Lucene search
K

9294 matches found

Nuclei
Nuclei
added 9 hours ago18 views

Squid Proxy - HTTP Authentication Credentials Disclosure

Squid versions prior to 7.2 fail to redact HTTP authentication credentials in error page responses. The Authorization header value is embedded in plain text inside the mailto: diagnostic block when Squid generates an error page e.g. ERRDNSFAIL. id: CVE-2025-62168 info: name: Squid Proxy - HTTP...

10CVSS7AI score0.62871EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-59857

An out-of-bounds write vulnerability in Vim's spellsoundfoldsal function allows an attacker to corrupt memory and crash the editor Denial of Service by supplying a specially crafted word during spell sound-folding. Mitigation This vulnerability can be mitigated by preventing Vim from automaticall...

5.6CVSS6.1AI score0.00107EPSS
Exploits0References5
Oracle linux
Oracle linux
added yesterday5 views

kernel security, bug fix, and enhancement update

4.18.0-553.141.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

7.8CVSS7AI score0.0031EPSS
Exploits0
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43074

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Login Disable allows Brute Force. This issue affects Login Disable versions: from 0.0.0 to 2.1.4...

6.1AI score0.00213EPSS
Exploits0References2
NVD
NVD
added 4 days ago4 views

CVE-2026-15079

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Login Disable allows Brute Force. This issue affects Login Disable versions: from 0.0.0 to 2.1.4...

5.4CVSS0.00213EPSS
Exploits0References1
CVE
CVE
added 4 days ago6 views

CVE-2026-15079

The CVE-2026-15079 entry concerns the Drupal Login Disable module, affected on versions 0.0.0 through 2.1.4. The underlying issue is an improper restriction of excessive authentication attempts, which can enable brute-force login attempts to bypass protection. The attack surface is the Drupal log...

5.4CVSS6.1AI score0.00213EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-15079 Login Disable - Moderately critical - Access bypass - SA-CONTRIB-2026-070

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Login Disable allows Brute Force. This issue affects Login Disable versions: from 0.0.0 to 2.1.4...

0.00213EPSS
Exploits0References1
OSV
OSV
added 4 days ago4 views

CVE-2026-15079 Login Disable - Moderately critical - Access bypass - SA-CONTRIB-2026-070

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Login Disable allows Brute Force. This issue affects Login Disable versions: from 0.0.0 to 2.1.4...

5.4CVSS6.1AI score0.00213EPSS
Exploits0References5
CVE
CVE
added 5 days ago8 views

CVE-2026-53961

CVE-2026-53961 concerns Discourse, an open-source discussion platform. Prior to the fixed versions, the AWS SES bounce webhook at POST /webhooks/aws did not bind SNS-signed messages to trusted TopicArn values, enabling any AWS account holder to publish forged Bounce notifications that revoke a ta...

6.5CVSS6AI score0.00221EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 5 days ago7 views

CVE-2026-56374

A heap buffer overflow vulnerability exists in ImageMagick and Magick.NET's FTXT encoder due to missing boundary checks for the ftxt:format parameter. A remote attacker could exploit this using a specially crafted FTXT image to cause a denial of service or disclose sensitive information. Mitigati...

7.1CVSS6.1AI score0.00157EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 5 days ago7 views

CVE-2026-35188

A flaw was found in OpenSSL. A malicious server can exploit the TLS Online Certificate Status Protocol OCSP stapling feature by sending a specially crafted response. This can trigger a double-free vulnerability in the client's certificate verification process, potentially leading to a Denial of...

5.9CVSS7.2AI score0.00245EPSS
Exploits0References3
The Hacker News
The Hacker News
added 5 days ago20 views

GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses

Cybersecurity researchers have flagged a new ransomware family called GodDamn that employs the PoisonX kernel driver to neutralize security software as part of its defense evasion strategy. According to a new report published by the Threat Hunter Team from Symantec, the ransomware was first...

6AI score
Exploits0
AstraLinux
AstraLinux
added 5 days ago8 views

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: espintcp: A race condition in espintcpclose has been fixed. This issue was discovered during a code audit. After espintcpclose is called, espintcptxwork can still be scheduled using functions like the Delayed ACK handler or...

7.8CVSS6AI score0.00101EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 6 days ago5 views

CVE-2026-59711

A flaw was found in showdown. This cross-site scripting XSS vulnerability occurs in the metadata title handling when the completeHTMLDocument option is enabled. An attacker can exploit this by injecting unescaped less-than and greater-than characters into markdown frontmatter metadata. This allow...

6.1CVSS6.5AI score0.00187EPSS
Exploits0References6
NVD
NVD
added 6 days ago7 views

CVE-2026-59999

In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not...

7.5CVSS0.0014EPSS
Exploits0References3
OSV
OSV
added 6 days ago4 views

UBUNTU-CVE-2026-59999

In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not...

7.5CVSS6.1AI score0.0014EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 6 days ago5 views

CVE-2026-59999

In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not...

7.5CVSS5.9AI score0.0014EPSS
Exploits0References3
NVD
NVD
added last week7 views

CVE-2026-49229

Actual is a local-first personal finance app. Prior to 26.6.0, in OpenID multi-user mode, disabling a user only blocks future OpenID login for that identity, while existing Actual session tokens for the disabled user remain valid. The shared session validation path accepts any existing token row...

8.3CVSS0.00441EPSS
Exploits0References3
CVE
CVE
added last week25 views

CVE-2026-49229

Affected software: Actual, a local-first personal finance app. Vulnerability summary: In OpenID multi-user mode prior to 26.6.0, disabling a user blocks future OpenID logins but does not revoke existing session tokens. The shared session validation path accepts any non-expired token, allowing a d...

8.3CVSS6AI score0.00441EPSS
Exploits0References3
NVD
NVD
added last week10 views

CVE-2026-57851

MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator...

8.5CVSS0.0017EPSS
Exploits0References2
Rows per page
Query Builder