Lucene search
K

64748 matches found

The Hacker News
The Hacker News
added 31 minutes ago1 views

FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations

The recently discovered financially-motivated FortiBleed campaign has been attributed to INC and Lynx ransomware operations, indicating that the verified, stolen credentials were intended for follow-on intrusions. "An operator tied to FortiBleed's infrastructure was found actively working...

9.8CVSS6.2AI score0.88505EPSS
Exploits8
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-55628

A flaw was found in ImageMagick. The -concatenate operation, used for combining images, lacks proper security policy checks. This oversight could allow an attacker to read from or write to file paths that should otherwise be restricted by the security policy. This could lead to unauthorized acces...

6.1CVSS5.6AI score
Exploits0References4
Imperva Blog
Imperva Blog
added yesterday2 views

Code Injection in Perforce Helix Core (CVE-2026-6902)

Executive Summary In this article, we disclose our latest findings we made on Perforce protocol P4 Helix Core between command line client and server, and reveal how a threat actor could leverage it to conduct attacks. This security issue affects P4 Helix Core before P4 Helix Core 2025.2 Patch 2,...

7.7CVSS6.4AI score0.00449EPSS
Exploits0
NVD
NVD
added yesterday3 views

CVE-2026-55793

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or any control panel user with saveEntries for the same Structure section, drags another entry under th...

5.9CVSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added yesterday2 views

Security Bulletin: IBM MQ for HPE NonStop is affected by vulnerabilities in OpenSSL

Summary IBM MQ for HPE NonStop is affected by OpenSSL vulnerabilities CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-31789, CVE-2026-31790, CVE-2026-2673. Vulnerability Details CVEID:CVE-2026-28387 DESCRIPTION: Issue summary: An uncommon configuration of clients performi...

9.8CVSS8AI score0.00981EPSS
Exploits0Affected Software1
EUVD
EUVD
added yesterday4 views

EUVD-2026-41153

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or any control panel user with saveEntries for the same Structure section, drags another entry under th...

5.9CVSS5.7AI score
Exploits0References2
Cvelist
Cvelist
added yesterday11 views

CVE-2026-55793 Craft CMS: Stored XSS via Structure entry title in table view

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or any control panel user with saveEntries for the same Structure section, drags another entry under th...

5.9CVSS
Exploits0References2
CVE
CVE
added yesterday4 views

CVE-2026-55793

Craft CMS versions 5.0.0-RC1–5.9.22 are affected by a stored XSS in a Structure entry title. An author-level control panel user can insert malicious JavaScript into an entry title. When a victim with saveEntries permission drags another entry under the poisoned one in table view, the payload exec...

5.9CVSS5.7AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-55793

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or any control panel user with saveEntries for the same Structure section, drags another entry under th...

5.9CVSS5.7AI score
Exploits0References3Affected Software1
OSV
OSV
added yesterday3 views

GHSA-FXHP-MV3V-67QP `oras-go` tar extraction: Hardlink entry with relative Linkname escapes extract dir via process CWD resolution

Root cause The tar-extraction helper ensureLinkPath at content/file/utils.go:262-275 validates that a hardlink's target resolves inside the extract base, but then returns the original unresolved target string back to the caller: go func ensureLinkPathbaseAbs, baseRel, link, target string string,...

7.1CVSS6AI score
Exploits0References3
Github Security Blog
Github Security Blog
added yesterday4 views

`oras-go` tar extraction: Hardlink entry with relative Linkname escapes extract dir via process CWD resolution

Root cause The tar-extraction helper ensureLinkPath at content/file/utils.go:262-275 validates that a hardlink's target resolves inside the extract base, but then returns the original unresolved target string back to the caller: go func ensureLinkPathbaseAbs, baseRel, link, target string string,...

6AI score
Exploits0References3Affected Software1
OSV
OSV
added yesterday3 views

GHSA-8XWF-RJM4-XVHV oras-go has file store write outside workingDir via symlink traversal

The file content store in oras-go attempts to confine writes to workingDir when AllowPathTraversalOnWrite=false, but the guard is lexical and does not account for symlink traversal. If workingDir contains a symlink path component and an attacker-controlled blob title via ocispec.AnnotationTitle...

6.9CVSS5.7AI score
Exploits0References3
Github Security Blog
Github Security Blog
added yesterday5 views

oras-go has file store write outside workingDir via symlink traversal

The file content store in oras-go attempts to confine writes to workingDir when AllowPathTraversalOnWrite=false, but the guard is lexical and does not account for symlink traversal. If workingDir contains a symlink path component and an attacker-controlled blob title via ocispec.AnnotationTitle...

5.7AI score
Exploits0References3Affected Software1
OSV
OSV
added yesterday2 views

GHSA-F82J-V89J-MF86 SurrealDB: `RELATE` overwrites existing edge records without `UPDATE` permission

RELATE creates an edge record between two existing records, and SurrealDB enforces the CREATE permission on the edge table for this operation. When the statement included a SET id = edge:existing clause, however, the new edge's id ended up pointing at an record that was already in storage. Rather...

4.3CVSS5.8AI score
Exploits0References4
Github Security Blog
Github Security Blog
added yesterday4 views

SurrealDB: `RELATE` overwrites existing edge records without `UPDATE` permission

RELATE creates an edge record between two existing records, and SurrealDB enforces the CREATE permission on the edge table for this operation. When the statement included a SET id = edge:existing clause, however, the new edge's id ended up pointing at an record that was already in storage. Rather...

5.8AI score
Exploits0References4Affected Software1
NVD
NVD
added yesterday3 views

CVE-2026-54164

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions prior to 4.1.30, 4.2.26 and 4.3.12, the serializer's AbstractItemNormalizer does not validate the resource type returned when resolving relation IRIs, allowing type confusion where a resource of an...

6.5CVSS
Exploits0References1
OSV
OSV
added yesterday2 views

GHSA-6G9V-7GQ3-P2C6 SurrealDB: Authenticated callers can read fields hidden by field-level SELECT permissions via error messages

A record user with UPDATE access could read field values that field-level SELECT permissions hid from them. Arithmetic operators and extend embedded the raw operand into their error messages, and UPDATE permission checks evaluate against the unreduced document — so triggering such an error agains...

4.3CVSS5.8AI score
Exploits0References3
Github Security Blog
Github Security Blog
added yesterday4 views

SurrealDB: Authenticated callers can read fields hidden by field-level SELECT permissions via error messages

A record user with UPDATE access could read field values that field-level SELECT permissions hid from them. Arithmetic operators and extend embedded the raw operand into their error messages, and UPDATE permission checks evaluate against the unreduced document — so triggering such an error agains...

5.8AI score
Exploits0References3Affected Software1
OSV
OSV
added yesterday2 views

GHSA-4M82-P8CX-F94J SurrealDB: LIVE query subscriptions survive session state changes, bypassing access controls

A LIVE SELECT subscription records the user's auth state $auth, $token, $session, $access when it is registered, and the server uses that recorded state to evaluate the table- and row-level PERMISSIONS clauses for every subsequent notification. The recorded state is never refreshed. When somethin...

4.3CVSS5.8AI score
Exploits0References4
Github Security Blog
Github Security Blog
added yesterday5 views

SurrealDB: LIVE query subscriptions survive session state changes, bypassing access controls

A LIVE SELECT subscription records the user's auth state $auth, $token, $session, $access when it is registered, and the server uses that recorded state to evaluate the table- and row-level PERMISSIONS clauses for every subsequent notification. The recorded state is never refreshed. When somethin...

5.8AI score
Exploits0References4Affected Software1
Rows per page
Query Builder