Lucene search
+L

726 matches found

GithubExploit
GithubExploit
added 3 hours ago9 views

Exploit for CVE-2026-60137

Compromise Scanner for wp2shell read-only A standalone, r...

9.8CVSS5.7AI score0.08946EPSS
Exploits34
Circl
Circl
added 3 days ago5 views

CVE-2025-66680

creationtimestamp| type| source ---|---|--- 2026-07-16 19:00:27+00:00| seen| Telegram/Go2mbO6T6ENYXGQQscwFrV9HUbwocawJhfgUeLLUItaC9Ko 2026-07-16 19:00:28+00:00| seen| Telegram/V5mTmbk9lnTnZ4jN3rhRcXNWqgo23Po-CHoFPn2rBCSBzO0 2026-07-17 00:00:44+00:00| seen|...

7.1CVSS4.8AI score0.00203EPSS
Exploits1
NVD
NVD
added 2026/07/08 9:16 p.m.8 views

CVE-2026-35210

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260326.0, an authorization bypass vulnerability in OpenCTI allows any authenticated user with KNOWLEDGEKNUPDATE permission to bypass Confidence Level validation and Object Marking...

7.1CVSS0.00252EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/08 9:6 p.m.33 views

CVE-2026-35210 OpenCTI: Authorization Bypass via `synchronized-upsert` HTTP Header Injection

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260326.0, an authorization bypass vulnerability in OpenCTI allows any authenticated user with KNOWLEDGEKNUPDATE permission to bypass Confidence Level validation and Object Marking...

7.1CVSS0.00252EPSS
Exploits0References4
CVE
CVE
added 2026/07/08 9:6 p.m.16 views

CVE-2026-35210

Summary: OpenCTI prior to version 7.260326.0 contains an authorization bypass via the synchronized-upsert: true HTTP header, exploitable by any authenticated user with KNOWLEDGE_KNUPDATE permission. This allows bypassing Confidence Level validation and Object Marking restrictions, enabling attack...

7.1CVSS5.9AI score0.00252EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2026/07/08 1:9 p.m.4 views

openssh: Heap out-of-bounds read in Red Hat Enterprise Linux versions of OpenSSH GSSAPI indicator cleanup due to missing NULL sentinel termination

A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI Generic Security Service Application Programming Interface indicators when a trailing NULL termination is missing in the auth-indicators array. A remote attacker, under specific...

3.7CVSS6AI score0.00367EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.15 views

PT-2026-56601

Name of the Vulnerable Software and Affected Versions OpenCTI versions prior to 7.260326.0 Description An authorization bypass allows authenticated users with KNOWLEDGE KNUPDATE permission to circumvent Confidence Level validation and Object Marking restrictions. This is achieved by injecting the...

7.1CVSS6.1AI score0.00252EPSS
Exploits0References8
Circl
Circl
added 2026/07/01 10:25 a.m.11 views

CVE-2026-11568

creationtimestamp| type| source ---|---|--- 2026-07-01 10:25:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mplcipx3vb27 2026-07-01 11:45:06+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mplgwjyfwx23...

7.5CVSS5.8AI score0.00284EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 2:16 p.m.9 views

Malicious code in ts-einkle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa992a8f9afcf95d3c0e35b6abc290ff565b450663f6d43511467cd370eefce8 [email protected] ships a comprehensive installer-side stealer in its main module peer-math.js. On require, syncSession runs a chain packProjectBundle,...

5.8AI score
Exploits0References5
The Hacker News
The Hacker News
added 2026/06/26 12:31 p.m.14 views

CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a critical remote code execution vulnerability impacting PTC Windchill PDMlink and PTC FlexPLM enterprise Product Data Management PDM and Product Lifecycle Management PLM software to its Known Exploited Vulnerabiliti...

9.3CVSS6.7AI score0.01247EPSS
Exploits0
OSV
OSV
added 2026/06/25 6:39 a.m.8 views

MAL-2026-6443 Malicious code in agentsync-pkg (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b383c760dffae4a26d7f94b433bbe00dedb2426b23f4713610d6f5f36c594cf1 On every import / require'agentsync-pkg', src/index.js line 152 resolves bin/native/parser.node and calls require on it: const p =...

6AI score
Exploits0References3
Microsoft Secure
Microsoft Secure
added 2026/06/24 12:30 p.m.35 views

StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them

In this article 1. The role of infostealers: From credential theft to intrusion 2. StealC: Infostealer for rent 3. Amadey: Malware-as-a-service for delivery of infostealers 4. Defending against StealC and Amadey intrusions 5. Microsoft Defender detections 6. Indicators of compromise Infostealers...

6.2AI score
Exploits0
NVD
NVD
added 2026/06/23 4:17 a.m.26 views

CVE-2026-55654

A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI Generic Security Service Application Programming Interface indicators when a trailing NULL termination is missing in the auth-indicators array. A remote attacker, under specific...

3.7CVSS0.00367EPSS
Exploits1References3
OSV
OSV
added 2026/06/23 4:17 a.m.5 views

UBUNTU-CVE-2026-55654

A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI Generic Security Service Application Programming Interface indicators when a trailing NULL termination is missing in the auth-indicators array. A remote attacker, under specific...

3.7CVSS5.8AI score0.00367EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/23 3:37 a.m.10 views

CVE-2026-55654

A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI Generic Security Service Application Programming Interface indicators when a trailing NULL termination is missing in the auth-indicators array. A remote attacker, under specific...

3.7CVSS5.8AI score0.00367EPSS
Exploits1References4
CVE
CVE
added 2026/06/23 3:37 a.m.98 views

CVE-2026-55654

CVE-2026-55654 describes a heap out-of-bounds read in OpenSSH during GSSAPI indicator cleanup when a trailing NULL termination is missing in the auth-indicators array. A remote attacker in configurations using GSSAPI authentication with Kerberos could trigger a crash/abort in the SSH authenticati...

3.7CVSS5.8AI score0.00367EPSS
Exploits1References3Affected Software3
EUVD
EUVD
added 2026/06/23 3:37 a.m.14 views

EUVD-2026-38414

A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI Generic Security Service Application Programming Interface indicators when a trailing NULL termination is missing in the auth-indicators array. A remote attacker, under specific...

3.7CVSS5.8AI score0.00367EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/23 3:36 a.m.14 views

CVE-2026-55654

A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI Generic Security Service Application Programming Interface indicators when a trailing NULL termination is missing in the auth-indicators array. A remote attacker, under specific...

3.7CVSS5.8AI score0.00367EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-55654

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI Generic Security Service Application Programming...

3.7CVSS5.8AI score0.00367EPSS
Exploits1References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 12:0 p.m.19 views

Malicious code in @frostnode/waitfor (npm)

@frostnode/waitfor malicious versions 0.9.0, 0.10.3, 0.10.4, and 0.10.5, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accoun...

6.1AI score
Exploits0References7
Rows per page
Query Builder