Lucene search
K

7803 matches found

OSV
OSV
added 10 hours ago4 views

ROOT-OS-UBUNTU-2204-CVE-2023-53093 CVE-2023-53093 in rootio-linux - Patched by Root

Root has patched CVE-2023-53093 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

5.5CVSS7.9AI score0.00164EPSS
Exploits0
OSV
OSV
added 12 hours ago6 views

ROOT-OS-DEBIAN-12-CVE-2024-56742 CVE-2024-56742 in rootio-linux - Patched by Root

Root has patched CVE-2024-56742 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...

5.5CVSS7.8AI score0.00201EPSS
Exploits0
OSV
OSV
added 12 hours ago4 views

BIT-SETUPTOOLS-2026-59890 setuptools: MANIFEST.in exclusion bypass in sdist via Unicode normalization collision (NFC/NFD) on macOS APFS/HFS+

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...

6.1CVSS6.1AI score0.00269EPSS
Exploits1References4
Nuclei
Nuclei
added 14 hours ago13 views

XWiki Platform Distribution Flavor Main - Cross-Site Scripting

XWiki Platform Distribution Flavor Main versions prior to 17.6.0 are vulnerable to reflected cross-site scripting XSS due to improper sanitization of user-supplied input in the extensionId parameter. An attacker can exploit this issue by injecting malicious JavaScript, which will be executed in t...

6.5CVSS6.9AI score0.00503EPSS
Exploits0References2
Nuclei
Nuclei
added 14 hours ago92 views

Powertek Firmware <3.30.30 - Authorization Bypass

Powertek firmware multiple brands before 3.30.30 running Power Distribution Units are vulnerable to authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an...

9.8CVSS6.9AI score0.13425EPSS
Exploits1References5
OSV
OSV
added yesterday3 views

MAL-2026-10506 Malicious code in node-fsagent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3a0392a3ddea9b6099e8501fdb827f586a410323cecea214aa50fc1be42183b The package tarball ships archive-sender.js, which archives the host path /root/.codex, splits the tar into 200MB chunks, reconstructs an npm registr...

6.1AI score
Exploits0References10
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in node-fsagent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3a0392a3ddea9b6099e8501fdb827f586a410323cecea214aa50fc1be42183b The package tarball ships archive-sender.js, which archives the host path /root/.codex, splits the tar into 200MB chunks, reconstructs an npm registr...

6.1AI score
Exploits0References10
The Hacker News
The Hacker News
added yesterday7 views

Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft

A new phishing-as-a-service PhaaS operation called Forg365 is using a combination of device code phishing, adversary-in-the-middle AitM tactics, antibot evasion, artificial intelligence AI-assisted lure creation, and post-compromise mailbox operations targeting Microsoft 365 accounts. Distributed...

6.1AI score
Exploits0
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-56254 capacitor-updater - End-to-End Encryption Bypass via Private Key Distribution

In @capgo/capacitor-updater Cap-go/capgo before 12.128.2, the end-to-end encryption scheme distributes the private key to each device that downloads the app. Because the public key can be derived from the private key, an attacker performing a man-in-the-middle attack or compromising the Capgo...

8.3CVSS0.00151EPSS
Exploits0References2
CVE
CVE
added 4 days ago6 views

CVE-2026-56254

CVE-2026-56254 affects "@capgo/capacitor-updater" prior to version 12.128.2. The end‑to‑end encryption scheme distributes the private key to every device that downloads the app, allowing the public key to be derived from the private key. This enables an attacker who can perform a MITM attack or c...

8.3CVSS6.1AI score0.00151EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-61474 MISP: Improper sharing group authorization check when adding attributes

An improper authorization check in MISP’s attribute creation endpoint allowed an authenticated user with permission to add attributes to submit a sharinggroupid without triggering the corresponding sharing group authorization check, as long as the attribute distribution value was not explicitly s...

5.3CVSS0.00244EPSS
Exploits0References1
Snyk
Snyk
added 6 days ago5 views

Improper Handling of Unicode Encoding

Overview Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding in the process that applies exclusion directives from MANIFEST.in due to improper Unicode normalization handling on macOS APFS or HFS+ filesystems. An attacker can cause unintended files to be...

6.9CVSS6.1AI score0.00269EPSS
Exploits1References2
NVD
NVD
added 6 days ago9 views

CVE-2026-59890

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...

6.1CVSS0.00269EPSS
Exploits1References3
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-59890 setuptools: MANIFEST.in exclusion bypass in sdist via Unicode normalization collision (NFC/NFD) on macOS APFS/HFS+

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...

6.1CVSS0.00269EPSS
Exploits1References3
CVE
CVE
added 6 days ago15 views

CVE-2026-59890

Setuptools vulnerability CVE-2026-59890 affects the setuptools sdist packaging logic. Prior to 83.0.0, FileList exclusions (MANIFEST.in exclude, global-exclude, recursive-exclude, prune) were matched against on-disk file names without Unicode normalization, so an NFD filename on macOS APFS/HFS+ c...

6.1CVSS6AI score0.00269EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/07/07 6:0 a.m.7 views

EUVD-2026-42012

The uncanny-automator-pro WordPress plugin before 7.3.0.6 was distributed with malicious code after the vendor's uncanny-automator-pro WordPress plugin before 7.3.0.6 update/distribution infrastructure was compromised; the injected backdoor grants unauthenticated attackers an administrator sessio...

9.8CVSS6AI score0.00303EPSS
Exploits0References1
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/30 12:0 a.m.5 views

Security update for distribution (important)

openSUSE security update: security update for distribution ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21084-1 Rating: important References: bsc1265429 bsc1265788 bsc1266049 bsc1266629 Cross-References: CVE-2026-33814 CVE-2026-39821 CVE-2026-398...

9.1CVSS6.5AI score0.00781EPSS
Exploits1References4
OSV
OSV
added 2026/06/25 9:58 p.m.4 views

GHSA-54VG-PFH7-JQ95 Lemur: Crafted CRL/OCSP URLs in uploaded certificates lead to post-authentication SSRF

Summary When verifying an uploaded certificate, lemur/certificates/verify.py extracts the CRL Distribution Point URL and the OCSP responder URL directly from the certificate's extensions and issues outbound requests to those URLs without scheme restriction or destination allow-listing. An...

6.3CVSS6AI score
Exploits0References3
OSV
OSV
added 2026/06/25 6:43 p.m.2 views

GO-2026-5185 Distribution's tag deletion bypasses `storage.delete.enabled` configuration in github.com/distribution/distribution

Distribution's tag deletion bypasses storage.delete.enabled configuration in github.com/distribution/distribution...

6.5CVSS5.8AI score0.00294EPSS
Exploits1References2
OSV
OSV
added 2026/06/25 6:26 p.m.3 views

GO-2026-5094 Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm in github.com/distribution/distribution

Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm in github.com/distribution/distribution...

7.5CVSS5.8AI score0.00274EPSS
Exploits1References3
Rows per page
Query Builder