Lucene search
K

125068 matches found

Github Security Blog
Github Security Blog
added 18 minutes ago2 views

Dragonfly scheduler v1 gRPC unauthenticated SSRF via attacker-controlled PeerHost in DownloadTinyFile

Summary The Dragonfly scheduler's v1 gRPC service contains an unauthenticated Server-Side Request Forgery SSRF. When a peer reports a successful download of a TINY task, the scheduler calls Peer.DownloadTinyFile and issues an HTTP GET to a host and port taken verbatim from the attacker-controlled...

6.3AI score
Exploits0References9Affected Software1
The Hacker News
The Hacker News
added 2 hours ago4 views

Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations

An Iranian hacking group affiliated with Iran's Ministry of Intelligence and Security MOIS has been wielding a previously undocumented modular command-and-control C2 framework dubbed Cavern aka Cav3rn targeting Israeli organizations. The activity, which has primarily singled out IT providers and...

6.6AI score
Exploits0
Github Security Blog
Github Security Blog
added 3 hours ago4 views

Scriban: Template Writes to Arbitrary CLR Properties via `TypedObjectAccessor` (Mass Assignment + `private` / `init` / `internal` Setter Bypass)

Description When a host pushes a CLR object into a Scriban TemplateContext via the standard, documented pattern — var so = new ScriptObject; so"user" = currentUser; // direct CLR reference context.PushGlobalso; — TypedObjectAccessor exposes every public-getter property for both reading and writin...

6AI score
Exploits0References2Affected Software1
OSV
OSV
added 3 hours ago0 views

GHSA-7JVP-HJ45-2F2M Scriban: Template Writes to Arbitrary CLR Properties via `TypedObjectAccessor` (Mass Assignment + `private` / `init` / `internal` Setter Bypass)

Description When a host pushes a CLR object into a Scriban TemplateContext via the standard, documented pattern — var so = new ScriptObject; so"user" = currentUser; // direct CLR reference context.PushGlobalso; — TypedObjectAccessor exposes every public-getter property for both reading and writin...

8.7CVSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 4 hours ago1 views

Security Bulletin: Vulnerability in golang.org/x/net package bundled with IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging and IBM Fusion Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging and IBM Fusion Content-Aware Storage include the golang.org/x/net package. It cause a running server to panic. CVE-2026-27141 Vulnerability Details CVEID:CVE-2026-27141 DESCRIPTION: Due to missing nil check, sending 0x0a-0x0f HTTP/2...

7.5CVSS5.9AI score0.00501EPSS
Exploits0Affected Software2
NVD
NVD
added 4 hours ago4 views

CVE-2026-59152

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.8.18, an attacker who can send an HTTP request to a server running the LangSmith SDK's TracingMiddleware can cause that server to read an arbitrary file from its local filesystem and upload the contents to...

5CVSS
Exploits0References1
Cvelist
Cvelist
added 6 hours ago7 views

CVE-2026-59152 Arbitrary server-side file read in LangSmith SDK TracingMiddleware

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.8.18, an attacker who can send an HTTP request to a server running the LangSmith SDK's TracingMiddleware can cause that server to read an arbitrary file from its local filesystem and upload the contents to...

5CVSS
Exploits0References1
CVE
CVE
added 6 hours ago8 views

CVE-2026-59152

The LangSmith Client SDKs’ TracingMiddleware had a vulnerability before version 0.8.18 where an HTTP request to a server running TracingMiddleware could trigger reading an arbitrary file from the server’s filesystem and uploading it to LangSmith as a trace attachment. This enables a trust-boundar...

5CVSS6AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 hours ago2 views

CVE-2026-59152

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.8.18, an attacker who can send an HTTP request to a server running the LangSmith SDK's TracingMiddleware can cause that server to read an arbitrary file from its local filesystem and upload the contents to...

5CVSS6AI score
Exploits0References2Affected Software1
EUVD
EUVD
added 6 hours ago4 views

EUVD-2026-41879

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.8.18, an attacker who can send an HTTP request to a server running the LangSmith SDK's TracingMiddleware can cause that server to read an arbitrary file from its local filesystem and upload the contents to...

5CVSS6AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 6 hours ago4 views

ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...

7.1CVSS6.1AI score0.00813EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 6 hours ago3 views

net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS

A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...

7.6CVSS5.8AI score0.00324EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 6 hours ago4 views

ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses

A flaw was found in Net::IMAP, a Ruby library implementing the Internet Message Access Protocol IMAP client functionality. A hostile server can exploit a quadratic time complexity issue in the Net::IMAP::ResponseReader when processing large responses containing numerous string literals. This can...

7.5CVSS5.8AI score0.0041EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 6 hours ago4 views

Important: Red Hat Security Advisory: ruby security update

An update for ruby is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.6CVSS6AI score0.00813EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 7 hours ago8 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.2AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 7 hours ago7 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.66 packages and security update

Red Hat OpenShift Container Platform release 4.15.66 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

10CVSS7AI score0.01945EPSS
Exploits3References6
RedHat Linux
RedHat Linux
added 7 hours ago5 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.8AI score0.01945EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 7 hours ago6 views

Critical: Red Hat Security Advisory: OpenShift Container Platform 4.15.66 bug fix and security update

Red Hat OpenShift Container Platform release 4.15.66 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

9.8CVSS6AI score0.00563EPSS
Exploits13References5
BDU FSTEC
BDU FSTEC
added 8 hours ago10 views

The vulnerabilities in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel allow a hacker to cause a service failure.

The vulnerability in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel systems relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a system failure...

7CVSS6.1AI score0.00121EPSS
Exploits0References5Affected Software2
The Hacker News
The Hacker News
added 9 hours ago6 views

Suspected China-Nexus Hackers Use Fake Indian Tax Filing Utility to Deploy DcRAT

A suspected China-nexus threat activity cluster has been observed targeting Indian taxpayers, tax professionals, and corporate finance teams to deliver a remote access trojan designed to steal sensitive data from compromised hosts. The multi-stage campaign, codenamed Operation DragonReturn by...

6AI score
Exploits0
Rows per page
Query Builder