Lucene search
K

2279622 matches found

Packet Storm News
Packet Storm News
added 2026/12/29 12:0 a.m.248 views

GNUnet P2P Framework 0.26.2

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...

6.8AI score
Exploits0
GithubExploit
GithubExploit
added 1 hour ago5 views

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2026-26114 Chi su dung trong lab hoac he thong duoc phep...

8.8CVSS0.02408EPSS
Exploits1
NVD
NVD
added 2 hours ago4 views

CVE-2026-59234

Authorization Bypass Through User-Controlled Key CWE-639 in CalendarDeleteEventController app/Http/Controllers/Calendar/CalendarDeleteEventController.php, exposed at GET /calendar/event/delete/id, in Prospero Flow CRM before 5.5.3 allows a remote, authenticated attacker to delete arbitrary calend...

6.9CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 3 hours ago2 views

CVE-2026-59234

Authorization Bypass Through User-Controlled Key CWE-639 in CalendarDeleteEventController app/Http/Controllers/Calendar/CalendarDeleteEventController.php, exposed at GET /calendar/event/delete/id, in Prospero Flow CRM before 5.5.3 allows a remote, authenticated attacker to delete arbitrary calend...

6.9CVSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 3 hours ago5 views

CVE-2026-59234 Authorization Bypass Through User-Controlled Key in Prospero Flow CRM calendar event deletion

Authorization Bypass Through User-Controlled Key CWE-639 in CalendarDeleteEventController app/Http/Controllers/Calendar/CalendarDeleteEventController.php, exposed at GET /calendar/event/delete/id, in Prospero Flow CRM before 5.5.3 allows a remote, authenticated attacker to delete arbitrary calend...

6.9CVSS
Exploits0References3
CVE
CVE
added 3 hours ago3 views

CVE-2026-59234

This CVE affects Prospero Flow CRM prior to version 5.5.3. The vulnerability lies in the CalendarDeleteEventController (app/Http/Controllers/Calendar/CalendarDeleteEventController.php), exposed at the GET endpoint /calendar/event/delete/{id} . The delete logic uses Calendar::find($id)->delete(...

6.9CVSS6AI score
Exploits0References3
EUVD
EUVD
added 3 hours ago2 views

EUVD-2026-41539

Authorization Bypass Through User-Controlled Key CWE-639 in CalendarDeleteEventController app/Http/Controllers/Calendar/CalendarDeleteEventController.php, exposed at GET /calendar/event/delete/id, in Prospero Flow CRM before 5.5.3 allows a remote, authenticated attacker to delete arbitrary calend...

6.9CVSS6AI score
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 3 hours ago6 views

Security Bulletin: Vulnerability in BIND (CVE-2026-3592, CVE-2026-5946) affects AIX/ VIOS.

Summary CVE-2026-3592: Resolver queries a specially crafted zone containing self-pointed glue records, causing disproportionate resource consumption. CVE-2026-5946: Specially crafted DNS messages using non-IN classes e.g., CHAOS, HESIOD, ANY, NONE trigger assertion failures, terminating the named...

7.5CVSS5.9AI score0.0181EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 3 hours ago4 views

Security Bulletin: Vulnerability in BIND (CVE-2026-1519) affects AIX/ VIOS.

Summary When a BIND 9 resolver performs DNSSEC validation on a maliciously crafted DNS zone, an attacker can trigger excessive NSEC3 iterations during insecure delegation validation. This causes the named process to consume excessive CPU resources, potentially making the resolver unavailable...

7.5CVSS6AI score0.01545EPSS
Exploits0Affected Software2
BDU FSTEC
BDU FSTEC
added 3 hours ago15 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS7AI score0.00385EPSS
Exploits0References11Affected Software9
BDU FSTEC
BDU FSTEC
added 3 hours ago14 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the inclusion of functions from an unverified and uncontrolled area. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

10CVSS7.2AI score0.00709EPSS
Exploits1References11Affected Software9
IBM Security Bulletins
IBM Security Bulletins
added 3 hours ago4 views

Security Bulletin: Vulnerability in BIND (CVE-2025-13878) affects AIX/ VIOS.

Summary A remote attacker can send or trigger processing of malformed BRID/HHIT DNS resource records, causing the named daemon to terminate unexpectedly. Vulnerability Details CVEID:CVE-2025-13878 DESCRIPTION: Malformed BRID/HHIT records can cause named to terminate unexpectedly. This issue affec...

7.5CVSS6.1AI score0.08219EPSS
Exploits0Affected Software2
NVD
NVD
added 4 hours ago3 views

CVE-2026-10055

In Eclipse Theia since version 1.26.0, the backend /services/request-service RPC accepts an attacker-controlled URL from any client connected to the standard /services messaging endpoint, performs the HTTP request server-side, and returns the full response body to the caller. Because the...

8.5CVSS
Exploits0References2
NVD
NVD
added 4 hours ago5 views

CVE-2026-10054

In affected versions of Eclipse Theia 1.8.1 and later, the browser backend exposes privileged terminal RPC over WebSocket /services/shell-terminal, /services/terminals/:id without service-level authentication. WebSocket origin validation in @theia/core is fail-open: connections are accepted when...

8.8CVSS
Exploits0References2
RedhatCVE
RedhatCVE
added 4 hours ago5 views

CVE-2026-38969

A flaw was found in WEBrick, a Ruby web server toolkit. This vulnerability allows a remote attacker to perform request smuggling by manipulating the Content-Length header in HTTP/1.1 requests. WEBrick incorrectly re-parses the trailer Content-Length, leading to a desynchronization between the pro...

6.5CVSS5.9AI score
Exploits0References6
Cvelist
Cvelist
added 5 hours ago6 views

CVE-2026-10055

In Eclipse Theia since version 1.26.0, the backend /services/request-service RPC accepts an attacker-controlled URL from any client connected to the standard /services messaging endpoint, performs the HTTP request server-side, and returns the full response body to the caller. Because the...

8.5CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 5 hours ago4 views

CVE-2026-10055

In Eclipse Theia since version 1.26.0, the backend /services/request-service RPC accepts an attacker-controlled URL from any client connected to the standard /services messaging endpoint, performs the HTTP request server-side, and returns the full response body to the caller. Because the...

8.5CVSS6AI score
Exploits0References3Affected Software1
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-41531

In Eclipse Theia since version 1.26.0, the backend /services/request-service RPC accepts an attacker-controlled URL from any client connected to the standard /services messaging endpoint, performs the HTTP request server-side, and returns the full response body to the caller. Because the...

8.5CVSS6AI score
Exploits0References2
CVE
CVE
added 5 hours ago9 views

CVE-2026-10055

CVE-2026-10055 affects Eclipse Theia (since 1.26.0). The issue arises in the backend /services/request-service RPC, which accepts an attacker-controlled URL from any client connected to the standard /services messaging endpoint, then performs the HTTP request server-side and returns the full resp...

8.5CVSS6AI score
Exploits0References2
Cvelist
Cvelist
added 5 hours ago6 views

CVE-2026-10054

In affected versions of Eclipse Theia 1.8.1 and later, the browser backend exposes privileged terminal RPC over WebSocket /services/shell-terminal, /services/terminals/:id without service-level authentication. WebSocket origin validation in @theia/core is fail-open: connections are accepted when...

8.8CVSS
Exploits0References2
Rows per page
Query Builder