Lucene search
K

325634 matches found

GithubExploit
GithubExploit
added 1 hour ago7 views

Exploit for Deserialization of Untrusted Data in Apache Camel

camel-pqc Key-Lifecycle Unsafe Deserialization Reproducer CVE...

8.8CVSS6.3AI score0.00485EPSS
Exploits1
GithubExploit
GithubExploit
added 1 hour ago6 views

Exploit for CVE-2026-58635

CVE-2026-58635: Windows Narrator Braille Local Privilege Escal...

7.8CVSS6.3AI score
Exploits1
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-44611

ImageMagick before 7.1.2-26 and 6.9.13-51 contains an information disclosure vulnerability: when a profile is displayed with the identify command and the profile value is not printable, a single byte at the end of the profile can be printed read past the profile boundary. This behavior occurs whe...

2.9CVSS6.1AI score
Exploits0References3
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-44633

The bundled Grav Flex Objects plugin getgrav/grav-plugin-flex-objects before 1.4.0 contains a stored server-side template injection vulnerability. When rendering dynamic collection or object titles, the plugin passes user-controlled frontmatter values page.header.flex.collection.title or...

8.8CVSS6.3AI score
Exploits0References3
NVD
NVD
added 2 hours ago4 views

CVE-2026-61862

ImageMagick before 7.1.2-26 and 6.9.13-51 contains an information disclosure vulnerability: when a profile is displayed with the identify command and the profile value is not printable, a single byte at the end of the profile can be printed read past the profile boundary. This behavior occurs whe...

2.9CVSS
Exploits0References2
NVD
NVD
added 2 hours ago4 views

CVE-2026-58655

The bundled Grav Flex Objects plugin getgrav/grav-plugin-flex-objects before 1.4.0 contains a stored server-side template injection vulnerability. When rendering dynamic collection or object titles, the plugin passes user-controlled frontmatter values page.header.flex.collection.title or...

8.8CVSS
Exploits0References2
The Hacker News
The Hacker News
added 2 hours ago5 views

SASE Has An AI Blind Spot. Inspecting Packets Is No Longer Enough.

For years, routing traffic through cloud proxies was good enough. Then work moved to the browser, AI entered the workflow, and the inspection model stopped keeping up. Enterprise workflows now live across SaaS applications, browsers, and an expanding ecosystem of generative AI tools, unsanctioned...

6.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2 hours ago4 views

Malicious code in rakibox (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c59dad78f7e47be7f92d7ab89e245bb096f2e4f8679e73f00934016f1823625 Package is advertised as 'A minimalist Git wrapper tool'. When the user runs the documented rakibox push command, the CLI recursively walks the curre...

6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 3 hours ago1 views

CVE-2026-61862 ImageMagick before 7.1.2-26 Information Disclosure via identify

ImageMagick before 7.1.2-26 and 6.9.13-51 contains an information disclosure vulnerability: when a profile is displayed with the identify command and the profile value is not printable, a single byte at the end of the profile can be printed read past the profile boundary. This behavior occurs whe...

2.9CVSS
Exploits0References2
Cvelist
Cvelist
added 3 hours ago3 views

CVE-2026-61862 ImageMagick before 7.1.2-26 Information Disclosure via identify

ImageMagick before 7.1.2-26 and 6.9.13-51 contains an information disclosure vulnerability: when a profile is displayed with the identify command and the profile value is not printable, a single byte at the end of the profile can be printed read past the profile boundary. This behavior occurs whe...

2.9CVSS
Exploits0References2
CVE
CVE
added 3 hours ago3 views

CVE-2026-61862

CVE-2026-61862 affects ImageMagick prior to 7.1.2-26 and 6.9.13-51. The issue arises when a profile is displayed via identify and the profile value is not printable; a non-printable value can cause a single byte at the end of the profile to be printed, reading past the profile boundary, in debug ...

2.9CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 3 hours ago3 views

CVE-2026-58655 Grav Flex Objects - Server-Side Template Injection via Dynamic Titles

The bundled Grav Flex Objects plugin getgrav/grav-plugin-flex-objects before 1.4.0 contains a stored server-side template injection vulnerability. When rendering dynamic collection or object titles, the plugin passes user-controlled frontmatter values page.header.flex.collection.title or...

8.8CVSS
Exploits0References2
Vulnrichment
Vulnrichment
added 3 hours ago3 views

CVE-2026-58655 Grav Flex Objects - Server-Side Template Injection via Dynamic Titles

The bundled Grav Flex Objects plugin getgrav/grav-plugin-flex-objects before 1.4.0 contains a stored server-side template injection vulnerability. When rendering dynamic collection or object titles, the plugin passes user-controlled frontmatter values page.header.flex.collection.title or...

8.8CVSS6.3AI score
Exploits0References2
CVE
CVE
added 3 hours ago3 views

CVE-2026-58655

The CVE concerns Grav’s Flex Objects plugin (getgrav/grav-plugin-flex-objects) prior to version 1.4.0. It enables a stored server-side template injection when rendering dynamic collection/object titles by passing user-controlled frontmatter (page.header.flex.collection.title or page.header.flex.o...

8.8CVSS6.3AI score
Exploits0References2
The Hacker News
The Hacker News
added 3 hours ago4 views

Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution

Open a repository in Cursor on Windows and, if a file named git.exe is sitting in the project root, Cursor runs it. No click, no approval dialog, no warning that anything in the folder is about to execute. Whatever that binary does, it does as you, with your source, your SSH keys and your cloud...

6.5AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 3 hours ago5 views

Malicious code in syncgrove (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c96b3528ab792944d243b00ae61facc33740850b5cb2ed19671fd6732e43494 The package's postinstall lifecycle script contacts a hardcoded plain-HTTP endpoint at http://player.sweeprovider.org, retrieves a key via /getKey.ph...

6.1AI score
Exploits0References1
GithubExploit
GithubExploit
added 3 hours ago6 views

Exploit for Missing Authentication for Critical Function in Estrongs Es_File_Explorer_File_Manager

CVE-2019-6447: ES File Explorer Unauthenticated HTTP Service...

8.1CVSS7AI score0.6202EPSS
Exploits9
OSSF Malicious Packages
OSSF Malicious Packages
added 4 hours ago4 views

Malicious code in northstart-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa58bcfb4f89faf624c1f99bb552e597cc2e061330a2e98e72e6f401bb70b4f9 The pypi package northstart-sdk 0.2.1 executes attacker-controlled code as a side effect of import northstartsdk. The top-level init.py assigns...

6.3AI score
Exploits0References4
GithubExploit
GithubExploit
added 4 hours ago11 views

vulnerable-web-app

vulnerable-web-app ⚠️ Intentionally vulnerable. A runna...

6.1AI score
Exploits0
Securelist
Securelist
added 4 hours ago2 views

OkoBot: new sophisticated malware framework targets cryptocurrency users

Introduction In January 2026, we identified multiple attacks involving unknown malware that captures the contents of cryptocurrency wallet windows. During the investigation, we reconstructed the complete infection chain, which consisted of four tightly linked stages initiated by the execution of...

6.3AI score
Exploits0
Rows per page
Query Builder