Lucene search
K

19539 matches found

Microsoft Secure
Microsoft Secure
added 2026/04/07 2:0 p.m.4 views

SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks

In this article 1. DNS hijacking attack chain: From compromised devices to AiTM and other follow-on activity 2. Mitigation and protection guidance 3. Microsoft Defender detection and hunting guidance Executive summary Forest Blizzard, a threat actor linked to the Russian military, has been...

5.8AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 11:2 a.m.3 views

Security Bulletin: SQL Injection Vulnerability in Apache Hive Metastore Server Thrift APIs, affects watsonx.data

Summary Apache Hive versions 4.1.0 before 4.2.0 are vulnerable to SQL injection in Hive Metastore Server when handling delete column statistics via Thrift APIs. Exploitation is limited to authorized users with API access. Upgrading to 4.2.0 or disabling direct SQL metastore.try.direct.sql=false...

5.4CVSS5.9AI score0.00343EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/07 4:7 a.m.2 views

CVE-2026-34972

A flaw was found in OpenFGA, a high-performance authorization engine. Under specific conditions, a user making BatchCheck calls with multiple checks for the same object, relation, and user combination can trigger improper policy enforcement. This can lead to incorrect authorization decisions,...

8.8CVSS5.8AI score0.00211EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/07 12:30 a.m.20 views

EUVD-2026-19549

Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio RES prior to version 2026.03 could allow an authenticated remote user to escalate privileges, assume the virtual desktop host instance profile permissions, and interact with...

8.8CVSS5.9AI score0.00841EPSS
Exploits1References4
NVD
NVD
added 2026/04/06 10:16 p.m.4 views

CVE-2026-5709

Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio RES version 2024.10 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands on the cluster-manager EC2 instance via crafted input when using the FileBrowser functionality. To remediat...

8.8CVSS0.01087EPSS
Exploits1References3
NVD
NVD
added 2026/04/06 10:16 p.m.3 views

CVE-2026-5707

Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio RES version 2025.03 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host via a crafted session name. To...

8.8CVSS0.00994EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/06 9:32 p.m.3 views

CVE-2026-5709

Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio RES version 2024.10 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands on the cluster-manager EC2 instance via crafted input when using the FileBrowser functionality. To remediat...

8.8CVSS6.2AI score0.01087EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/06 9:28 p.m.2 views

CVE-2026-5708

Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio RES prior to version 2026.03 could allow an authenticated remote user to escalate privileges, assume the virtual desktop host instance profile permissions, and interact with...

8.8CVSS5.9AI score0.00841EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/04/06 9:25 p.m.10 views

CVE-2026-5707

Technical details (vulnerable component, root cause, affected versions, exploitation) are not publicly provided in the supplied documents. Monitor for updates.

8.8CVSS6.2AI score0.00994EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/06 9:25 p.m.19 views

CVE-2026-5707 Command Injection via Virtual Desktop Session Name in AWS Research and Engineering Studio (RES)

Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio RES version 2025.03 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host via a crafted session name. To...

8.8CVSS0.00994EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/04/06 8:33 p.m.6 views

CVE-2026-34753

A flaw was found in vLLM. This server-side request forgery SSRF vulnerability allows an attacker who can control batch input JSON to force the vLLM batch runner to make arbitrary HTTP/HTTPS requests from the server. This can be exploited to access internal services, such as cloud metadata endpoin...

5.4CVSS7.2AI score0.00246EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/04/06 7:47 p.m.5 views

CVE-2026-34982

A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the complete, guitabtooltip, printheader options and the mapset function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution...

8.2CVSS6.2AI score0.0047EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/04/06 6:37 p.m.6 views

CVE-2026-35549

A flaw was found in MariaDB Server. When the cachingsha2password authentication plugin is installed and used by some user accounts, a low-privileged authenticated user can send a specially crafted large packet. This can cause the server to crash due to an issue with the sha256cryptr function's us...

6.5CVSS5.8AI score0.00256EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/06 5:42 p.m.4 views

CVE-2026-34379

A flaw was found in OpenEXR, an image storage format library for the motion picture industry. A remote attacker could exploit this vulnerability by providing a specially crafted DWA or DWAB-compressed EXR file containing a FLOAT-type channel. When the file is decoded, a misaligned memory write...

7.1CVSS5.8AI score0.00283EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/04/06 5:33 p.m.4 views

CVE-2026-34764

A flaw was found in Electron, a framework for building desktop applications. This vulnerability, a use-after-free, affects applications that utilize offscreen rendering with GPU shared textures. Under specific conditions, a callback function can attempt to access memory that has already been...

5.5CVSS5.8AI score0.001EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/06 5:2 p.m.4 views

CVE-2026-34767

A flaw was found in Electron, a framework used for developing cross-platform desktop applications. This vulnerability, known as HTTP response header injection, occurs when an application reflects attacker-controlled input into a response header. A remote attacker could exploit this to inject...

6.5CVSS5.8AI score0.00211EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/06 4:47 p.m.2 views

CVE-2026-34776

A flaw was found in Electron, a framework for building desktop applications. On macOS and Linux, a local user could exploit an out-of-bounds heap read vulnerability by sending a specially crafted message to an Electron application that uses the app.requestSingleInstanceLock function. Apps that do...

5.3CVSS5.8AI score0.00219EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/06 4:22 p.m.3 views

CVE-2026-34775

A flaw was found in Electron, a framework for building desktop applications. In specific scenarios where applications enable Node.js integration, a misconfiguration could allow workers, which are background scripts, to gain Node.js capabilities even when explicitly disabled. This could enable a...

9.8CVSS6.2AI score0.00289EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/06 3:46 p.m.28 views

CVE-2026-34764 Electron has a use-after-free in offscreen shared texture release() callback

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 33.0.0-alpha.1 to before 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that use offscreen rendering with GPU shared textures may be vulnerable to a use-after-free. Under certain...

2.3CVSS0.001EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/06 3:24 p.m.4 views

CVE-2026-34760

A flaw was found in Librosa, a software library used by artificial intelligence AI models like vLLM for processing audio. The library's method for converting stereo audio to mono differs from international standards, causing AI models to interpret audio differently than humans. This inconsistency...

5.9CVSS5.8AI score0.00267EPSS
Exploits0References7
Rows per page
Query Builder