Lucene search
K

325760 matches found

Vulnrichment
Vulnrichment
added 10 hours ago3 views

CVE-2026-58655 Grav Flex Objects - Server-Side Template Injection via Dynamic Titles

The bundled Grav Flex Objects plugin getgrav/grav-plugin-flex-objects before 1.4.0 contains a stored server-side template injection vulnerability. When rendering dynamic collection or object titles, the plugin passes user-controlled frontmatter values page.header.flex.collection.title or...

8.8CVSS6.3AI score
Exploits0References2
Cvelist
Cvelist
added 10 hours ago5 views

CVE-2026-58655 Grav Flex Objects - Server-Side Template Injection via Dynamic Titles

The bundled Grav Flex Objects plugin getgrav/grav-plugin-flex-objects before 1.4.0 contains a stored server-side template injection vulnerability. When rendering dynamic collection or object titles, the plugin passes user-controlled frontmatter values page.header.flex.collection.title or...

8.8CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 10 hours ago3 views

CVE-2026-58655

The bundled Grav Flex Objects plugin getgrav/grav-plugin-flex-objects before 1.4.0 contains a stored server-side template injection vulnerability. When rendering dynamic collection or object titles, the plugin passes user-controlled frontmatter values page.header.flex.collection.title or...

8.8CVSS6.3AI score
Exploits0References3
EUVD
EUVD
added 10 hours ago5 views

EUVD-2026-44633

The bundled Grav Flex Objects plugin getgrav/grav-plugin-flex-objects before 1.4.0 contains a stored server-side template injection vulnerability. When rendering dynamic collection or object titles, the plugin passes user-controlled frontmatter values page.header.flex.collection.title or...

8.8CVSS6.3AI score
Exploits0References2
CVE
CVE
added 10 hours ago5 views

CVE-2026-58655

The CVE concerns Grav’s Flex Objects plugin (getgrav/grav-plugin-flex-objects) prior to version 1.4.0. It enables a stored server-side template injection when rendering dynamic collection/object titles by passing user-controlled frontmatter (page.header.flex.collection.title or page.header.flex.o...

8.8CVSS6.3AI score
Exploits0References2
The Hacker News
The Hacker News
added 10 hours ago5 views

Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution

Open a repository in Cursor on Windows and, if a file named git.exe is sitting in the project root, Cursor runs it. No click, no approval dialog, no warning that anything in the folder is about to execute. Whatever that binary does, it does as you, with your source, your SSH keys and your cloud...

6.5AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 10 hours ago6 views

Malicious code in syncgrove (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c96b3528ab792944d243b00ae61facc33740850b5cb2ed19671fd6732e43494 The package's postinstall lifecycle script contacts a hardcoded plain-HTTP endpoint at http://player.sweeprovider.org, retrieves a key via /getKey.ph...

6.1AI score
Exploits0References1
OSV
OSV
added 10 hours ago2 views

MAL-2026-10680 Malicious code in syncgrove (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c96b3528ab792944d243b00ae61facc33740850b5cb2ed19671fd6732e43494 The package's postinstall lifecycle script contacts a hardcoded plain-HTTP endpoint at http://player.sweeprovider.org, retrieves a key via /getKey.ph...

6.1AI score
Exploits0References1
GithubExploit
GithubExploit
added 10 hours ago20 views

Exploit for Missing Authentication for Critical Function in Estrongs Es_File_Explorer_File_Manager

CVE-2019-6447: ES File Explorer Unauthenticated HTTP Service...

8.1CVSS7AI score0.6202EPSS
Exploits9
OSSF Malicious Packages
OSSF Malicious Packages
added 11 hours ago5 views

Malicious code in northstart-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa58bcfb4f89faf624c1f99bb552e597cc2e061330a2e98e72e6f401bb70b4f9 The pypi package northstart-sdk 0.2.1 executes attacker-controlled code as a side effect of import northstartsdk. The top-level init.py assigns...

