Lucene search
K

770 matches found

CVE
CVE
added 3 days ago10 views

CVE-2026-40257

CVE-2026-40257 affects OP-TEE (Trusted Execution Environment) for Cortex-A with TrustZone. From versions 3.21.0 up to, but not including, 4.11.0, the ARM Crypto Extensions accelerated SHA-3 implementation has an off-by-one error that can cause a massive heap overflow, corrupting all TEE kernel me...

5.5CVSS6AI score0.00109EPSS
Exploits0References1Affected Software1
Slackware Linux
Slackware Linux
added 4 days ago6 views

[slackware-security] Slackware 15.0 php82

New php82 packages are available for Slackware 15.0 to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: extra/php82/php82-8.2.32-i586-1slack15.0.txz: Upgraded. This update fixes a security issue: OpenSSL: Fixed memory corruption zendmmheap corrupted in opensslencrypt...

5.6CVSS6AI score0.00276EPSS
Exploits0
NVD
NVD
added last week4 views

CVE-2026-27433

Unauthenticated Broken Access Control in Motors = 5.6.80 versions...

6.5CVSS0.00253EPSS
Exploits0References1
Cvelist
Cvelist
added last week35 views

CVE-2026-27433 WordPress Motors theme <= 5.6.80 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Motors = 5.6.80 versions...

6.5CVSS0.00253EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 5:16 p.m.6 views

CVE-2026-58453

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a hard-coded credentials vulnerability that allows network-adjacent attackers to gain unauthorized access by using the default admin username with an empty password accepted by the anykaipc HTTP service on port 80...

9.8CVSS0.0169EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/01 3:33 p.m.28 views

CVE-2026-58453 JAIOTlink C492A-W6 4.8.30.57701411 Hard-coded Credentials via anyka_ipc

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a hard-coded credentials vulnerability that allows network-adjacent attackers to gain unauthorized access by using the default admin username with an empty password accepted by the anykaipc HTTP service on port 80...

9.8CVSS0.0169EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 3:33 p.m.15 views

CVE-2026-58453

JAIOTlink C492A-W6 Wi‑Fi IP cameras (firmware 4.8.30.57701411) are affected by CVE-2026-58453 due to hard-coded credentials. An attacker on the network can authenticate to the anyka_ipc HTTP service (port 80) using the default admin username with an empty password, gaining unauthorized access to ...

9.8CVSS5.8AI score0.0169EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 3:33 a.m.14 views

CVE-2026-7839

UltraVNC repeater up to version 1.8.2.2 contains a hardcoded default admin password that is written during first run when settings2.txt is absent. Specifically, repeater/webgui/settings.c assigns the literal string "adminadmi2" to saved_password (64 bytes) and the HTTP Basic-auth handler wi_decod...

9.1CVSS5.8AI score0.00326EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.14 views

PT-2026-54490

Name of the Vulnerable Software and Affected Versions UltraVNC repeater versions prior to 1.8.2.3 Description The embedded HTTP administration server contains a global buffer overflow. The functions wi senderr and wi replyhdr in repeater/webgui/webutils.c write the HTTP request URI into a fixed...

9.8CVSS6.8AI score0.01203EPSS
Exploits0References4
OSV
OSV
added 2026/06/23 11:17 p.m.2 views

MINI-QM43-25VP-85MC

Bulletin has no description...

6.1CVSS5.7AI score0.00188EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/23 8:1 p.m.8 views

libsolv: Stack-based buffer overflow in libsolv's Debian metadata parser when handling SHA384/SHA512 checksums

A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption a...

6.5CVSS6.3AI score0.00399EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2026/06/22 10:55 a.m.18 views

⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More

It’s Monday again. This week’s threat list looks painfully familiar: abused integrations, fake tools, poisoned websites, ransomware crews trying to shut down security tools, and mobile malware asking for way too much control. The annoying part is how little of this feels new. Weak credentials,...

7.2AI score
Exploits0
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Firefox

When processing a redirect that conflicts with a Referrer-Policy, Firefox would adopt the Referrer-Policy of the redirect. This could potentially result in more information than intended by the original origin being provided to the destination of the redirect. This vulnerability affects Firefox...

6.5CVSS6.9AI score0.01007EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Firefox

Context-specific code was included in a shared jump table, resulting in assertions being triggered in multithreaded Wasm code. This vulnerability affects Firefox versions earlier than 86...

6.5CVSS6.9AI score0.01007EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 4:45 p.m.7 views

MINI-GGQH-JP38-CP89

Bulletin has no description...

6.2CVSS4.8AI score0.00112EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 1:46 a.m.9 views

Malicious code in acme-widget-layout-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff800752007d4e55ddc8172e04c8d75ac04d61b499cc58d97f016cd34d70d6c4 On import, src/acmewidgetlayoututils/init.py executes a textbook reverse-shell pattern: it opens a TCP socket, duplicates the socket file descriptor...

5.8AI score
Exploits0References4
Cvelist
Cvelist
added 2026/06/09 8:1 p.m.38 views

CVE-2026-47911 Acrobat Reader | Out-of-bounds Write (CWE-787)

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00239EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 7:55 a.m.11 views

MAL-2026-5359 Malicious code in swap-sdk-87 (npm)

Crypto/SSH/wallet stealer, blockchain-helper-0 campaign sibling c960+. postinstall auto-execs, src/index.js harvests /.ssh keys + Sol/Eth/BTC/Tron/Sui/Aptos wallets + .env + seeds, self-labels "CRYPTO STEALER", exfils to SAME Telegram bot 8227918239 chat 6433587894 not rotated. Inflated version...

5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.12 views

CVE-2026-46356

Fleet is open source device management software. Prior to version 4.80.1, a vulnerability in Fleet's IP extraction logic allows unauthenticated attackers to bypass API rate limiting by spoofing client IP headers. This may allow brute-force login attempts or other abuse against Fleet instances...

7.5CVSS5.5AI score0.00276EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.8 views

CVE-2026-40927

Docmost is open-source collaborative wiki and documentation software. Prior to 0.80.0, when leaving a comment on a page, it is possible to include a JavaScript URI as the link. When a user clicks on the link the JavaScript executes. This vulnerability is fixed in 0.80.0...

5.4CVSS5.5AI score0.00139EPSS
Exploits0References1
Rows per page
Query Builder