Lucene search
K

1543 matches found

EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43050

Missing Authorization vulnerability in Drupal Examples for Developers allows Forceful Browsing. This issue affects Examples for Developers versions: from 0.0.0 to 4.0.6...

6.1AI score0.00142EPSS
Exploits0References2
OSV
OSV
added 4 days ago4 views

CVE-2026-11909 Examples for Developers - Moderately critical - Access bypass - SA-CONTRIB-2026-044

Missing Authorization vulnerability in Drupal Examples for Developers allows Forceful Browsing. This issue affects Examples for Developers versions: from 0.0.0 to 4.0.6...

3.3CVSS6.1AI score0.00142EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56950

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Brook brook allows PHP Local File Inclusion.This issue affects Brook: from n/a through = 2.9.0...

7.5CVSS6.1AI score0.00496EPSS
Exploits0References3
NVD
NVD
added 6 days ago7 views

CVE-2026-6896

GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary scripts in another user's browser...

8.7CVSS0.00282EPSS
Exploits0References3
CVE
CVE
added 6 days ago33 views

CVE-2026-6896

CVE-2026-6896 affects GitLab Enterprise Edition (GitLab EE). The issue is an improper sanitization of user-supplied input that could allow an authenticated user with developer -role permissions to run arbitrary scripts in another user’s browser session (a cross-site scripting scenario). Affected ...

8.7CVSS6.2AI score0.00282EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 6 days ago9 views

EUVD-2026-42407

GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary scripts in another user's browser...

8.7CVSS6.2AI score0.00282EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 12:0 a.m.8 views

Malicious code in polymarket-clob-maths (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign targeting Polymarket developers. polymarket-clob-maths uses a dropper technique: a postinstall hook fetches a remote bundle from trabalhos-flax.vercel.app and executes a syncSession function that runs a...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/06/30 12:0 a.m.5 views

MAL-2026-6692 Malicious code in polymarket-trading-developer-tools (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign targeting Polymarket developers. polymarket-trading-developer-tools uses a dropper technique: a postinstall hook downloads configuration from pm-trading-dev-tools-be.vercel.app and exfiltrates data to the...

6AI score
Exploits0References3
EUVD
EUVD
added 2026/06/25 5:3 a.m.5 views

EUVD-2026-39181

GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary client-side code in the context of...

8.7CVSS6.2AI score0.00231EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2026/06/22 12:45 p.m.35 views

Google Sets Sept. 30 Deadline for Android Developer Verification in Four Countries

Google has set September 30, 2026, as the day it begins enforcing Android developer verification in the first four countries, and the major device-maker app stores are in from the start. On that date, certified Android phones in Brazil, Indonesia, Singapore, and Thailand will block normal install...

5.9AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 5:57 p.m.15 views

Security Bulletin: XcodeGhost iOS malware

Question Security Bulletin: XcodeGhost iOS malware "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All Versions","Edition":"","Line of...

5.4AI score
Exploits0Affected Software1
NVD
NVD
added 2026/06/11 12:16 p.m.16 views

CVE-2026-10087

GitLab has remediated an issue in GitLab EE affecting all versions from 17.1 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary client-side code on behalf of a...

8.7CVSS0.00249EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/11 10:19 a.m.10 views

CVE-2026-10087 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 17.1 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary client-side code on behalf of a...

8.7CVSS6AI score0.00249EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 2:53 a.m.14 views

Malicious code in janus-ft (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d7caaba8f20d0f04bcb79ab4046d34bea20b858ed3fc37931c76109b366835f On npm install, the package's postinstall.js script harvests installer-side secrets and ships them to a hardcoded bare-IP C2 endpoint. Specifically, ...

5.6AI score
Exploits0References2
OSV
OSV
added 2026/06/11 2:53 a.m.11 views

MAL-2026-5557 Malicious code in janus-ft (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d7caaba8f20d0f04bcb79ab4046d34bea20b858ed3fc37931c76109b366835f On npm install, the package's postinstall.js script harvests installer-side secrets and ships them to a hardcoded bare-IP C2 endpoint. Specifically, ...

5.6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.22 views

PT-2026-48650

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 15.10 through 18.10.7 GitLab CE/EE versions 18.11 through 18.11.4 GitLab CE/EE versions 19.0 through 19.0.1 Description Incorrect authorization enforcements allow an authenticated user with developer-role permissions to...

5.4CVSS5.2AI score0.00187EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.13 views

GitLab 跨站脚本漏洞

GitLab Enterprise Edition EE is a content management system provided by the American company GitLab. Versions of GitLab EE from 17.1 to 18.10.8, 18.11 to 18.11.5, and 19.0 to 19.0.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper input in the analysis...

8.7CVSS6.1AI score0.00249EPSS
Exploits0References3
Drupal
Drupal
added 2026/06/10 12:0 a.m.14 views

Examples for Developers - Moderately critical - Access bypass - SA-CONTRIB-2026-044

The Examples for Developers project aims to provide high-quality, well-documented API examples for a broad range of Drupal core functionality. The "Read from a file" feature implemented by the fileexample submodule can be used to expose any file that PHP can access. Therefore, the fileexample...

5.5AI score0.00142EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.17 views

PT-2026-48592

Name of the Vulnerable Software and Affected Versions Examples for Developers versions 0.0.0 through 4.0.6 Description A missing authorization issue allows forceful browsing. Specifically, the "Read from a file" feature within the file example submodule can be used to expose any file that PHP can...

6.1AI score0.00142EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.10 views

CVE-2026-3073

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.6 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to bypass PyPI package protection rules and upload restricted packages due to...

4.3CVSS5.5AI score0.00218EPSS
Exploits0References1
Rows per page
Query Builder