6.3AI score
Exploits0References4
OSV
OSV
added 11 hours ago4 views

MAL-2026-10672 Malicious code in northstart-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa58bcfb4f89faf624c1f99bb552e597cc2e061330a2e98e72e6f401bb70b4f9 The pypi package northstart-sdk 0.2.1 executes attacker-controlled code as a side effect of import northstartsdk. The top-level init.py assigns...

6.3AI score
Exploits0References4
GithubExploit
GithubExploit
added 11 hours ago24 views

vulnerable-web-app

vulnerable-web-app ⚠️ Intentionally vulnerable. A runna...

6.1AI score
Exploits0
Securelist
Securelist
added 11 hours ago4 views

OkoBot: new sophisticated malware framework targets cryptocurrency users

Introduction In January 2026, we identified multiple attacks involving unknown malware that captures the contents of cryptocurrency wallet windows. During the investigation, we reconstructed the complete infection chain, which consisted of four tightly linked stages initiated by the execution of...

6.3AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 11 hours ago3 views

Security Bulletin: Multiple vulnerabilities in python affects AIX/VIOS.

Summary Integer overflow and use after may cause memory corruption and denial of service. Vulnerability Details CVEID:CVE-2026-56403 DESCRIPTION: libexpat before 2.8.2 has an integer overflow in storeAtts. CWE:CWE-190: Integer Overflow or Wraparound CVSS Source: NVD CVSS Base score: 6.9 CVSS...

6.9CVSS6.1AI score0.00105EPSS
Exploits0Affected Software2
RedHat Linux
RedHat Linux
added 11 hours ago1 views

erlang: Erlang OTP public_key: Certificate validation bypass allows hostname spoofing

A flaw was found in Erlang OTP publickey. This improper certificate validation vulnerability allows a subordinate Certificate Authority CA with restricted DNS nameConstraints to bypass these restrictions. By issuing a leaf certificate that lacks a Subject Alternative Name SAN but contains a craft...

8.1CVSS6AI score0.00338EPSS
Exploits0References11
SUSE Linux
SUSE Linux
added 11 hours ago2 views

Security update for perl-libwww-perl

This update for perl-libwww-perl fixes the following issue CVE-2026-8368: LWP: UserAgent: Authorization and Proxy-Authorization headers are leaked on cross-origin redirects bsc1265156. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

6CVSS6.1AI score0.00266EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 11 hours ago2 views

Security update for glib-networking

This update for glib-networking fixes the following issue CVE-2026-10028: two certificates which are each signed by the other can lead to an infinite loop bsc1267979. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

5.3CVSS6.1AI score0.00184EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 11 hours ago2 views

Security update for python-paramiko

This update for python-paramiko fixes the following issues: CVE-2026-44405: data integrity compromise due to allowed SHA-1 algorithm use bsc1264225. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternativel...

6.3CVSS6.3AI score0.00114EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 11 hours ago3 views

Security Bulletin: Multiple vulnerabilities in Python affects AIX/VIOS.

Summary Integer overflow and use after may cause memory corruption and denial of service. Vulnerability Details CVEID:CVE-2026-56403 DESCRIPTION: libexpat before 2.8.2 has an integer overflow in storeAtts. CWE:CWE-190: Integer Overflow or Wraparound CVSS Source: NVD CVSS Base score: 6.9 CVSS...

6.9CVSS6.1AI score0.0011EPSS
Exploits0Affected Software2
SUSE Linux
SUSE Linux
added 11 hours ago3 views

Security update for glibc

This update for glibc fixes the following issues CVE-2026-5435: unchecked buffer writing in TSIG handling can lead to an out-of-bounds write bsc1263656. CVE-2026-6238: insufficient RDATA length validation can lead to application crashes or uninitialized memory disclosure bsc1263658. Patch...

5.3CVSS6.1AI score0.00311EPSS
Exploits0References8
Rows per page
Query Builder