Lucene search
K

2405 matches found

Nuclei
Nuclei
added 5 hours ago64 views

ZimaOS <= v1.2.4 - Sensitive Information Disclosure

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoints in ZimaOS, such as http:///v1/users/image?path=/var/lib/casaos/1/apporder.json and http:///v1/users/image?path=/var/lib/casaos/1/system.json,...

7.5CVSS6.1AI score0.20599EPSS
Exploits1References3
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago8 views

Malicious code in nodepack-daemon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b976e6ab638a52663d25f360bffec6706dc82991ad27c552788a5a4d785ff89f The package presents itself as the popular pino logger README badges, file layout mirroring pino's lib/proto.js, lib/redaction.js, lib/transport.js,...

6.5AI score
Exploits0References2
OSV
OSV
added 2026/07/03 4:6 p.m.7 views

MAL-2026-6746 Malicious code in typescript-util-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5f5a6bd9cf4dfc55c5c01859852cf26435e42d4b846384d08b80b7d609b27ad1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:53 p.m.13 views

Malicious code in @cxp-shared/string-utilities (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d2cd735ed6a2711ca0dfcb8cb4fee948afe5e923d6b56743b3fd7ee922bd8d14 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
NVD
NVD
added 2026/06/22 2:17 p.m.11 views

CVE-2026-6673

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 fail to authenticate Atlassian Connect installed callbacks, allowing a remote unauthenticated attacker to inject a rogue sharedSecret and disrupt the Jira integration via POST to /ac/installed during the...

6.4CVSS0.00177EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 1:38 p.m.10 views

EUVD-2026-38249

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 fail to authenticate Atlassian Connect installed callbacks, allowing a remote unauthenticated attacker to inject a rogue sharedSecret and disrupt the Jira integration via POST to /ac/installed during the...

6.4CVSS6AI score0.00177EPSS
Exploits0References1
Fedora
Fedora
added 2026/06/21 1:11 a.m.7 views

[SECURITY] Fedora 43 Update: kubernetes1.33-1.33.13-1.fc43

Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machin...

8.7CVSS5.7AI score0.00656EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/16 9:6 a.m.12 views

Important: Red Hat Security Advisory: General availability of the satellite/iop-host-inventory-rhel9 container image

A new satellite/iop-host-inventory-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services,...

8.2CVSS6.6AI score0.01438EPSS
Exploits4References9
OSV
OSV
added 2026/06/11 7:16 a.m.10 views

MAL-2026-5587 Malicious code in 0x2ai-demo1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fdc7c661d4867578d3dd920010bccc1e79fcae8753b5bf549f44ea8a45cde502 On npm install, scripts/postinstall.cjs runs fs.cpSyncpayload, cwd, recursive: true with cwd=process.env.INITCWD || process.cwd — recursively writing...

5.5AI score
Exploits0References3
OSV
OSV
added 2026/06/11 12:19 a.m.11 views

MAL-2026-5538 Malicious code in hex-type (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7d0271fe97ea66e9ff2ba3a0ea225364324f28138af32c337d6ed8b2b99e5ad Package metadata description "A universally-unique, lexicographically-sortable, identifier generator", homepage github.com/ulid/javascript, build...

5.5AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.10 views

CVE-2026-27648

in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps...

8.8CVSS6.2AI score0.00552EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.12 views

CVE-2026-24792

in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps...

8.1CVSS6.2AI score0.00428EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 12:31 a.m.11 views

EUVD-2026-34497

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. Chromium security severity: Medium...

5.8AI score0.00158EPSS
Exploits0References3
OSV
OSV
added 2026/06/05 12:17 a.m.7 views

DEBIAN-CVE-2026-11308

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a crafted Chrome Extension. Chromium security severity: Low...

6.3CVSS5.4AI score0.00099EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/04 11:4 p.m.8 views

CVE-2026-11026

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. Chromium security severity: Medium...

6.5CVSS5.4AI score0.00166EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/03 7:7 p.m.25 views

Important: Red Hat Security Advisory: Red Hat Web Terminal Operator 1.15.0 release.

Red Hat Web Terminal Operator 1.15.0 has been released. The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed...

9.1CVSS7.2AI score0.01557EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2026/06/03 7:6 p.m.18 views

Important: Red Hat Security Advisory: Red Hat Web Terminal Operator 1.14.0 release.

Red Hat Web Terminal Operator 1.14.0 has been released. The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed...

9.1CVSS7.2AI score0.01557EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2026/05/27 5:2 a.m.5 views

SUSE CVE-2022-32223

Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine: OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf”...

7.3CVSS6.6AI score0.01732EPSS
Exploits1References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux - Vulnerability in Firefox and Thunderbird

Using XMLHttpRequest, an attacker could have identified installed applications by analyzing error messages related to loading external protocols. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

6.5CVSS6.6AI score0.01714EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in libxstream-java

XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream, if the library is used in versions outside the box with...

8.5CVSS7.8AI score0.04457EPSS
Exploits1References1
Rows per page
Query Builder