Lucene search
+L

5719 matches found

CVE
CVE
added yesterday6 views

CVE-2026-53597

CVE-2026-53597 affects the Prompty markdown format loader: for versions 2.0.0-alpha.1 through 2.0.0-beta.3, the @prompty/core TypeScript loader in runtime/typescript/packages/core/src/core/loader.ts did not override executable engines for js/frontmatter, allowing attacker-controlled .prompty file...

8.7CVSS6.3AI score
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2026-59867

CVE-2026-59867 affects Kiota, an OpenAPI-based HTTP client code generator. Before 1.32.5, Kiota’s OpenAPI $ref resolution could fetch remote http(s) URLs or read local absolute/out-of-tree file paths, enabling build‑time SSRF, remote file inclusion, and local file inclusion when generating client...

7.1CVSS6.2AI score
Exploits0References4
Nuclei
Nuclei
added yesterday16 views

WordPress Contact Form by Supsystic - Server-Side Template Injection

Contact Form by Supsystic WordPress plugin = 1.7.36 contains a server-side template injection caused by unsandboxed TwigLoaderString and cfsPreFill functionality, letting unauthenticated attackers execute arbitrary code remotely via GET parameters. id: CVE-2026-4257 info: name: WordPress Contact...

9.8CVSS6.3AI score0.41475EPSS
Exploits9References3
NVD
NVD
added 2 days ago9 views

CVE-2026-43637

Cornac before 2.6.0 contains a path traversal Tar Slip vulnerability that allows attackers to write arbitrary files outside the intended cache directory by supplying a crafted TAR archive containing ../ sequences, absolute paths, or symlink/hardlink entries to the extractarchive function in...

9.1CVSS0.00425EPSS
Exploits0References4
Rockylinux
Rockylinux
added 2 days ago4 views

edk2 security, bug fix, and enhancement update

An update is available for edk2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list EDK Embedded Development Kit is a project to enable UEFI support for Virtual...

7.5CVSS7AI score0.00981EPSS
Exploits0
OSV
OSV
added 2 days ago4 views

RLSA-2026:39297 Moderate: edk2 security, bug fix, and enhancement update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key CVE-2026-31790 openssl: OpenSS...

7.5CVSS7AI score0.00981EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2 days ago8 views

Compromised AsyncAPI npm Packages Deliver Multi-Stage Botnet Malware

Four compromised npm packages in the @asyncapi namespace have been observed distributing a multi-stage botnet loader, according to findings from OX Security, SafeDep, Socket, and StepSecurity. The affected packages are listed below - @asyncapi/[email protected]...

6.3AI score
Exploits0
NVD
NVD
added 3 days ago8 views

CVE-2026-54684

jadx is a Dex to Java decompiler. From 1.5.2 to 1.5.5, a malicious .xapk file can cause jadx to write attacker-controlled archive entry contents outside the intended XAPK plugin temporary unpack directory because XApkLoader resolves each entry name directly with tmpDir.resolvefileName after a...

7CVSS0.00133EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 3 days ago5 views

Moderate: Red Hat Security Advisory: edk2 security, bug fix, and enhancement update

An update for edk2 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

7.5CVSS7.1AI score0.00981EPSS
Exploits0References3
NVD
NVD
added 3 days ago10 views

CVE-2026-58638

Missing cryptographic step in Windows Boot Loader allows an authorized attacker to bypass a security feature locally...

6CVSS0.00232EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-58638 Windows Boot Loader Security Feature Bypass Vulnerability

...

6CVSS0.00232EPSS
Exploits0References1
CVE
CVE
added 3 days ago6 views

CVE-2026-58638

CVE-2026-58638 is a Windows Boot Loader security feature bypass caused by a missing cryptographic step. The vulnerability allows a locally authenticated attacker to bypass a security feature. Public material in connected sources attributes the issue to Windows Boot Loader behavior and notes Micro...

6CVSS6AI score0.00232EPSS
Exploits0References1Affected Software12
Microsoft CVE
Microsoft CVE
added 3 days ago6 views

Windows Boot Loader Security Feature Bypass Vulnerability

Missing cryptographic step in Windows Boot Loader allows an authorized attacker to bypass a security feature locally...

6CVSS6.1AI score0.00232EPSS
Exploits0
The Hacker News
The Hacker News
added 3 days ago15 views

148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet

A campaign of 148 npm packages disguised as student web proxies turned visitors' browsers into a distributed denial-of-service botnet for roughly two weeks in May, according to new research from JFrog. The packages did not go after the developers who might install them. The operators used the...

6.1AI score
Exploits0
OSV
OSV
added 3 days ago6 views

MAL-2026-10557 Malicious code in @cw-ui/micro-ui-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b558c8d90850ea9817e236b445ba2bc1020a35a81a099a5e1575ef705b00bd39 On npm install, postinstall.js reads the installer's hostname via os.hostname and sends it as a query parameter to a hardcoded bare-IP HTTP endpoint:...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago8 views

Malicious code in micro-ui-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be44655a47177f3740201ddb9dc66db080b9f665354c78bcebeb9a2da3b11b7f On npm install, the package's postinstall script postinstall.js reads os.hostname and sends it as a query parameter in a plain-HTTP GET to a hardcode...

6.1AI score
Exploits0References3
OSV
OSV
added 3 days ago5 views

MAL-2026-10564 Malicious code in micro-ui-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be44655a47177f3740201ddb9dc66db080b9f665354c78bcebeb9a2da3b11b7f On npm install, the package's postinstall script postinstall.js reads os.hostname and sends it as a query parameter in a plain-HTTP GET to a hardcode...

6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 3 days ago5 views

PT-2026-58858

Name of the Vulnerable Software and Affected Versions jadx versions 1.5.2 through 1.5.5 Description A path traversal issue exists where a malicious .xapk file can cause the application to write attacker-controlled archive entry contents outside the intended XAPK plugin temporary unpack directory...

7CVSS6.3AI score0.00133EPSS
Exploits0References5
OSV
OSV
added 4 days ago4 views

MAL-2026-10463 Malicious code in node-path-addon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5dbc52a88818bccd5602eb556ea4bf089dac66c44a2bb1ecbd6fddd6723e9d1d node-path-addon presents itself as an extension of the Node.js built-in 'path' module. Its main entry path.js delegates by executing...

6.5AI score
Exploits0References3
OSV
OSV
added 4 days ago2 views

OPENSUSE-SU-2026:21318-1 Security update for jq

This update for jq fixes the following issues - CVE-2026-43896: unbounded recursion in jvobjectmergerecursive can lead to C stack exhaustion and a process crash bsc1265075. - CVE-2026-44777: uncontrolled recursion in ordinary module loader when two valid modules include each other can lead to sta...

7.1CVSS6.2AI score0.00165EPSS
Exploits3References8
Rows per page
Query Builder