Lucene search
+L

27439 matches found

OSV
OSV
added 10 hours ago2 views

OESA-2026-3027 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

8.4CVSS5.7AI score0.00144EPSS
Exploits0References4
ICS
ICS
added 3 days ago5 views

remorses/genql code injection

RISK EVALUATION remorses/genql before version 6.3.4 allows an authenticated attacker with control of the GraphQL schema that is passed to genql to inject arbitrary JavaScript or TypeScript. The malicious code is injected into the generated schema.ts file and executes when the genql client is...

7.1CVSS5.6AI score0.00254EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago11 views

Malicious code in @yeaft/webchat-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9c505d42f1b2b4f64592abbf753ebf4b8eb5e11d359bc4fb8b8a9a9db3ec36e On startup the agent opens a WebSocket to a configurable server SERVERURL / config.serverUrl, default ws://localhost:3456 and dispatches...

6.5AI score
Exploits0References1
OSV
OSV
added 3 days ago3 views

MAL-2026-10723 Malicious code in @yeaft/webchat-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9c505d42f1b2b4f64592abbf753ebf4b8eb5e11d359bc4fb8b8a9a9db3ec36e On startup the agent opens a WebSocket to a configurable server SERVERURL / config.serverUrl, default ws://localhost:3456 and dispatches...

6.5AI score
Exploits0References1
The Hacker News
The Hacker News
added 3 days ago9 views

ThreatsDay: Game Cheat Spyware, 24-Hour Ransomware, Chrome Sync Stalking + 12 More Stories

A lot of this week’s trouble starts with something that looks close enough. A familiar repo. A useful installer. A harmless sync setting. Then the handoff goes bad, the box starts talking to someone else, and the damage moves faster than the explanation. Old bugs are back, weak defaults are earni...

9.8CVSS7.3AI score0.01045EPSS
Exploits2
The Hacker News
The Hacker News
added 3 days ago11 views

New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands

Cybersecurity researchers have called attention to a new modular malware called TELEPUZ that's been spreading via websites infected with ClickFix lures since late April 2026. "The malware is full-featured, lightweight, and modular," Elastic Security Labs researcher Cyril François said in a...

6.4AI score
Exploits0
The Hacker News
The Hacker News
added 3 days ago14 views

New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password

ClickLock Stealer , a new macOS infostealer, answers a victim's refusal by killing their apps on a loop until they hand over the login password. It arrives as a command pasted into Terminal, asks for the password behind a fake system dialog, and when the victim cancels, installs two LaunchAgents...

6.1AI score
Exploits0
ICS
ICS
added 3 days ago4 views

Rockwell Automation Flex 5000 Adapter

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition on the affected product. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize...

8.7CVSS6.1AI score0.00253EPSS
Exploits0References13
ICS
ICS
added 3 days ago11 views

Rockwell Automation CompactLogix, ControlLogix, Compact GuardLogix and GuardLogix

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for...

6.1AI score
Exploits0References13
ICS
ICS
added 3 days ago5 views

NASA Core Flight System (cFS) Health & Safety (HS) Application

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all...

8.2CVSS6.1AI score0.00358EPSS
Exploits0References13
ICS
ICS
added 3 days ago4 views

Rockwell Automation Arena

ADVISORY SUMMARY Successful exploitation these vulnerabilities could allow an attacker to execute arbitrary code in the context of the current process. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize...

6.3AI score
Exploits0References13
ICS
ICS
added 3 days ago4 views

Rockwell Automation FactoryTalk DataMosaix

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an authenticated attacker to inject malicious scripts on the server. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network...

8.4CVSS6.2AI score0.00311EPSS
Exploits0References13
ICS
ICS
added 3 days ago5 views

SALTO ProAccess Space

ADVISORY SUMMARY Successful exploitation of this vulnerability allows an authenticated attacker to escalate privileges and access spaces outside their assigned partition, within the same Salto ProAccess Space installation or system. Exploitation requires valid authenticated operator credentials...

7.1CVSS6AI score0.00192EPSS
Exploits0References11
ICS
ICS
added 3 days ago4 views

Rockwell Automation 1756-EN2, 1756-EN3, and 1756-ENBT

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all...

8.7CVSS6.1AI score0.00178EPSS
Exploits0References13
ICS
ICS
added 3 days ago14 views

AutomationDirect Productivity Suite

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker with local or physical access to cause memory corruption, unintended information disclosure, application instability, or a denial-of-service condition in the affected product. 2. RECOMMENDED PRACTICES CISA...

6.1AI score
Exploits0References13
Tenable Nessus
Tenable Nessus
added 3 days ago6 views

Fedora 44 : perl-HTTP-Date (2026-8cec3cbf5b)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8cec3cbf5b advisory. Changes: 6.08 2026-07-09 02:04:21Z - SECURITY Reject input longer than 64 characters in parsedate to prevent quadratic regex backtracking a denial of service...

5.4AI score0.00209EPSS
Exploits0References2
NVD
NVD
added 4 days ago9 views

CVE-2026-50183

WWBN AVideo is an open source video platform. Versions 29.0 and below contain a stored Cross-Site Scripting vulnerability in the YouTubeAPI plugin. The plugin renders the snippet.title field returned by the YouTube Data API into the homepage gallery markup with no HTML encoding. The title is set ...

4.7CVSS0.00162EPSS
Exploits0References2
NVD
NVD
added 4 days ago7 views

CVE-2026-15921

Node Version Manager nvm is a POSIX-compliant shell function for managing multiple node.js versions. In versions 0.32.1 through 0.40.5, nvm ls-remote and other commands that refresh remote LTS aliases, such as nvm install --lts parse the node.js mirror's index.tab and use each release's LTS...

3.1CVSS0.00225EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-15921 nvm path traversal via a malicious mirror's LTS codename writes outside the alias directory

Node Version Manager nvm is a POSIX-compliant shell function for managing multiple node.js versions. In versions 0.32.1 through 0.40.5, nvm ls-remote and other commands that refresh remote LTS aliases, such as nvm install --lts parse the node.js mirror's index.tab and use each release's LTS...

3.1CVSS0.00225EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-44818

Node Version Manager nvm is a POSIX-compliant shell function for managing multiple node.js versions. In versions 0.32.1 through 0.40.5, nvm ls-remote and other commands that refresh remote LTS aliases, such as nvm install --lts parse the node.js mirror's index.tab and use each release's LTS...

3.1CVSS6.4AI score0.00225EPSS
Exploits0References2
Rows per page
Query Builder