Lucene search
K

3239 matches found

CVE
CVE
added yesterday5 views

CVE-2026-58537

CVE-2026-58537 (Microsoft NAT Helper Components, ipnathlp.dll) is a use-after-free vulnerability that allows an authenticated local attacker to achieve elevation of privileges. The connected sources confirm the flaw and its local-privilege-impact, with Microsoft and CVE listings documenting ipnat...

7.8CVSS6AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added yesterday3 views

Security Bulletin: IBM® Db2® is vulnerable to buffer overflow in setgid helper db2flacc which can lead to privilege escalation and instance compromise from an unprivileged shell (CVE-2026-10535)

Summary IBM® Db2® is vulnerable to buffer overflow in setgid helper db2flacc which can lead to privilege escalation and instance compromise from an unprivileged shell. Vulnerability Details CVEID:CVE-2026-10535 DESCRIPTION: IBM Db2 is vulnerable to buffer overflow in setgid helper db2flacc...

6.2AI score
Exploits0Affected Software1
Nuclei
Nuclei
added yesterday47 views

WP Helper Lite < 4.3 - Cross-Site Scripting

The WP Helper Lite WordPress plugin, in versions 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability. id: CVE-2023-0448 info: name: WP Helper Lite 4.3 - Cross-Site Scripting author: ritikchaddha severity: medium description: | T...

6.1CVSS6.4AI score0.44513EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday60 views

WatchGuard Fireware AD Helper Component - Credentials Disclosure

WatchGuard Fireware Threat Detection and Response TDR service contains a credential-disclosure vulnerability in the AD Helper component that allows unauthenticated attackers to gain Active Directory credentials for a Windows domain in plaintext. id: CVE-2020-10532 info: name: WatchGuard Fireware ...

7.5CVSS7AI score0.02762EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 5 days ago9 views

EulerOS 2.0 SP12 : kernel (EulerOS-SA-2026-2595)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Input: alps - fix use-after-free bugs caused by dev3registerworkCVE-2025-68822 ext4: reject mount if bigalloc with sfirstdatablock !=...

9.8CVSS6.9AI score0.0138EPSS
Exploits15References167
OSSF Malicious Packages
OSSF Malicious Packages
added last week8 views

Malicious code in promo-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1a88c879a569b51180b134bd442917610efba2cfc54aa980cb3ec3b4731e84c No concrete evidence of installer-side harm was identified for this package version. There are no indicators of credential theft, environment scrapin...

6.2AI score
Exploits0References9
RedHat Linux
RedHat Linux
added last week4 views

kernel: netfilter: nf_conntrack_helper: pass helper to expect cleanup

A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntrackhelper. When a connection tracking helper is unregistered, its associated expectations are not properly cleaned up. This oversight can lead to a use-after-free vulnerability, where the system attempts t...

7.8CVSS5.9AI score0.00126EPSS
Exploits0References5
EUVD
EUVD
added last week5 views

EUVD-2026-42275

App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences, those bytes reach the terminal unchanged. Version 3.10.0 added a...

7.5CVSS5.9AI score0.00329EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/07/07 8:2 p.m.4 views

kernel: netfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table()

A flaw was found in the Linux kernel's nfnetlinkcthelper component. This vulnerability, an out-of-bounds read, occurs in the nfnlcthelperdumptable function when a network connection tracking helper is removed during a dump operation, leading to a bypassed bounds check. A local attacker could...

7.1CVSS5.9AI score0.00132EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/07/07 12:58 p.m.8 views

CVE-2026-10659 NULL pointer dereference in Zephyr Dhara FTL disk driver on flash read error during journal resume

The Dhara flash translation layer disk driver drivers/disk/ftldhara.c implemented the dharanand callbacks so that, on a flash error, the error code was written unconditionally through the caller-supplied dharaerrort err pointer e.g. err = DHARAEECC in dharanandread, and similar in...

4.7CVSS6.1AI score0.00098EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 9:14 p.m.5 views

CVE-2026-42148

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the buildHelperImage method in app/Livewire/Settings/Index.php constructs a Docker build command using the devhelperversion field without shell escaping, allowing an attack...

3.8CVSS6.2AI score0.00121EPSS
Exploits0References4Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:55 p.m.6 views

Malicious code in npm-eslint-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc5c1992c3d9f33bca28c1ce098d769809e44a12a671972925815e9890e5e9f4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
The Hacker News
The Hacker News
added 2026/07/06 10:58 a.m.16 views

Suspected China-Nexus Hackers Use Fake Indian Tax Filing Utility to Deploy DcRAT

A suspected China-nexus threat activity cluster has been observed targeting Indian taxpayers, tax professionals, and corporate finance teams to deliver a remote access trojan designed to steal sensitive data from compromised hosts. The multi-stage campaign, codenamed Operation DragonReturn by...

6.2AI score
Exploits0
OSV
OSV
added 2026/07/06 8:48 a.m.7 views

USN-8508-1 linux-nvidia-6.17 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - S390 architecture; - Block layer subsystem; - Cryptographic API; - DMA engine subsystem; - GP...

9.8CVSS6.2AI score0.00817EPSS
Exploits9References85
OSV
OSV
added 2026/07/06 6:31 a.m.5 views

OESA-2026-2871 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackexpect: use expect-helper Use expect-helper in ctnetlink and /proc to dump the helper name. Using nfcthelp without holding a reference to t...

9.8CVSS5.8AI score0.00612EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.14 views

PT-2026-55890

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.18.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.x Description Insufficient session expiration in the Apache Camel Keycloak Component occurs because the KeycloakSecurityHelper.parseAndVerifyAccessToken...

9.8CVSS6.1AI score0.00411EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.7 views

PT-2026-56025

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.474 Description The buildHelperImage function in app/Livewire/Settings/Index.php constructs a Docker build command using the dev helper version field without proper shell escaping. This allows an attacker w...

3.8CVSS6.2AI score0.00121EPSS
Exploits0References7
OSV
OSV
added 2026/07/04 12:0 a.m.5 views

MAL-2026-6788 Malicious code in datefmt-helper (npm)

The npm package datefmt-helper is a supply-chain dropper disguised as a benign date-formatting utility its description reads "dates formatting utility with locale support". The package ships no source repository and places its real behaviour in an install script. A postinstall lifecycle hook...

6.5AI score
Exploits0References3
OSV
OSV
added 2026/07/03 8:55 a.m.4 views

OPENSUSE-SU-2026:21222-1 Security update for systemd

This update for systemd fixes the following issues: Changes in systemd: - Better handle TLS allocation failure bsc1254924. - Disable mounting debugfs by default jscPED-8812. - Import commit 9e8b5afe0fb2061f4a17a3022469dd62f2683960 bsc1267647 bsc1267644 bsc1262305 bsc1263117. - Move systemd-pcrloc...

6AI score
Exploits0References12
NVD
NVD
added 2026/07/02 5:16 p.m.12 views

CVE-2024-58352

Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the uid POST parameter of the wechatLoginHelper.do endpoint. Attackers can exploit the lack of input...

8.7CVSS0.00564EPSS
Exploits0References4
Rows per page
Query Builder