Lucene search
K

7340 matches found

The Hacker News
The Hacker News
added 10 hours ago5 views

PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords

Cybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data. The stealer, discovered by Jamf Threat Labs, is distributed as a compiled AppleScript .scpt file impersonating Maccy, a...

6AI score
Exploits0
RedHat Linux
RedHat Linux
added yesterday4 views

next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage

An unbounded disk usage flaw has been discovered in Next.js. The default Next.js image optimization disk cache /next/image did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many unique image-optimization variants and exhaust disk space, causing...

7.5CVSS5.9AI score0.00683EPSS
Exploits0References7
NVD
NVD
added 2 days ago4 views

CVE-2026-20244

A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in DMG...

7.5CVSS0.00389EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-20244

CVE-2026-20244 affects the DMG file format parser in ClamAV. The root cause is improper boundary checks for DMG content during scanning, which may trigger an integer overflow on 32-bit platforms. An unauthenticated, remote attacker could submit a crafted DMG file for scanning, potentially causing...

7.5CVSS5.9AI score0.00389EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago40 views

CVE-2026-20244 ClamAV DMG File Processing Denial of Service Vulnerability

A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in DMG...

7.5CVSS0.00389EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-20244

A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in DMG...

7.5CVSS5.9AI score0.00389EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2 days ago3 views

PT-2026-54709

A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in DMG...

7.5CVSS5.9AI score0.00389EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 4 days ago3 views

mariadb: MariaDB: Privilege bypass allows unauthorized file write via subqueries

A flaw was found in MariaDB server. This vulnerability allows a low-privileged authenticated user to bypass a security control that normally restricts file operations. Specifically, the system failed to verify the necessary 'FILE' privilege when certain 'SELECT' statements, which write data to...

8.1CVSS5.8AI score0.00276EPSS
Exploits0References6
OSV
OSV
added 4 days ago5 views

PYSEC-2026-411 Mesop has a Path Traversal utilizing `FileStateSessionBackend` leads to Application Denial of Service and File Write/Deletion

Summary A Path Traversal vulnerability allows any user or attacker supplying an untrusted statetoken through the UI stream payload to arbitrarily target files on the disk under the standard file-based runtime backend. This can result in application denial of service via crash loops when reading...

10CVSS6AI score0.00713EPSS
Exploits1References7
OSV
OSV
added 4 days ago4 views

PYSEC-2026-553 TorchServe Server-Side Request Forgery vulnerability

Impact Remote Server-Side Request Forgery SSRF Issue: TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and...

9.8CVSS5.8AI score0.35256EPSS
Exploits6References8
RedhatCVE
RedhatCVE
added 4 days ago7 views

CVE-2026-53319

A flaw was found in the Linux kernel's block writeback throttling blk-wbt component. The wbtinitenabledefault function used a warning mechanism WARNONONCE for expected failure paths during memory allocation or if writeback throttling was already registered. This could lead to spurious warnings, b...

5.8AI score0.00145EPSS
Exploits0References4
CVE
CVE
added last week24 views

CVE-2026-52885

Notepad++ Notepad++ v8.9.6.4 fixes a TOCTOU vulnerability (CVE-2026-52885) where the on-disk HMAC of shortcuts.xml is checked at trigger time while the command payload is loaded into memory at startup and never synchronized. An attacker with write access to shortcuts.xml can plant a malicious fil...

7.5CVSS6AI score0.00129EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added last week31 views

CVE-2026-52885 Notepad++ TOCTOU: HMAC Checks Disk, Executes from Memory

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.4, NppCommands.cpp checks the HMAC of the on-disk shortcuts.xml at the moment a user command fires Time-of-Check. However, the command payload is taken from the in-memory userCommands vector, which is populated at application...

7.5CVSS0.00129EPSS
Exploits2References2
NVD
NVD
added last week7 views

CVE-2026-55838

RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.7 and earlier, the real-time metrics endpoint at /rustfs/admin/v3/metrics is accessible to any valid IAM user regardless of their assigned policy. Every other admin handler in the codebase calls validateadminrequest to...

4.3CVSS0.00162EPSS
Exploits0References1
CVE
CVE
added last week7 views

CVE-2026-55838

CVE-2026-55838 (RustFS) : In versions up to 1.0.0-beta.7, the real-time metrics endpoint /rustfs/admin/v3/metrics is accessible to any valid IAM user, because MetricsHandler skips the admin-request validation that other admin handlers perform. As a result, a user whose policy allows only their ow...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-55838

RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.7 and earlier, the real-time metrics endpoint at /rustfs/admin/v3/metrics is accessible to any valid IAM user regardless of their assigned policy. Every other admin handler in the codebase calls validateadminrequest to...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-52966

Name of the Vulnerable Software and Affected Versions RustFS versions prior to 1.0.0-beta.8 Description RustFS is a distributed object storage system built in Rust. The real-time metrics endpoint '/rustfs/admin/v3/metrics' is accessible to any valid IAM user, regardless of their assigned policy...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References5
OSV
OSV
added 2026/06/25 10:34 p.m.5 views

GO-2026-5409 Grafana: SQL Expressions Read File From Disk in github.com/grafana/grafana

Grafana: SQL Expressions Read File From Disk in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...

6.5CVSS5.9AI score0.00262EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 5:16 p.m.8 views

CVE-2026-54024

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2024-11171 commit bb58a2d0 added limits: fileSize to createMulterInstance in the file upload routes. However, the POST /api/convos/import endpoint uses a separate multer instance that w...

6.5CVSS0.00253EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/25 9:31 a.m.5 views

EUVD-2026-39184

NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes...

7.2CVSS5.9AI score0.00265EPSS
Exploits0References2
Rows per page
Query Builder