Lucene search
K

465887 matches found

The Hacker News
The Hacker News
added 40 minutes ago2 views

Study of 281 Free Android VPN Apps Finds Traffic Leaks, Unencrypted Data, and Tracking

Researchers ran 281 of the most popular free VPN apps on the Google Play Store through a new testing system and found that many fail at the basics people install a VPN for, i.e., keeping their traffic private and secure. The apps flagged with at least one problem have been installed more than 2.4...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 1 hour ago2 views

Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access

A threat actor has been targeting organizations spanning multiple sectors with voice-based fake security requests that prompt Microsoft 365 users to enroll a new Entra passkey with an aim to carry out data extortion attacks. The threat actor, tracked by Okta under the moniker O-UNC-066 , has...

6.1AI score
Exploits0
NVD
NVD
added 1 hour ago2 views

CVE-2026-41878

R-SOFT DMS is vulnerable to Insecure Direct Object Reference IDOR attack in multiple file download endpoints. The application fetches files from the database by ID and serves them to whoever requests them, relying only on session authentication, meaning any valid user can access any file. This...

7.1CVSS
Exploits0References1
GithubExploit
GithubExploit
added 2 hours ago5 views

Exploit for Deserialization of Untrusted Data in Apache Camel

camel-jms JMS ObjectMessage Unsafe Deserialization Reproducer...

9.8CVSS6.2AI score0.00881EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2 hours ago2 views

CVE-2026-41878 Insecure Direct Object Reference in R-SOFT DMS

R-SOFT DMS is vulnerable to Insecure Direct Object Reference IDOR attack in multiple file download endpoints. The application fetches files from the database by ID and serves them to whoever requests them, relying only on session authentication, meaning any valid user can access any file. This...

7.1CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added 2 hours ago2 views

EUVD-2026-42856

R-SOFT DMS is vulnerable to Insecure Direct Object Reference IDOR attack in multiple file download endpoints. The application fetches files from the database by ID and serves them to whoever requests them, relying only on session authentication, meaning any valid user can access any file. This...

7.1CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 2 hours ago3 views

CVE-2026-41878 Insecure Direct Object Reference in R-SOFT DMS

R-SOFT DMS is vulnerable to Insecure Direct Object Reference IDOR attack in multiple file download endpoints. The application fetches files from the database by ID and serves them to whoever requests them, relying only on session authentication, meaning any valid user can access any file. This...

7.1CVSS
Exploits0References1
CVE
CVE
added 2 hours ago3 views

CVE-2026-41878

R-SOFT DMS is vulnerable to Insecure Direct Object Reference IDOR attack in multiple file download endpoints. The application fetches files from the database by ID and serves them to whoever requests them, relying only on session authentication, meaning any valid user can access any file. This...

7.1CVSS6.1AI score
Exploits0References1
The Hacker News
The Hacker News
added 2 hours ago3 views

Attackers Exploit 'Ill Bloom' Vulnerability to Drain $3.1 Million From Cryptocurrency Wallets

Security firm Coinspect has disclosed a crypto wallet flaw it calls Ill Bloom , and attackers are already using it. The flaw is in how some wallet software generated its recovery phrase, the words that control the money. When that phrase is made with weak randomness, an attacker can work it out a...

6.1AI score
Exploits0
GithubExploit
GithubExploit
added 2 hours ago7 views

Exploit for Deserialization of Untrusted Data in Apache Camel

camel-netty-http / camel-vertx-http HTTP-Response Unsafe Deser...

8.1CVSS6.2AI score0.00724EPSS
Exploits1
GithubExploit
GithubExploit
added 3 hours ago9 views

Exploit for Out-of-bounds Write in Mediatek Software_Development_Kit

CVE-2025-20720 — PolyShell: Magento 2 Unauthenticated File Uploa...

8.8CVSS6.5AI score0.00237EPSS
Exploits1
GithubExploit
GithubExploit
added 4 hours ago8 views

Exploit for Deserialization of Untrusted Data in Apache Camel

camel-infinispan Remote Aggregation Repository Unsafe Deserial...

8.8CVSS6.3AI score0.00711EPSS
Exploits2
NCSC
NCSC
added 5 hours ago4 views

Vulnerabilities found in BeyondTrust Remote Support and Privileged Remote Access

BeyondTrust has identified vulnerabilities in the products Remote Support and Privileged Remote Access. These vulnerabilities involve multiple aspects of these products. There is a pre-authentication vulnerability that allows a network-based attacker to bypass authentication checks without prior...

9.9CVSS6.2AI score0.00653EPSS
Exploits0References1
NVD
NVD
added 6 hours ago7 views

CVE-2026-15332

A security flaw has been discovered in zhayujie CowAgent up to 2.1.0. The impacted element is an unknown function of the file channel/channel.py of the component Message Endpoint. The manipulation results in missing authorization. The attack may be launched remotely. The exploit has been released...

6.5CVSS
Exploits0References6
NVD
NVD
added 6 hours ago8 views

CVE-2026-15331

A vulnerability was identified in zhayujie CowAgent up to 2.1.0. The affected element is the function addurl/addpackage of the file agent/skills/service.py of the component Skill Installation Handler. The manipulation of the argument Name leads to path traversal. The attack may be initiated...

5.5CVSS
Exploits0References9
NVD
NVD
added 6 hours ago6 views

CVE-2026-15330

A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function buildimagecontent/downloadtodataurl of the file agent/tools/vision/vision.py of the component Vision Tool. Executing a manipulation of the argument image can lead to server-side request forgery. The attack c...

7.5CVSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 6 hours ago2 views

CVE-2026-15332

A security flaw has been discovered in zhayujie CowAgent up to 2.1.0. The impacted element is an unknown function of the file channel/channel.py of the component Message Endpoint. The manipulation results in missing authorization. The attack may be launched remotely. The exploit has been released...

6.5CVSS6.2AI score
Exploits0References6Affected Software1
Cvelist
Cvelist
added 6 hours ago5 views

CVE-2026-15332 zhayujie CowAgent Message Endpoint channel.py authorization

A security flaw has been discovered in zhayujie CowAgent up to 2.1.0. The impacted element is an unknown function of the file channel/channel.py of the component Message Endpoint. The manipulation results in missing authorization. The attack may be launched remotely. The exploit has been released...

6.5CVSS
Exploits0References6
CVE
CVE
added 6 hours ago6 views

CVE-2026-15332

Technical details about CVE-2026-15332 are not publicly available in the provided documents; monitor for updates.

6.5CVSS6.2AI score
Exploits0References6
EUVD
EUVD
added 6 hours ago6 views

EUVD-2026-42809

A security flaw has been discovered in zhayujie CowAgent up to 2.1.0. The impacted element is an unknown function of the file channel/channel.py of the component Message Endpoint. The manipulation results in missing authorization. The attack may be launched remotely. The exploit has been released...

6.5CVSS6.2AI score
Exploits0References6
Rows per page
Query Builder