symantec, the ransomware was first...

6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 4 days ago6 views

GitLab 13.11 < 18.11.7 / 19.0 < 19.0.4 / 19.1 < 19.1.2 (CVE-2026-6896)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticat...

8.7CVSS6.4AI score0.00282EPSS
Exploits0References5
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-6896 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary scripts in another user's browser...

8.7CVSS0.00282EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 5 days ago7 views

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.10.2 release.

Red Hat Developer Hub 1.10.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

10CVSS7AI score0.01186EPSS
Exploits11References39
Positive Technologies
Positive Technologies
added 5 days ago17 views

PT-2026-56664

Name of the Vulnerable Software and Affected Versions Drupal UI Patterns SDC in Drupal UI versions 2.0.0 through 2.0.17 Description An issue exists where the module does not sufficiently sanitize markup passed to components in certain scenarios, leading to Stored Cross-site Scripting XSS...

6.1AI score0.00254EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-56615

Name of the Vulnerable Software and Affected Versions GitLab EE versions 13.11 through 18.11.6 GitLab EE versions 19.0 through 19.0.3 GitLab EE versions 19.1 through 19.1.1 Description An issue exists where improper sanitization of user-supplied input could allow an authenticated user with...

8.7CVSS6AI score0.00282EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/07/06 8:59 a.m.5 views

CVE-2026-14620

A flaw was found in webpack-dev-server. This vulnerability allows a remote attacker to exploit exposed internal developer endpoints, /webpack-dev-server/open-editor and /webpack-dev-server/invalidate, through cross-origin requests. By visiting a malicious website while the development server is...

4.7CVSS6AI score0.00116EPSS
Exploits0References5
Snyk
Snyk
added 2026/07/04 9:0 p.m.5 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
CVE
CVE
added 2026/06/30 10:38 p.m.62 views

CVE-2026-13929

CVE-2026-13929 : In Google Chrome for Android, DevTools policy enforcement is insufficient, allowing a local attacker to bypass navigation restrictions via a malicious file. Affected component: DevTools navigation/policy enforcement; root cause: insufficient policy enforcement in DevTools prior t...

5.5CVSS5.8AI score0.00131EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/30 3:0 p.m.10 views

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.9.6 release.

Red Hat Developer Hub 1.9.6 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

10CVSS6.7AI score0.01041EPSS
Exploits16References69
OSV
OSV
added 2026/06/30 12:0 a.m.7 views

MAL-2026-6691 Malicious code in polymarket-clob-maths (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign targeting Polymarket developers. polymarket-clob-maths uses a dropper technique: a postinstall hook fetches a remote bundle from trabalhos-flax.vercel.app and executes a syncSession function that runs a...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 12:0 a.m.8 views

Malicious code in polymarket-trading-developer-tools (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign targeting Polymarket developers. polymarket-trading-developer-tools uses a dropper technique: a postinstall hook downloads configuration from pm-trading-dev-tools-be.vercel.app and exfiltrates data to the...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 12:0 a.m.7 views

Malicious code in ts-bn-proto (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign. ts-bn-proto embeds an infostealer payload directly in index.js with a base64-encoded C2 address data-stream.space, executed at install time via a postinstall hook. The payload harvests cryptocurrency wallet...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 12:0 a.m.8 views

Malicious code in polymarket-clob-maths (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign targeting Polymarket developers. polymarket-clob-maths uses a dropper technique: a postinstall hook fetches a remote bundle from trabalhos-flax.vercel.app and executes a syncSession function that runs a...

5.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.5 views

PT-2026-54237

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in DevTools on Windows allows a remote attacker to obtain potentially sensitive information from process memory. This occurs when a user is...

9.6CVSS6AI score0.00413EPSS
Exploits0References448
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.13 views

PT-2026-54392

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in DevTools on Windows allows a remote attacker to obtain potentially sensitive information from process memory. This occurs when a user is...

9.8CVSS6AI score0.00413EPSS
Exploits0References448
OSV
OSV
added 2026/06/29 6:2 a.m.6 views

BIT-GITLAB-2026-5952 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to bypass package protection rules and overwrite...

4.3CVSS5.8AI score0.00195EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 6:0 a.m.4 views

BIT-GITLAB-2026-11379 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 prior to 18.11.6, 19.0 prior to 19.0.3, and 19.1 prior to 19.1.1 in which incorrect authorization in DAST site profile management could allow a user with Developer role to exfiltrate DAST site profile secrets under...

5.3CVSS5.6AI score0.00188EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 6:0 a.m.4 views

BIT-GITLAB-2026-10086 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary client-side code in the context of...

8.7CVSS6.1AI score0.00231EPSS
Exploits0References4
Rows per page
Query Builder