Lucene search
+L

366229 matches found

CVE
CVE
added 13 minutes ago2 views

CVE-2026-16118 Xdgmime: heap-based buffer overflow in _xdg_mime_magic_parse_magic_line() in xdgmimemagic.c

A flaw was found in xdgmime. A heap-based buffer overflow can be triggered in xdgmimemagicparsemagicline in the xdgmimemagic.c file on little-endian systems when an attacker-controlled MIME magic file in a user-writable XDG data location e.g., in the $XDGDATAHOME/mime/magic path is parsed by an...

7.1CVSS
Exploits0References3
Cvelist
Cvelist
added 13 minutes ago2 views

CVE-2026-16118 Xdgmime: heap-based buffer overflow in _xdg_mime_magic_parse_magic_line() in xdgmimemagic.c

A flaw was found in xdgmime. A heap-based buffer overflow can be triggered in xdgmimemagicparsemagicline in the xdgmimemagic.c file on little-endian systems when an attacker-controlled MIME magic file in a user-writable XDG data location e.g., in the $XDGDATAHOME/mime/magic path is parsed by an...

7.1CVSS
Exploits0References3
The Hacker News
The Hacker News
added 1 hour ago3 views

Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT

Cybersecurity researchers have discovered a cluster of seven malicious npm packages targeting the Vite frontend tooling ecosystem as part of a software supply chain attack. The malicious package campaign, codenamed ViteVenom by Checkmarx, marks an expansion of ChainVeil , which was observed using...

6AI score
Exploits0
GithubExploit
GithubExploit
added 2 hours ago2 views

Exploit for Server-Side Request Forgery in Sonicwall Sma6210_Firmware

...

10CVSS6.7AI score0.01486EPSS
Exploits5
The Hacker News
The Hacker News
added 2 hours ago4 views

New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens

A Go botnet called NadMesh turned up in early July hunting exposed AI services, and the operator's own dashboard claims 3,811 unique AWS keys. A Shodan harvester keeps the scan queue stocked with ComfyUI, Ollama, n8n, Open WebUI, Langflow, and Gradio: the image generators, local model runners, an...

5.7AI score
Exploits0
Github Security Blog
Github Security Blog
added 3 hours ago3 views

vLLM: Processing differential in multi-channel audio downmixing enables hidden-input/moderation bypass for audio models

Issue Description Librosa defaults to using numpy.mean for mono downmixing tomono, while the international standard ITU-R BS.775-4 specifies a weighted downmixing algorithm. This discrepancy results in: - Inconsistency between audio heard by humans e.g., through headphones/regular speakers and...

7.1CVSS5.3AI score0.00267EPSS
Exploits0References7Affected Software1
OSV
OSV
added 3 hours ago2 views

GHSA-6C4R-FMH3-7RH8 vLLM: Processing differential in multi-channel audio downmixing enables hidden-input/moderation bypass for audio models

Issue Description Librosa defaults to using numpy.mean for mono downmixing tomono, while the international standard ITU-R BS.775-4 specifies a weighted downmixing algorithm. This discrepancy results in: - Inconsistency between audio heard by humans e.g., through headphones/regular speakers and...

5.9CVSS5.5AI score0.00267EPSS
Exploits0References7
The Hacker News
The Hacker News
added 3 hours ago9 views

GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft

Cybersecurity researchers have attributed the April 2026 DigiCert security incident to a threat activity cluster dubbed CylindricalCanine. Expel, which shared technical details of the event, described the threat actor as a sub-group of GoldenEyeDog aka APT-Q-27, Dragon Breath, and Miuuti Group, a...

6.2AI score
Exploits0
HackRead
HackRead
added 6 hours ago4 views

“TTF Trap” Phishing Emails Use Fake Font Files to Deliver Windows Malware

An email that appears to contain a shipping document, payment request, or business proposal can infect a Windows…...

5.4AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 6 hours ago3 views

Malicious code in govpkg (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 736ef874636ee77d0a5007dea41ad6329e0d5523bfeb5254930985f451a6f6f6 When using the provided functionality, the package silently downloads a malicious executable and ensures its persistence disguised as a system service. The...

