Lucene search
K

167 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 6:7 a.m.7 views

Security Bulletin: IBM Enterprise Build of Quarkus is affected by multiple vulnerabilities

Summary IBM Enterprise Build of Quarkus is affected by vulnerabilities in Eclipse Netty and Eclipse Vert.x Vulnerability Details CVEID:CVE-2026-45416 DESCRIPTION: Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and...

10CVSS5.7AI score0.00606EPSS
Exploits1Affected Software1
EUVD
EUVD
added 2026/05/20 9:21 a.m.11 views

EUVD-2026-31083

NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority section can be used to trick Unbound to cache such records. If an adversary is able to attach such...

10CVSS5.7AI score0.00249EPSS
Exploits0References1
NVD
NVD
added 2026/05/19 6:16 p.m.28 views

CVE-2026-47107

Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authenticated users to write arbitrary entries to /etc/hosts, /etc/resolv.conf, and...

8.6CVSS0.0024EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

Windmill 安全漏洞

Windmill is a low-code development platform open source by Windmill Labs, Inc. Versions of Windmill prior to 1.703.2 contained security vulnerabilities. These vulnerabilities stemmed from the binding and mounting of directories under /etc in the nsjail sandbox configuration file without any...

8.6CVSS5.9AI score0.0024EPSS
Exploits0References5
Exploit DB
Exploit DB
added 2026/05/15 12:0 a.m.84 views

Windows Snipping Tool - NTLMv2 Hash Hijack

Exploit Title: Windows Snipping Tool - NTLMv2 Hash Hijack Date: 2026-04-22 Exploit Author: nu11secur1ty Video Demo: https://www.patreon.com/posts/cve-2026-33829-156243398 Vendor Homepage: https://www.microsoft.com Software Link: Built-in Windows Snipping Tool Version: Windows 10, Windows 11,...

4.3CVSS5.8AI score0.03447EPSS
Exploits5
Github Security Blog
Github Security Blog
added 2026/05/07 12:12 a.m.15 views

Netty has a DNS Codec Input Validation Bypass (Encoder + Decoder)

Security Vulnerability Report: DNS Codec Input Validation Bypass in Netty Encoder + Decoder 1. Vulnerability Summary | Field | Value | |-------|-------| | Product | Netty | | Version | 4.2.12.Final and all prior versions with codec-dns | | Component | io.netty.handler.codec.dns.DnsCodecUtil | |...

9.1CVSS5.8AI score0.00818EPSS
Exploits1References5Affected Software1
GithubExploit
GithubExploit
added 2026/04/07 5:8 a.m.168 views

Exploit for Improper Restriction of XML External Entity Reference in Cisco Secure_Endpoint

--- tags: hackthebox, linux, hard, cve-2023-23946, cve-2023-200...

7.5CVSS6.8AI score0.06675EPSS
Exploits7
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.9 views

Erlang/OTP 安全漏洞

Erlang/OTP is an open-source library written in JavaScript that handles exceptional situations. This library can catch exceptions caused by Node.js’s built-in APIs. Erlang/OTP versions prior to 28.4.2, 27.3.4.10, and 26.2.5.19 have security vulnerabilities; these vulnerabilities stem from the...

6.3CVSS5.8AI score0.00269EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/03/19 12:0 a.m.6 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Bouncy Castle vulnerabilities (USN-8108-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8108-1 advisory. It was discovered that Bouncy Castle did not sanitize user input when inserting it into an LDAP search...

7.5CVSS6.8AI score0.011EPSS
Exploits0References7
OSV
OSV
added 2026/03/18 5:51 p.m.5 views

USN-8108-1 bouncycastle vulnerabilities

It was discovered that Bouncy Castle did not sanitize user input when inserting it into an LDAP search filter. An attacker could possibly use this issue to perform an LDAP injection attack. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS...

7.5CVSS6.7AI score0.011EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.3 views

EulerOS 2.0 SP11 : unbound (EulerOS-SA-2026-1623)

According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement...

7.1CVSS6.9AI score0.00311EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 8 : kernel-4.18.0-240.15.1.el8 (AXSA:2021-1528:05)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1528:05 advisory. kernel: net: bluetooth: heap buffer overflow when processing extended advertising report events CVE-2020-24490 kernel: Asianux only CVE-2020-12351...

8.8CVSS7.5AI score0.07693EPSS
Exploits10References9
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.8 views

EulerOS 2.0 SP10 : unbound (EulerOS-SA-2026-1060)

According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : NLnet Labs Unbound up to and including version 1.24.0 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement...

7.1CVSS6.8AI score0.00311EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2025/12/26 2:44 p.m.9 views

China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware

A China-linked advanced persistent threat APT group has been attributed to a highly-targeted cyber espionage campaign in which the adversary poisoned Domain Name System DNS requests to deliver its signature MgBot backdoor in attacks targeting victims in Türkiye, China, and India. The activity,...

6.5AI score
Exploits0
Securelist
Securelist
added 2025/12/24 7:0 a.m.12 views

Evasive Panda APT poisons DNS requests to deliver MgBot

Introduction The Evasive Panda APT group also known as Bronze Highland, Daggerfly, and StormBamboo has been active since 2012, targeting multiple industries with sophisticated, evolving tactics. Our latest research June 2025 reveals that the attackers conducted highly-targeted campaigns, which...

7.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2025/11/19 6:20 a.m.8 views

Important: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

8.6CVSS6.9AI score0.0325EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2025/10/27 12:0 a.m.5 views

Unbound DNS Resolver < 1.24.2 Domain Hijacking Vulnerabilities

Unbound DNS Resolver is prone to a domain hijacking vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.1CVSS6.2AI score0.00311EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2007-4372

Malware in sbrugna...

7.8CVSS6.4AI score0.02138EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-2954

Malware in sbrugna...

6.1CVSS6.3AI score0.01815EPSS
Exploits3References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-41305

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.00782EPSS
Exploits0References2
Rows per page
Query Builder