Lucene search
K

3415 matches found

Securelist
Securelist
added 3 days ago6 views

Missed incidents, persistent threats, and response gaps: Insights from compromise assessment projects

The following analysis presents the key findings from Kaspersky Compromise Assessment engagements performed in 2025. A compromise assessment is an independent, expert-driven service that examines whether a target network has been compromised. The service combines threat intelligence analysis...

6.6AI score
Exploits0
CVE
CVE
added 6 days ago13 views

CVE-2026-13749

Snowflake CLI prior to 3.19 is affected by Improper neutralization in the Snowpark annotation processor callback template, enabling arbitrary code execution during bundling or deployment. An attacker can supply crafted project content that is interpolated into generated Python code, causing code ...

8.8CVSS6.5AI score0.0037EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-40129

Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. By supplying crafted repository content, project configuration, manifest data, or specification input, an attacker could cause Snowflake CLI to execute unintended SQL i...

8.3CVSS5.9AI score0.0032EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-53322

Name of the Vulnerable Software and Affected Versions Snowflake CLI versions prior to 3.19 Description Improper neutralization of parameters allows unintended SQL execution. An attacker can exploit this by providing crafted values to vulnerable command paths, leading the CLI to execute unauthoriz...

8CVSS6.1AI score0.00188EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-53234

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: ibm: emac: Fix use-after-free during device removal The driver was using devmregisternetdev which causes unregisternetdev to be deferred until the devres...

6AI score0.00176EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 7:38 p.m.19 views

CVE-2026-11310

The CVE-2026-11310 entry concerns wolfSSL’s X509_verify_cert() when built with --enable-opensslextra (OPENSSL_EXTRA) and used by applications that pass untrusted intermediates to X509_verify_cert(). The root cause is that wolfSSL temporarily loads untrusted intermediates into the certificate mana...

8.7CVSS5.9AI score0.00145EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/25 9:16 a.m.7 views

CVE-2026-53234

In the Linux kernel, the following vulnerability has been resolved: net: ibm: emac: Fix use-after-free during device removal The driver was using devmregisternetdev which causes unregisternetdev to be deferred until the devres cleanup phase, which runs after emacremove returns. This creates a...

0.00176EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 8:39 a.m.5 views

EUVD-2026-39325

In the Linux kernel, the following vulnerability has been resolved: net: ibm: emac: Fix use-after-free during device removal The driver was using devmregisternetdev which causes unregisternetdev to be deferred until the devres cleanup phase, which runs after emacremove returns. This creates a...

5.7AI score0.00176EPSS
Exploits0References4
CVE
CVE
added 2026/06/25 8:39 a.m.10 views

CVE-2026-53234

The CVE-2026-53234 entry describes a Linux kernel net/ibm emac use-after-free caused by using devm_register_netdev(), which defers unregister_netdev() to the devres cleanup phase after emac_remove() returns, creating a window where handlers may access freed resources (dev->emacp, dev->mal)....

5.7AI score0.00176EPSS
Exploits0References4
NVD
NVD
added 2026/06/23 6:18 p.m.9 views

CVE-2026-49406

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.12, when Deno was run in BYONM mode nodeModulesDir: "manual", the module resolver did not validate that a package's resolved entrypoint stayed within its nodemodules// directory. A malicious package.json whose main field...

5.5CVSS0.00135EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/23 5:19 p.m.33 views

CVE-2026-49406 Deno: BYONM module resolution allows `package.json` main path traversal to bypass `--allow-read` restrictions

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.12, when Deno was run in BYONM mode nodeModulesDir: "manual", the module resolver did not validate that a package's resolved entrypoint stayed within its nodemodules// directory. A malicious package.json whose main field...

5.5CVSS0.00135EPSS
Exploits1References1
OSV
OSV
added 2026/06/19 2:35 p.m.6 views

GHSA-VM85-HXW5-5432 guzzlehttp/psr7: CRLF Injection in HTTP Start-Line Serialization

Impact guzzlehttp/psr7 did not reject CR/LF characters in certain first-party HTTP start-line fields: the request method, protocol version, and response reason phrase. If an application placed attacker-controlled data into one of those fields and later serialized the PSR-7 message as raw HTTP/1.x...

4.8CVSS5.8AI score0.00158EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: For clk: imx: clk-imx8mp, the error handling in imx8mpclocksprobe has been improved. ofiomap and kzalloc have been replaced with devmofiomap and devmkzalloc. This allows for automatic release of the associated memory when the...

5.5AI score0.002EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: brdfiamac – Check for the probe id argument being NULL The probe id argument may be NULL in two scenarios: 1. When brdfiamacpciepmleaveD3 calls brdfiamacpcieprobe to reprobe the device. 2. When a user attempts to manually...

5.5CVSS5.8AI score0.00119EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fixed a UAF Use-after-Free in LED devices during unbinding. LED devices created by HD-audio codec drivers are registered using devmledclassdevregister, and they are associated with the HD-audio codec device...

7.8CVSS5.2AI score0.00234EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 3:16 p.m.8 views

CVE-2026-0646

A denial-of-service security issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This vulnerability can result in the adapter faulting and losing connection to its associated I/O modules, requiring a manual reset to recover...

8.7CVSS0.00343EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/15 7:52 p.m.56 views

VulnAnalyzer

🔍 VulnAnalyzer 2.1 A comprehensive automated vulnerability...

6AI score
Exploits0
OSV
OSV
added 2026/06/10 1:39 p.m.11 views

GHSA-8QHJ-4F8C-J8QG Nezha has cross-site GET request that can trigger stored cron commands on a victim's agents

Summary The dashboard exposes the cron manual-trigger action as an authenticated GET /api/v1/cron/:id/manual endpoint. Dashboard JWTs are sent in the nz-jwt cookie and configured with SameSite=Lax, which browsers include on top-level cross-site GET navigations. Because this state-changing GET...

7.1CVSS5.7AI score0.00123EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/10 1:39 p.m.33 views

Nezha has cross-site GET request that can trigger stored cron commands on a victim's agents

Summary The dashboard exposes the cron manual-trigger action as an authenticated GET /api/v1/cron/:id/manual endpoint. Dashboard JWTs are sent in the nz-jwt cookie and configured with SameSite=Lax, which browsers include on top-level cross-site GET navigations. Because this state-changing GET...

7.1CVSS5.7AI score0.00123EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.19 views

PT-2026-48481

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 1.0.0 through 2.0.13 Description A cross-site request forgery CSRF issue exists where a cross-site GET request can trigger stored cron commands on a victim's agents. The dashboard exposes a manual-trigger action via t...

7.1CVSS5.2AI score0.00123EPSS
Exploits0References6
Rows per page
Query Builder