Lucene search
K

47717 matches found

The Hacker News
The Hacker News
added 2026/02/16 12:55 p.m.19 views

Weekly Recap: Outlook Add-Ins Hijack, 0-Day Patches, Wormable Botnet & AI Malware

This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, cloud setups, or workflows that people already trust and rarely question. Another signal: attackers are mixing old and new methods. Legacy botnet tactics, moder...

10CVSS7.9AI score0.86091EPSS
Exploits51
OSV
OSV
added 2026/02/16 12:30 p.m.6 views

GHSA-2PHX-FRHF-XR55 Mattermost Plugin Zoom allows any logged-in user to change Zoom meeting restrictions for arbitrary channels

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate the authenticated user when processing /plugins/zoom/api/v1/channel-preference, which allows any logged-in user to change Zoom meeting restrictions for arbitrary...

4.3CVSS5.7AI score0.00152EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/02/16 10:49 a.m.5 views

pybind: Improper use of Pybind

A flaw was found in Ceph. An attacker can allow Ceph to accept any certificate because no certificate context is passed via Pybind to the constructors imaplib.IMAP4SSL or smtplib.SMTPSSL. As a result, pybind pybind does not check the server's X.509 certificate, instead accepting any certificate...

5.8AI score0.00029EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/02/16 9:58 a.m.32 views

CVE-2026-0997 Mattermost Zoom Plugin channel preference API lacks authorization checks

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate the authenticated user when processing /plugins/zoom/api/v1/channel-preference, which allows any logged-in user to change Zoom meeting restrictions for arbitrary...

4.3CVSS0.00152EPSS
Exploits0References1
Rosalinux
Rosalinux
added 2026/02/16 7:14 a.m.12 views

Advisory ROSA-SA-2026-3144

Software: flac 1.3.2 OS: ROSA Virtualization 3.1 unaffected versions = flac-1.3.2-9.rv31.1 affected versions flac-1.3.2-9.rv31.1 CVE-ID: CVE-2020-22219 BDU-ID: 2023-06152 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the bitwritergrow in function of the FLAC audio codec is related to an operation...

7.8CVSS6.2AI score0.00749EPSS
Exploits1
Rosalinux
Rosalinux
added 2026/02/16 7:7 a.m.8 views

Advisory ROSA-SA-2026-3134

Software: flac 1.3.2 OS: ROSA Virtualization 2.1 unaffected versions = flac-1.3.2-9.rv3.1 affected versions flac-1.3.2-9.rv3.1 CVE-ID: CVE-2020-22219 BDU-ID: 2023-06152 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the bitwritergrow in function of the FLAC audio codec is related to an operation...

7.8CVSS6.2AI score0.00749EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2026/02/16 12:26 a.m.4 views

SUSE CVE-2026-23141

In the Linux kernel, the following vulnerability has been resolved: btrfs: send: check for inline extents in rangeisholeinparent Before accessing the diskbytenr field of a file extent item we need to check if we are dealing with an inline extent. This is because for inline extents their data star...

5.5CVSS5.2AI score0.00123EPSS
Exploits0References21
Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.8 views

PT-2026-20285

CVE-2026-1783 - Oracle WebLogic Server Remote Code Execution Vulnerability CVE ID : CVE-2026-1783 Published : Feb. 16, 2026, 4:19 p.m. | 1 hour, 47 minutes ago Description : Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/02/16 12:0 a.m.10 views

RHEL 8 : python-urllib3 (RHSA-2026:2728)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:2728 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

8.9CVSS5.7AI score0.02667EPSS
Exploits0References8
OSV
OSV
added 2026/02/15 10:58 p.m.1 views

ECHO-4FA3-D9C5-A303

Bulletin has no description...

5AI score0.00168EPSS
Exploits0References1
NVD
NVD
added 2026/02/15 4:15 p.m.6 views

CVE-2026-26367

eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the deleteUserAccount JSON-RPC method that permits any authenticated low-privileged user UGUSER to delete arbitrary user accounts, except for the built-in admin account. The application does not enforce...

8.1CVSS0.00373EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/02/15 3:29 p.m.4 views

CVE-2026-26367

eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the deleteUserAccount JSON-RPC method that permits any authenticated low-privileged user UGUSER to delete arbitrary user accounts, except for the built-in admin account. The application does not enforce...

7.1CVSS5.8AI score0.00373EPSS
Exploits2References3
EUVD
EUVD
added 2026/02/15 3:29 p.m.4 views

EUVD-2026-6143

eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the deleteUserAccount JSON-RPC method that permits any authenticated low-privileged user UGUSER to delete arbitrary user accounts, except for the built-in admin account. The application does not enforce...

7.1CVSS5.8AI score0.00373EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2026/02/15 12:0 a.m.4 views

FreeBSD : munge -- CWE-787: Out-of-bounds Write (17186409-09d2-11f1-a39c-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 17186409-09d2-11f1-a39c-b42e991fc52e advisory. https://github.com/dun/munge/security/advisories/GHSA-r9cr-jf4v-75gh reports: MUNGE is an authenticatio...

7.8CVSS6.3AI score0.00302EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/15 12:0 a.m.10 views

PT-2026-8251

eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the deleteUserAccount JSON-RPC method that permits any authenticated low-privileged user UG USER to delete arbitrary user accounts, except for the built-in admin account. The application does not enforce...

7.1CVSS5.8AI score0.00373EPSS
Exploits2References3
Debian CVE
Debian CVE
added 2026/02/14 4:1 p.m.7 views

CVE-2026-23172

In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: fix potential skb-frags overflow in RX path When receiving data in the DPMAIF RX path, the t7xxdpmaifsetfragtoskb function adds page fragments to an skb without checking if the number of fragments has exceeded...

8.4CVSS5.7AI score0.00136EPSS
Exploits0
OSV
OSV
added 2026/02/14 4:1 p.m.4 views

CVE-2026-23169 mptcp: fix race in mptcp_pm_nl_flush_addrs_doit()

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race in mptcppmnlflushaddrsdoit syzbot and Eulgyu Kim reported crashes in mptcppmnlgetlocalid and/or mptcppmnlisbackup Root cause is listspliceinit in mptcppmnlflushaddrsdoit which is not RCU ready. listspliceinitrcu c...

7.8CVSS5.2AI score0.00129EPSS
Exploits0References9
OSV
OSV
added 2026/02/14 4:1 p.m.4 views

CVE-2026-23156 efivarfs: fix error propagation in efivar_entry_get()

In the Linux kernel, the following vulnerability has been resolved: efivarfs: fix error propagation in efivarentryget efivarentryget always returns success even if the underlying efivarentryget fails, masking errors. This may result in uninitialized heap memory being copied to userspace in the...

7.8CVSS5.2AI score0.0012EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/02/14 3:36 p.m.4 views

CVE-2026-23141

In the Linux kernel, the following vulnerability has been resolved: btrfs: send: check for inline extents in rangeisholeinparent Before accessing the diskbytenr field of a file extent item we need to check if we are dealing with an inline extent. This is because for inline extents their data star...

5.5CVSS5.2AI score0.00123EPSS
Exploits0
Cvelist
Cvelist
added 2026/02/14 3:14 p.m.31 views

CVE-2026-23134 slab: fix kmalloc_nolock() context check for PREEMPT_RT

In the Linux kernel, the following vulnerability has been resolved: slab: fix kmallocnolock context check for PREEMPTRT On PREEMPTRT kernels, locallock becomes a sleeping lock. The current check in kmallocnolock only verifies we're not in NMI or hard IRQ context, but misses the case where...

0.00107EPSS
Exploits0References2
Rows per page
Query Builder