5.5AI score
Exploits0References3
OSV
OSV
added 6 hours ago3 views

MAL-2026-10770 Malicious code in govpkg (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 736ef874636ee77d0a5007dea41ad6329e0d5523bfeb5254930985f451a6f6f6 When using the provided functionality, the package silently downloads a malicious executable and ensures its persistence disguised as a system service. The...

5.5AI score
Exploits0References3
The Hacker News
The Hacker News
added 6 hours ago6 views

Fake Coding Tests Deliver OtterCookie-Aligned Malware Hidden in SVG Flag Images

North Korean threat actors linked to the Contagious Interview campaign have been observed employing steganography in SVG image files to conceal malicious payloads as part of a campaign using fake job postings and coding challenges. "Any user who ran the project ended up with a four-stage payload...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 8 hours ago9 views

E.U. Orders Google to Open Android Mic, Camera and Screen to Rival AI Assistants

The European Commission on Thursday ordered Google to give rival AI assistants the same reach into Android that Gemini already has: the camera, the microphone, whatever is on screen, a wake word that fires with the display off, and the ability to drive other apps in the background by imitating ta...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 9 hours ago3 views

Armenia Detains Russian Tourist on U.S. Warrant for REvil Hacker, Lawyers Say Wrong Man

Armenia has held a Russian tourist named Aleksandr Ermakov in a detention center since June 28, on a U.S. extradition request for a REvil ransomware suspect named Aleksandr Ermakov. His wife, Maria Yurova, told REN TV that border officers pulled him out of the departure hall at Yerevan's Zvartnot...

5.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 9 hours ago5 views

How to use GitHub safely

GitHub is rapidly becoming the go-to platform for sharing software. Originally built for developers to collaborate on code, it now hosts millions of projects ranging from hobby scripts to widely used applications. That popularity, however, has also made it an attractive delivery platform for...

5.5AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 10 hours ago3 views

Security Bulletin: Multiple vulnerabilities in IBM Guardium Unified Discovery and Classification (GUDC) container images

Summary Security vulnerabilities have been addressed in the IBM Guardium Unified Discovery and Classification GUDC container images Vulnerability Details CVEID:CVE-2025-0167 DESCRIPTION: When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password use...

9.3CVSS7.2AI score0.00723EPSS
Exploits7Affected Software1
The Hacker News
The Hacker News
added 11 hours ago9 views

ACR Stealer Uses ClickFix Lures to Steal Browser Tokens and Microsoft 365 Files

ACR Stealer, an infostealer in circulation since 2024, is walking out of enterprise networks with saved browser passwords, live session tokens, PDFs, Microsoft 365 documents, and files from synced OneDrive and SharePoint folders. It gets in because someone pasted a command into a Run box and...

6.4AI score
Exploits0
The Hacker News
The Hacker News
added 11 hours ago6 views

New GoSerpent Malware Targets Southeast Asian Governments and Diplomats for Espionage

Cybersecurity researchers have discovered a previously undocumented malware called GoSerpent that has been put to use in cyber attacks targeting entities in Southeast Asia since late 2025 with a focus on long-term access and intelligence gathering. Russian cybersecurity company Kaspersky, which...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 13 hours ago9 views

CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a newly patched security flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities KEV catalog, requiring Federal Civilian Executive Branch FCEB agencies to apply the fixes by July 19, 2026. T...

9.8CVSS7.5AI score0.01296EPSS
Exploits0
Nuclei
Nuclei
added 15 hours ago29 views

OpenText Documentum Administrator 7.2.0180.0055 - Open Redirect

OpenText Documentum Administrator 7.2.0180.0055 is susceptible to multiple open redirect vulnerabilities. An attacker can redirect a user to a malicious site and potentially obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2017-14524 info: name: OpenText...

6.1CVSS6.1AI score0.0294EPSS
Exploits2References5
Rows per page
Query Builder