Lucene search
+L

285898 matches found

OSV
OSV
added in 6 hours8 views

UBUNTU-CVE-2026-11386

An input validation and injection vulnerability exists in Canonical ubuntu-pro-client formerly ubuntu-advantage-tools. The client constructs APT source files such as /etc/apt/sources.list.d/ubuntu-.list or their DEB822 equivalents using data received directly from the contract server response via...

9CVSS6.4AI score
Exploits0References3
NVD
NVD
added 5 hours ago5 views

CVE-2026-62241

clawvet self-hosted API server apps/api before 0.7.5 hard-codes a fallback JWT secret 'clawvet-dev-secret-change-me' in auth.ts and ships it as the default in .env.example. Because GET /api/v1/scans returns scan records containing userId values without authentication, a remote unauthenticated...

9.3CVSS
Exploits0References2
Richard Bejtlich's blog
Richard Bejtlich's blog
added 5 hours ago2 views

FreeBSD Released the Most Security Advisories in Project History in June 2026

On average, the FreeBSD security team releases about 2 security advisories per month. AI has changed this. In April, the project released 8 advisories, with 6 powered by AI. In May, the count decreased slightly to 7. Today I took a look at the FreeBSD Security Advisory page to check the latest...

6.2AI score
Exploits0
EUVD
EUVD
added 7 hours ago6 views

EUVD-2026-45063

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

4.6CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 7 hours ago6 views

EUVD-2026-45060

Improper neutralization of input during web page generation 'cross-site scripting' in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network...

6.1CVSS6.1AI score
Exploits0References2
CVE
CVE
added 7 hours ago10 views

CVE-2026-62241

CVE-2026-62241 affects the clawvet self-hosted API server (apps/api) prior to 0.7.5. The vulnerability arises from a hard-coded fallback JWT secret ('clawvet-dev-secret-change-me') implemented in auth.ts and shipped as the default in .env.example. Because GET /api/v1/scans returns scan records co...

9.3CVSS6.1AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 7 hours ago4 views

CVE-2026-62241

clawvet self-hosted API server apps/api before 0.7.5 hard-codes a fallback JWT secret 'clawvet-dev-secret-change-me' in auth.ts and ships it as the default in .env.example. Because GET /api/v1/scans returns scan records containing userId values without authentication, a remote unauthenticated...

9.3CVSS6.1AI score
Exploits0References3
Cvelist
Cvelist
added 7 hours ago9 views

CVE-2026-62241 clawvet < 0.7.5 Hard-coded JWT Secret Session Forgery

clawvet self-hosted API server apps/api before 0.7.5 hard-codes a fallback JWT secret 'clawvet-dev-secret-change-me' in auth.ts and ships it as the default in .env.example. Because GET /api/v1/scans returns scan records containing userId values without authentication, a remote unauthenticated...

9.3CVSS
Exploits0References2
EUVD
EUVD
added 7 hours ago5 views

EUVD-2026-45085

clawvet self-hosted API server apps/api before 0.7.5 hard-codes a fallback JWT secret 'clawvet-dev-secret-change-me' in auth.ts and ships it as the default in .env.example. Because GET /api/v1/scans returns scan records containing userId values without authentication, a remote unauthenticated...

9.3CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 7 hours ago4 views

PT-2026-60649

clawvet self-hosted API server apps/api before 0.7.5 hard-codes a fallback JWT secret 'clawvet-dev-secret-change-me' in auth.ts and ships it as the default in .env.example. Because GET /api/v1/scans returns scan records containing userId values without authentication, a remote unauthenticated...

9.3CVSS6.1AI score
Exploits0References2
Microsoft Secure
Microsoft Secure
added yesterday8 views

ACR Stealer: Two observed intrusion chains amid increased threat activity

In this article 1. Campaign 1: WebDAV-based ClickFix with Python loaders and blockchain C2 2. Campaign 2: MSHTA-initiated PowerShell chain with steganographic payload delivery 3. Mitigation and protection guidance 4. References 5. Learn more From late April 2026 to mid-June 2026, Microsoft Defend...

6.4AI score
Exploits0
GithubExploit
GithubExploit
added yesterday18 views

Exploit for CVE-2026-58457

CVE-2026-58457 - Unauthenticated OS Command Injection in Shenz...

9.8CVSS6.2AI score0.01671EPSS
Exploits1
NVD
NVD
added yesterday4 views

CVE-2026-58643

Improper neutralization of input during web page generation 'cross-site scripting' in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network...

6.1CVSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-62826

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

4.6CVSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-45334

Kirby is an open-source content management system. In versions prior to 4.9.1 and 5.4.1, the content-locking feature returned lock information without checking the requesting user's access permissions. Kirby's Panel includes a content-locking feature that records which user currently has a model...

5.3CVSS0.00033EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-62826

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

4.6CVSS6.1AI score
Exploits0References2Affected Software3
CVE
CVE
added yesterday12 views

CVE-2026-62826

CVE-2026-62826 affects Microsoft SharePoint Server where improper neutralization of input during web page generation enables an authorized attacker to spoof over a network. The NVD entry (CVSS 3.1: AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N, base score 4.6) confirms cross-site scripting vulnerability wi...

4.6CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-62826 Microsoft SharePoint Server Spoofing Vulnerability

...

4.6CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-58643

Improper neutralization of input during web page generation 'cross-site scripting' in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network...

6.1CVSS6.1AI score
Exploits0References2Affected Software1
CVE
CVE
added yesterday5 views

CVE-2026-58643

CVE-2026-58643 describes an improper neutralization of input during web page generation (XSS) in Windows Admin Center, enabling spoofing over a network. Affected component: Windows Admin Center frontend/web page rendering. Root cause: inadequate input handling during page generation. Impact: netw...

6.1CVSS6.1AI score
Exploits0References1
Rows per page
Query Builder