Lucene search
K

47725 matches found

Mageia
Mageia
added 2026/02/09 7:56 p.m.10 views

Updated nginx packages fix security vulnerability

MitM injection. CVE-2026-1642...

8.2CVSS5.5AI score0.00339EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/09 7:25 p.m.21 views

CVE-2026-25491 Craft has a Stored XSS in Entry Types Name

Craft is a platform for creating digital experiences. From 5.0.0-RC1 to 5.8.21, Craft has a stored XSS via Entry Type names. The name is not sanitized when displayed in the Entry Types list. This vulnerability is fixed in 5.8.22...

4.8CVSS0.0031EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/09 7:16 p.m.30 views

CVE-2026-25057 Zip Slip in MarkUs config upload allowing RCE

MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, instructors are able to upload a zip file to create an assignment from an exported configuration courses//assignments/uploadconfigfiles. The uploaded zip file entry names are used to create paths to...

9.1CVSS0.00469EPSS
Exploits0References3
NVD
NVD
added 2026/02/09 7:15 p.m.6 views

CVE-2026-24677

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, ecamencodercompressh264 trusts server-controlled dimensions and does not validate the source buffer size, leading to an out-of-bounds read in swsscale. This vulnerability is fixed in 3.22.0...

9.1CVSS0.00489EPSS
Exploits0References2
OSV
OSV
added 2026/02/09 7:15 p.m.5 views

UBUNTU-CVE-2026-24675

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urbselectinterface can free the device's MS config on error but later code still dereferences it, leading to a use after free in libusbudevselectinterface. This vulnerability is fixed in 3.22.0...

8.7CVSS5.9AI score0.00467EPSS
Exploits0References4
OSV
OSV
added 2026/02/09 7:15 p.m.1 views

UBUNTU-CVE-2026-24679

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, The URBDRC client uses server-supplied interface numbers as array indices without bounds checks, causing an out-of-bounds read in libusbudevselectinterface. This vulnerability is fixed in 3.22.0...

9.1CVSS5.8AI score0.00489EPSS
Exploits0References4
OSV
OSV
added 2026/02/09 7:15 p.m.3 views

UBUNTU-CVE-2026-24678

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in ecamchannelwrite. This vulnerability is fixed in 3.22.0...

8.7CVSS5.8AI score0.00628EPSS
Exploits0References4
CVE
CVE
added 2026/02/09 6:58 p.m.42 views

CVE-2026-25598

The CVE-2026-25598 issue affects Harden-Runner (GitHub Actions Community Tier) prior to version 2.14.2. The root cause is that outbound traffic using socket calls sendto, sendmsg, and sendmmsg could bypass audit logging when egress-policy is set to audit, enabling potential evasion of monitoring....

6.3CVSS5.4AI score0.00313EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/02/09 6:22 p.m.33 views

CVE-2026-24683

FreeRDP vulnerability CVE-2026-24683 affects the FreeRDP Remote Desktop Protocol implementation where ainput_send_input_event caches channel_callback in a local variable and later uses it without synchronization. A concurrent channel close can free or reinitialize the callback, leading to a use-a...

8.7CVSS5.5AI score0.00467EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/02/09 6:20 p.m.3 views

CVE-2026-24681

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urbwritecompletion. This vulnerability is fixed in 3.22.0...

8.7CVSS5.3AI score0.00467EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/02/09 6:19 p.m.7 views

CVE-2026-24680

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, sdlPointerNew frees data on failure, then pointerfree calls sdlPointerFree and frees it again, triggering ASan UAF. This vulnerability is fixed in 3.22.0...

8.7CVSS5.6AI score0.00423EPSS
Exploits0References3Affected Software1
HackRead
HackRead
added 2026/02/09 10:46 a.m.4 views

China-Linked DKnife Spyware Hijacking Internet Routers Since 2019

Cisco Talos uncovers DKnife, a China-nexus framework targeting routers and edge devices. Learn how seven stealthy implants hijack data and deliver malware via AitM attacks...

5.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/02/09 8:1 a.m.7 views

A week in security (February 2 – February 8)

Last week on Malwarebytes Labs: Apple Pay phish uses fake support calls to steal payment details Open the wrong "PDF" and attackers gain remote access to your PC Flock cameras shared license plate data without permission Grok continues producing sexualized images after promised fixes Firefox is...

5.7AI score
Exploits0
NVD
NVD
added 2026/02/09 6:16 a.m.4 views

CVE-2026-22613

The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton Network M3 which is available on the...

5.7CVSS0.00154EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/09 5:39 a.m.6 views

CVE-2026-22613

The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton Network M3 which is available on the...

5.7CVSS5.4AI score0.00154EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/09 5:39 a.m.3 views

CVE-2026-22613

The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton Network M3 which is available on the...

5.7CVSS5.5AI score0.00154EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/09 5:39 a.m.27 views

CVE-2026-22613

The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton Network M3 which is available on the...

5.7CVSS0.00154EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/09 3:24 a.m.5 views

CVE-2025-66600

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product lacks HSTS HTTP Strict Transport Security configuration. When an attacker performs a Man in the middle MITM attack, communications with the web server could be sniffed. The affected products and...

8.8CVSS5.3AI score0.00308EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/09 3:24 a.m.29 views

CVE-2025-66600

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product lacks HSTS HTTP Strict Transport Security configuration. When an attacker performs a Man in the middle MITM attack, communications with the web server could be sniffed. The affected products and...

8.8CVSS0.00308EPSS
Exploits0References1
CVE
CVE
added 2026/02/09 3:24 a.m.9 views

CVE-2025-66600

Summary: CVE-2025-66600 affects Yokogawa FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) versions R9.01–R10.04. The issue stems from missing HTTP Strict Transport Security (HSTS) configuration, enabling an attacker to perform MITM on the web server communications. The connected docum...

8.8CVSS5.2AI score0.00308EPSS
Exploits0References1
Rows per page
Query Builder