Lucene search
K

1151418 matches found

The Hacker News
The Hacker News
added 1 hour ago6 views

Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker

U.S. prosecutors linked an alleged Scattered Spider hacker to a break-in at a luxury jewelry retailer using a persistent Windows device ID, according to a newly unsealed federal complaint. Microsoft records tied that ID first to the account the attackers used to keep access during the May 2025...

6AI score
Exploits0
Github Security Blog
Github Security Blog
added 1 hour ago0 views

ONNX has Null Pointer Dereference in Upsample Version Converter Adapter (Zero Inputs)

Summary Null pointer dereference SIGSEGV in Upsample67::adaptupsample67 onnx/versionconverter/adapters/upsample67.h:31 when convertversion processes a model with an Upsample node that has zero inputs. The adapter accesses node-inputs0-sizes without checking input count. 107-byte PoC crashes on...

Exploits0References4Affected Software1
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42029

In Apache Airflow before 3.3.0, the REST API task-instance detail and list endpoints returned a deferred task's trigger kwargs without masking. When a deferred operator passed a secret for example a provider API key into its trigger, any authenticated user with DAG-scoped task-instance read acces...

6.5CVSS6AI score
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 3 hours ago5 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in helpers

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in helpers. CVE-2025-27789 The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript...

6.2CVSS6.5AI score0.00478EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 4 hours ago5 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in qs

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in qs. CVE-2026-8723 The vulenrabilty have been addressed. Vulnerability Details CVEID:CVE-2026-8723 DESCRIPTION: Summary qs.stringify throws TypeError when called with arrayFormat:...

6.3CVSS7.1AI score0.00351EPSS
Exploits0Affected Software2
PyPA
PyPA
added 4 hours ago3 views

Buffer overflow in `CONV_3D_TRANSPOSE` on TFLite

ImpactThe reference kernel of the CONV3DTRANSPOSE TensorFlow Lite operator wrongly increments the dataptr when adding the bias to the result.Instead of dataptr += numchannels; it should be dataptr += outputnumchannels; as if the number of input channels is different than the number of output...

8.1CVSS7.3AI score0.00523EPSS
Exploits1References7Affected Software1
NVD
NVD
added 4 hours ago4 views

CVE-2026-49487

In Apache Airflow before 3.3.0, the REST API task-instance detail and list endpoints returned a deferred task's trigger kwargs without masking. When a deferred operator passed a secret for example a provider API key into its trigger, any authenticated user with DAG-scoped task-instance read acces...

6.5CVSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 5 hours ago3 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in uuid.

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in uuid. CVE-2026-41988 The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2026-41988 DESCRIPTION: uuid before 14.0.0 can make unexpected writes when external outp...

3.2CVSS5.9AI score0.00138EPSS
Exploits0Affected Software2
Vulnrichment
Vulnrichment
added 5 hours ago1 views

CVE-2026-49487 Apache Airflow: Task-instance API exposes secrets in deferred trigger kwargs

In Apache Airflow before 3.3.0, the REST API task-instance detail and list endpoints returned a deferred task's trigger kwargs without masking. When a deferred operator passed a secret for example a provider API key into its trigger, any authenticated user with DAG-scoped task-instance read acces...

6AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 5 hours ago3 views

CVE-2026-49487

In Apache Airflow before 3.3.0, the REST API task-instance detail and list endpoints returned a deferred task's trigger kwargs without masking. When a deferred operator passed a secret for example a provider API key into its trigger, any authenticated user with DAG-scoped task-instance read acces...

6.5CVSS6AI score
Exploits0References3
Cvelist
Cvelist
added 5 hours ago5 views

CVE-2026-49487 Apache Airflow: Task-instance API exposes secrets in deferred trigger kwargs

In Apache Airflow before 3.3.0, the REST API task-instance detail and list endpoints returned a deferred task's trigger kwargs without masking. When a deferred operator passed a secret for example a provider API key into its trigger, any authenticated user with DAG-scoped task-instance read acces...

Exploits0References2
CVE
CVE
added 5 hours ago5 views

CVE-2026-49487

In Apache Airflow before 3.3.0, the REST API task-instance detail and list endpoints returned a deferred task's trigger kwargs without masking. When a deferred operator passed a secret for example a provider API key into its trigger, any authenticated user with DAG-scoped task-instance read acces...

6.5CVSS6AI score
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 7 hours ago3 views

Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (June 2026 - Part 2 of 2)

Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161...

9.6CVSS6.8AI score0.00743EPSS
Exploits1Affected Software1
NVD
NVD
added 9 hours ago3 views

CVE-2026-27790

Uncaught Exception CWE-248 in the T20 Readers allows an authenticated and authorized operator to trigger a restart by sending specific requests, resulting in a temporary denial of service. Version of Command Centre affected: 9.50 prior to vCR9.50.260616a distributed in 9.50.1587MR1 9.40 prior to...

2.7CVSS
Exploits0References1
NVD
NVD
added 9 hours ago4 views

CVE-2026-27844

Uncaught Exception CWE-248 in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated and authorized operator to trigger a Controller restart by sending specific requests, resulting in a temporary denial of service. Version of Command Centre affected: 9.50 prior t...

2.7CVSS
Exploits0References1
NVD
NVD
added 9 hours ago3 views

CVE-2026-26053

An Incorrect Privilege Assignment CWE-266 vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would not normally be authorized to perform. Version of Command Centre affected: 9.50 prior to vEL9.50.1587MR1, 9.40...

5.3CVSS
Exploits0References1
Vulnrichment
Vulnrichment
added 10 hours ago2 views

CVE-2026-27844

Uncaught Exception CWE-248 in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated and authorized operator to trigger a Controller restart by sending specific requests, resulting in a temporary denial of service. Version of Command Centre affected: 9.50 prior t...

2.7CVSS6AI score
Exploits0References1
EUVD
EUVD
added 10 hours ago4 views

EUVD-2026-42002

Uncaught Exception CWE-248 in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated and authorized operator to trigger a Controller restart by sending specific requests, resulting in a temporary denial of service. Version of Command Centre affected: 9.50 prior t...

2.7CVSS6AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 10 hours ago2 views

CVE-2026-27844

Uncaught Exception CWE-248 in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated and authorized operator to trigger a Controller restart by sending specific requests, resulting in a temporary denial of service. Version of Command Centre affected: 9.50 prior t...

2.7CVSS6AI score
Exploits0References2Affected Software1
Cvelist
Cvelist
added 10 hours ago9 views

CVE-2026-27844

Uncaught Exception CWE-248 in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated and authorized operator to trigger a Controller restart by sending specific requests, resulting in a temporary denial of service. Version of Command Centre affected: 9.50 prior t...

2.7CVSS
Exploits0References1
Rows per page
Query Builder