Lucene search
K

492 matches found

Snyk
Snyk
added 2026/03/25 5:45 p.m.4 views

Arbitrary File Upload

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Arbitrary File Upload in the saveFile function. An authenticated user with manage permissions on a video can execute arbitrary code on the server by uploading a...

8.8CVSS6.2AI score0.00639EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/23 10:53 p.m.7 views

Malicious code in logutilkit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 25a26f2dc6e0a8e2ba3bd43492fbffa597b39065e3f3378ea976dcabddf8fbf8 Malicious clone of a legitimate package. When using it, the code attempts to download and execute remote code. In on of the incarnations, the malicious code wa...

6AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/23 8:41 p.m.6 views

Malicious code in apachelicense (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9d96d45a87e117e72107d6d6dfbe8c4e94323323bc28ce9accd8ccba39a0a46c Malicious clone of legitimate "license" package. When using the findbykey function, the malicious code from strongly obfuscated files is loaded. It then at lea...

6AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.10 views

PT-2026-25396

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admi...

3.8CVSS5.8AI score0.00198EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.7 views

PT-2026-24611

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model pom which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository...

9.1CVSS5.7AI score0.08691EPSS
Exploits2References45
Malwarebytes
Malwarebytes
added 2026/03/02 8:1 a.m.8 views

A week in security (February 23 – March 1)

Last week on Malwarebytes Labs: Public Google API keys can be used to expose Gemini AI data Inside a fake Google security check that becomes a browser RAT Fake Zoom and Google Meet scams install Teramind: A technical deep dive How to understand and avoid Advanced Persistent Threats The Conduent...

5.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/02/23 12:45 p.m.5 views

Password managers keep your passwords safe, unless…

I’m a big advocate of password managers. Granted, there are better alternatives for passwords like passkeys, but if a provider offers nothing but password options, which many do, you can’t do much about that. So, for the time being we seem to be stuck with passwords. Every reputable password...

5.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/23 12:3 p.m.7 views

On the Security of Password Managers

Good article on password managers that secretly have a backdoor. New research shows that these claims aren’t true in all cases, particularly when account recovery is in place or password managers are set to share vaults or organize users into groups. The researchers reverse-engineered or closely...

5.7AI score
Exploits0
HackRead
HackRead
added 2026/02/22 7:16 p.m.6 views

Researchers Demonstrate 27 Attacks Against Major Password Managers

Researchers demonstrate multiple attacks against major password managers, showing how compromised servers and design flaws can expose encrypted vault data...

5.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/22 7:24 a.m.5 views

CVE-2026-27196

Statmatic is a Laravel and Git powered content management system CMS. Versions 5.73.8 and below in addition to 6.0.0-alpha.1 through 6.3.1 have a Stored XSS vulnerability in html fieldtypes which allows authenticated users with field management permissions to inject malicious JavaScript that...

8.1CVSS5.5AI score0.0028EPSS
Exploits0References1
Wired Threat Level
Wired Threat Level
added 2026/02/21 11:30 a.m.9 views

Password Managers Share a Hidden Weakness

Plus: The cybersecurity community grapples with Epstein files revelations, the US State Department plans an online anti-censorship “portal” for the world, and more...

5.5AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/02/21 4:30 a.m.3 views

CVE-2026-27196 Statamic affected by privilege escalation via stored Cross-site Scripting

Statmatic is a Laravel and Git powered content management system CMS. Versions 5.73.8 and below in addition to 6.0.0-alpha.1 through 6.3.1 have a Stored XSS vulnerability in html fieldtypes which allows authenticated users with field management permissions to inject malicious JavaScript that...

8.1CVSS5.4AI score0.0028EPSS
Exploits0References3
Malwarebytes
Malwarebytes
added 2026/02/19 2:46 p.m.6 views

AI-generated passwords are a security risk

Using Artificial Intelligence AI to generate your passwords is a bad idea. It's likely to give that password to a criminal who can then use it in a dictionary attack—which is when an attacker runs through a prepared list of likely passwords words, phrases, patterns with automated tools until one ...

5.6AI score
Exploits0
Patchstack
Patchstack
added 2026/02/18 8:8 a.m.8 views

WordPress Product Addons for Woocommerce - Product Options with Custom Fields plugin <= 3.1.0 - Authenticated (Shop Manager+) Code Injection via Conditional Logic 'operator' Parameter vulnerability

WordPress Product Addons for Woocommerce - Product Options with Custom Fields plugin = 3.1.0 - Authenticated Shop Manager+ Code Injection via Conditional Logic 'operator' Parameter vulnerability discovered by Phap Nguyen Anh - FIS in WordPress Plugin Product Addons for Woocommerce versions = 3.1....

7.2CVSS5.5AI score0.00597EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/02/18 6:42 a.m.19 views

CVE-2026-1937

CVE-2026-1937 affects the YayMail – WooCommerce Email Customizer WordPress plugin up to version 4.3.2. The root cause is a missing capability check on the yaymail_import_state AJAX action, allowing authenticated attackers with Shop Manager-level access or higher to modify arbitrary WordPress opti...

7.2CVSS5.7AI score0.00411EPSS
Exploits1References4
Packet Storm News
Packet Storm News
added 2026/02/17 12:0 a.m.22 views

Zero Knowledge (About) Encryption: A Comparative Security Analysis of Three Cloud-based Password Managers

Zero Knowledge Encryption is a term widely used by vendors of cloud-based password managers. Although it has no strict technical meaning, the term conveys the idea that the server, who stores encrypted password vaults on behalf of users, is unable to learn anything about the contents of those...

5.5AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/16 6:6 p.m.10 views

Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers

A new study has found that multiple cloud-based password managers, including Bitwarden, Dashlane, and LastPass, are susceptible to password recovery attacks under certain conditions. "The attacks range in severity from integrity violations to the complete compromise of all vaults in an...

6.2AI score
Exploits0
CVE
CVE
added 2026/02/09 6:28 p.m.18 views

CVE-2026-24777

OpenProject prior to 17.0.2 allowed users with the Manage Users permission to lock and unlock other users, including application administrators, due to a missing permission check. The issue is fixed in OpenProject 17.0.2. Affected software: OpenProject (web-based project management) with the vuln...

6.7CVSS5.5AI score0.00321EPSS
Exploits0References2Affected Software1
Packet Storm News
Packet Storm News
added 2026/01/30 12:0 a.m.4 views

Okara: Detection and Attribution of TLS Man-In-The-Middle Vulnerabilities in Android Apps with Foundation Models

Transport Layer Security TLS is fundamental to secure online communication, yet vulnerabilities in certificate validation that enable Man-in-the-Middle MitM attacks remain a pervasive threat in Android apps. Existing detection tools are hampered by low-coverage UI interaction, costly...

5.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/27 3:23 p.m.5 views

CVE-2025-59091

Multiple hardcoded credentials have been identified, which are allowed to sign-in to the exos 9300 datapoint server running on port 1004 and 1005. This server is used for relaying status information from and to the Access Managers. This information, among other things, is used to graphically...

9.3CVSS6AI score0.00759EPSS
Exploits0References1
Rows per page
Query Builder