325634 matches found
Exploit for Deserialization of Untrusted Data in Apache Camel
camel-pqc Key-Lifecycle Unsafe Deserialization Reproducer CVE...
Exploit for CVE-2026-58635
CVE-2026-58635: Windows Narrator Braille Local Privilege Escal...
EUVD-2026-44611
ImageMagick before 7.1.2-26 and 6.9.13-51 contains an information disclosure vulnerability: when a profile is displayed with the identify command and the profile value is not printable, a single byte at the end of the profile can be printed read past the profile boundary. This behavior occurs whe...
EUVD-2026-44633
The bundled Grav Flex Objects plugin getgrav/grav-plugin-flex-objects before 1.4.0 contains a stored server-side template injection vulnerability. When rendering dynamic collection or object titles, the plugin passes user-controlled frontmatter values page.header.flex.collection.title or...
CVE-2026-61862
ImageMagick before 7.1.2-26 and 6.9.13-51 contains an information disclosure vulnerability: when a profile is displayed with the identify command and the profile value is not printable, a single byte at the end of the profile can be printed read past the profile boundary. This behavior occurs whe...
CVE-2026-58655
The bundled Grav Flex Objects plugin getgrav/grav-plugin-flex-objects before 1.4.0 contains a stored server-side template injection vulnerability. When rendering dynamic collection or object titles, the plugin passes user-controlled frontmatter values page.header.flex.collection.title or...
SASE Has An AI Blind Spot. Inspecting Packets Is No Longer Enough.
For years, routing traffic through cloud proxies was good enough. Then work moved to the browser, AI entered the workflow, and the inspection model stopped keeping up. Enterprise workflows now live across SaaS applications, browsers, and an expanding ecosystem of generative AI tools, unsanctioned...
Malicious code in rakibox (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c59dad78f7e47be7f92d7ab89e245bb096f2e4f8679e73f00934016f1823625 Package is advertised as 'A minimalist Git wrapper tool'. When the user runs the documented rakibox push command, the CLI recursively walks the curre...
CVE-2026-61862 ImageMagick before 7.1.2-26 Information Disclosure via identify
ImageMagick before 7.1.2-26 and 6.9.13-51 contains an information disclosure vulnerability: when a profile is displayed with the identify command and the profile value is not printable, a single byte at the end of the profile can be printed read past the profile boundary. This behavior occurs whe...
CVE-2026-61862 ImageMagick before 7.1.2-26 Information Disclosure via identify
ImageMagick before 7.1.2-26 and 6.9.13-51 contains an information disclosure vulnerability: when a profile is displayed with the identify command and the profile value is not printable, a single byte at the end of the profile can be printed read past the profile boundary. This behavior occurs whe...
CVE-2026-61862
CVE-2026-61862 affects ImageMagick prior to 7.1.2-26 and 6.9.13-51. The issue arises when a profile is displayed via identify and the profile value is not printable; a non-printable value can cause a single byte at the end of the profile to be printed, reading past the profile boundary, in debug ...
CVE-2026-58655 Grav Flex Objects - Server-Side Template Injection via Dynamic Titles
The bundled Grav Flex Objects plugin getgrav/grav-plugin-flex-objects before 1.4.0 contains a stored server-side template injection vulnerability. When rendering dynamic collection or object titles, the plugin passes user-controlled frontmatter values page.header.flex.collection.title or...
CVE-2026-58655 Grav Flex Objects - Server-Side Template Injection via Dynamic Titles
The bundled Grav Flex Objects plugin getgrav/grav-plugin-flex-objects before 1.4.0 contains a stored server-side template injection vulnerability. When rendering dynamic collection or object titles, the plugin passes user-controlled frontmatter values page.header.flex.collection.title or...
CVE-2026-58655
The CVE concerns Grav’s Flex Objects plugin (getgrav/grav-plugin-flex-objects) prior to version 1.4.0. It enables a stored server-side template injection when rendering dynamic collection/object titles by passing user-controlled frontmatter (page.header.flex.collection.title or page.header.flex.o...
Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution
Open a repository in Cursor on Windows and, if a file named git.exe is sitting in the project root, Cursor runs it. No click, no approval dialog, no warning that anything in the folder is about to execute. Whatever that binary does, it does as you, with your source, your SSH keys and your cloud...
Malicious code in syncgrove (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c96b3528ab792944d243b00ae61facc33740850b5cb2ed19671fd6732e43494 The package's postinstall lifecycle script contacts a hardcoded plain-HTTP endpoint at http://player.sweeprovider.org, retrieves a key via /getKey.ph...
Exploit for Missing Authentication for Critical Function in Estrongs Es_File_Explorer_File_Manager
CVE-2019-6447: ES File Explorer Unauthenticated HTTP Service...
Malicious code in northstart-sdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa58bcfb4f89faf624c1f99bb552e597cc2e061330a2e98e72e6f401bb70b4f9 The pypi package northstart-sdk 0.2.1 executes attacker-controlled code as a side effect of import northstartsdk. The top-level init.py assigns...
vulnerable-web-app
vulnerable-web-app ⚠️ Intentionally vulnerable. A runna...
OkoBot: new sophisticated malware framework targets cryptocurrency users
Introduction In January 2026, we identified multiple attacks involving unknown malware that captures the contents of cryptocurrency wallet windows. During the investigation, we reconstructed the complete infection chain, which consisted of four tightly linked stages initiated by the execution of...