Lucene search
K

194005 matches found

Ivanti
Ivanti
added 2026/12/05 2:0 p.m.23 views

Security Advisory - Ivanti Xtraction (CVE-2026-8043)

Summary Ivanti has released an update for Ivanti Xtraction which addresses one Critical severity vulnerability. Successful exploitation could lead to sensitive information disclosure and client-side attacks. We are not aware of any customers being exploited by this vulnerability at the time of...

9.6CVSS5.9AI score0.00869EPSS
Exploits0
NVD
NVD
added 24 minutes ago2 views

CVE-2026-40047

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Camel Docling component. The camel-docling component invokes the external docling command-line tool by assembling an argument list in DoclingProducer and executing it through...

Exploits0References1
NVD
NVD
added 24 minutes ago2 views

CVE-2026-24014

Apache IoTDB DataNode’s internal RPC interface for creating Trigger instances uses the uploaded Trigger JAR name to build a file path without sufficient validation. If the internal DataNode RPC port is exposed to an untrusted network, an attacker may use path traversal sequences in the JAR name t...

Exploits0References1
CVE
CVE
added 1 hour ago2 views

CVE-2026-24014

Apache IoTDB DataNode’s internal RPC interface for creating Trigger instances uses the uploaded Trigger JAR name to build a file path without sufficient validation. If the internal DataNode RPC port is exposed to an untrusted network, an attacker may use path traversal sequences in the JAR name t...

6AI score
Exploits0References1
Cvelist
Cvelist
added 1 hour ago3 views

CVE-2026-24014 Apache IoTDB: Path Traversal in DataNode Internal RPC Trigger JAR Upload Allows Arbitrary File Write

Apache IoTDB DataNode’s internal RPC interface for creating Trigger instances uses the uploaded Trigger JAR name to build a file path without sufficient validation. If the internal DataNode RPC port is exposed to an untrusted network, an attacker may use path traversal sequences in the JAR name t...

Exploits0References1
The Hacker News
The Hacker News
added 1 hour ago2 views

New Java-Based QuimaRAT MaaS Built to Run on Windows, Linux, and macOS

Cybersecurity researchers have flagged a novel Java-based remote access trojan RAT called QuimaRAT that's capable of targeting Windows, Linux, and macOS environments. According to LevelBlue, the cross-platform malware is advertised under a malware-as-a-service MaaS model, costing anywhere between...

6.3AI score
Exploits0
CVE
CVE
added 1 hour ago6 views

CVE-2026-40047

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Camel Docling component. The camel-docling component invokes the external docling command-line tool by assembling an argument list in DoclingProducer and executing it through...

5.9AI score
Exploits0References1
Cvelist
Cvelist
added 1 hour ago3 views

CVE-2026-40047 Apache Camel: Camel-Docling: Insufficient validation of custom CLI arguments enables argument injection and path traversal in DoclingProducer

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Camel Docling component. The camel-docling component invokes the external docling command-line tool by assembling an argument list in DoclingProducer and executing it through...

Exploits0References1
The Hacker News
The Hacker News
added 3 hours ago11 views

SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing

Scanners meant to catch malicious add-on "skills" for AI coding agents can be fooled by a few simple changes that leave the malware working, according to a new study from researchers at the Hong Kong University of Science and Technology. Their strongest trick slipped past every scanner tested mor...

6.1AI score
Exploits0
OSV
OSV
added 3 hours ago2 views

OESA-2026-2879 freeipmi security update

The package provides "Remote-Console" and "System Management software" based on intelligent platform management interface specification. Security Fixes: ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface IPMI...

7.5CVSS6.2AI score0.00405EPSS
Exploits0References2
OSV
OSV
added 3 hours ago2 views

OESA-2026-2878 freeipmi security update

The package provides "Remote-Console" and "System Management software" based on intelligent platform management interface specification. Security Fixes: ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface IPMI...

7.5CVSS6.1AI score0.00405EPSS
Exploits0References2
OSV
OSV
added 3 hours ago2 views

OESA-2026-2877 freeipmi security update

The package provides "Remote-Console" and "System Management software" based on intelligent platform management interface specification. Security Fixes: ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface IPMI...

7.5CVSS6.2AI score0.00405EPSS
Exploits0References2
OSV
OSV
added 3 hours ago2 views

OESA-2026-2876 freeipmi security update

The package provides "Remote-Console" and "System Management software" based on intelligent platform management interface specification. Security Fixes: ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface IPMI...

7.5CVSS6.1AI score0.00405EPSS
Exploits0References2
OSV
OSV
added 3 hours ago2 views

OESA-2026-2869 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A...

9.8CVSS6.2AI score0.00595EPSS
Exploits2References46
OSV
OSV
added 3 hours ago2 views

OESA-2026-2863 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

8.8CVSS6.3AI score0.00303EPSS
Exploits0References6
OSV
OSV
added 3 hours ago2 views

OESA-2026-2862 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

8.4CVSS6.2AI score0.00154EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 5 hours ago5 views

flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation

A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...

8.7CVSS7.1AI score0.00323EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 6 hours ago4 views

Malicious code in neon-terminal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe8b090e304f95042a17db9e22edef03d8cdd073a214806e8aa3ebe7b2d138f9 neon-terminal advertises itself as an ANSI color helper but its CJS entry dist/index.cjs and ESM entry src/index.js each execute a shell command at t...

6AI score
Exploits0References7
OSV
OSV
added 6 hours ago2 views

MAL-2026-6793 Malicious code in neon-terminal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe8b090e304f95042a17db9e22edef03d8cdd073a214806e8aa3ebe7b2d138f9 neon-terminal advertises itself as an ANSI color helper but its CJS entry dist/index.cjs and ESM entry src/index.js each execute a shell command at t...

6AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 9 hours ago2 views

PT-2026-55881

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Camel Docling component. The camel-docling component invokes the external docling command-line tool by assembling an argument list in DoclingProducer and executing it through...

Exploits0References2
Rows per page
Query Builder