Lucene search
K

152 matches found

CVE
CVE
added 2026/06/30 1:37 p.m.11 views

CVE-2026-35097

The CVE affects KTM System e-BOK, where the password policy allows only numeric passwords up to six digits. Root cause is a restricted character set and short max length, resulting in weak credential requirements. The issue has been addressed by a patch published in June 2026. Remediation recomme...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 1:37 p.m.8 views

EUVD-2026-40324

KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, special, or extended characters. This issue was fixed in the patch published in June 2026...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/10 3:0 p.m.14 views

CVE-2026-11764

When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This is inconsistent with the UI and API where only the first letters of the gift card secret are shown...

6.9CVSS5.5AI score0.00229EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/05 3:31 a.m.29 views

SUSE CVE-2025-21910

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: regulatory: improve invalid hints checking Syzbot keeps reporting an issue 1 that occurs when erroneous symbols sent from userspace get through into useralpha2 via regulatoryhintuser call. Such invalid regulatory...

5.5CVSS6.2AI score0.002EPSS
Exploits0References16
HackRead
HackRead
added 2026/05/17 11:55 a.m.15 views

Scammers Send Physical Phishing Letters to Steal Ledger Wallet Seed Phrases

Scammers are mailing fake Ledger phishing letters to users in Italy with QR codes that trick crypto wallet users into revealing seed phrases...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/17 3:5 p.m.8 views

@ckeditor/ckeditor-cloud-services-collaboration (>=23.0.0 <=29.0.0), @ckeditor/ckeditor5-real-time-collaboration (>=29.1.0 <=33.0.0) +2 more potentially affected by CVE-2026-33151 via socket.io-parser (=3.4.1)

socket.io-parser NPM version =3.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on socket.io-parser and may be impacted: - @ckeditor/ckeditor-cloud-services-collaboration =23.0.0, =29.1.0, =29.0.0, =1.5.3, =2.1.0 Source cves: CVE-2026-33151 Source...

8.7CVSS5.8AI score0.00514EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/30 11:13 p.m.10 views

Malicious code in mbo-letters-cl (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d367723532d1a3f90f88a1d23230230dafb47b5f26a68af29aafda36084f5417 The package mbo-letters-cl was found to contain malicious code. Source: ossf-package-analysis...

5.9AI score
Exploits0
OSV
OSV
added 2026/01/30 11:13 p.m.7 views

MAL-2026-611 Malicious code in mbo-letters-cl (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d367723532d1a3f90f88a1d23230230dafb47b5f26a68af29aafda36084f5417 The package mbo-letters-cl was found to contain malicious code. Source: ossf-package-analysis...

5.9AI score
Exploits0
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.5 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: regulatory: improve invalid hints checking Syzbot continues to report a issue 1 that occurs when erroneous symbols sent from userspace get through into useralpha2 via the regulatoryhintuser call. Such invalid...

5.5CVSS6.4AI score0.002EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/12/30 12:0 a.m.3 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992676)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992676 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: regulatory: improve invalid hints checking Syzbot keeps reporting an issue 1 that...

5.5CVSS6.2AI score0.002EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.9 views

PT-2025-51252

An SSTI Server-Side Template Injection vulnerability exists in the get dunning letter text method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates body text using frappe.render template with a user-supplied context doc. Although Frappe uses a custom...

7.5AI score0.00516EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2001-0038

Malware in sbrugna...

5CVSS6.4AI score0.03326EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2007-1574

Malware in sbrugna...

6.3CVSS6.4AI score0.02403EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-3886

Malicious code in bioql PyPI...

9.8CVSS7.9AI score0.0434EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-33055

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.00569EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2025-21910

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: cfg80211: regulatory: improve invalid hints checking Syzbot keeps reporting an issue 1 that occurs when erroneous symbols sent from userspace get through...

5.5CVSS6.7AI score0.002EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 9:5 p.m.5 views

CVE-2021-42740

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

9.8CVSS7.2AI score0.0434EPSS
Exploits0
OSV
OSV
added 2025/04/29 1:15 p.m.5 views

UBUNTU-CVE-2025-4035

A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set...

4.3CVSS5.7AI score0.00348EPSS
Exploits0References3
OSV
OSV
added 2025/04/01 4:15 p.m.2 views

DEBIAN-CVE-2025-21910

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: regulatory: improve invalid hints checking Syzbot keeps reporting an issue 1 that occurs when erroneous symbols sent from userspace get through into useralpha2 via regulatoryhintuser call. Such invalid regulatory...

5.5CVSS5.7AI score0.002EPSS
Exploits0References1
OSV
OSV
added 2025/04/01 4:15 p.m.3 views

UBUNTU-CVE-2025-21910

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: regulatory: improve invalid hints checking Syzbot keeps reporting an issue 1 that occurs when erroneous symbols sent from userspace get through into useralpha2 via regulatoryhintuser call. Such invalid regulatory...

5.5CVSS6.1AI score0.002EPSS
Exploits0References59
Rows per page
Query Builder