Lucene search
K

5873 matches found

CNNVD
CNNVD
added 2026/02/17 12:0 a.m.10 views

IBM Concert 代码问题漏洞

IBM Concert is a new tool developed by the American international business machine IBM. It utilizes generative AI to assist in managing complex cloud-native applications. Versions 1.0.0 to 2.1.0 of IBM Concert contain code vulnerabilities that are susceptible to server-side request forgeing...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/02/12 12:0 a.m.5 views

Atlassian Jira Service Management Data Center and Server 5.12.0 < 5.12.26 / 5.13.x < 10.3.16 (JSDSERVER-16499)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16499 advisory. - Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition'...

7.5CVSS8.3AI score0.01819EPSS
Exploits0References2
Microsoft Secure
Microsoft Secure
added 2026/02/11 5:0 p.m.8 views

The strategic SIEM buyer’s guide: Choosing an AI-ready platform for the agentic era

As the agentic era reshapes security operations, leaders face a strategic inflection point: legacy security information and event management SIEM solutions and fragmented toolchains can no longer keep pace with the scale, speed, and complexity of modern cyberthreats. Organizations can choose to...

5.7AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/02/11 5:0 p.m.9 views

The strategic SIEM buyer’s guide: Choosing an AI-ready platform for the agentic era

As the agentic era reshapes security operations, leaders face a strategic inflection point: legacy security information and event management SIEM solutions and fragmented toolchains can no longer keep pace with the scale, speed, and complexity of modern cyberthreats. Organizations can choose to...

5.7AI score
Exploits0
CNVD
CNVD
added 2026/02/11 12:0 a.m.2 views

IBM Concert Access Control Error Vulnerability (CNVD-2026-13787)

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. An Access Control Error vulnerability exists in IBM Concert that stems from a failure to disable a session after logging out, which could be exploited ...

6.3CVSS5.8AI score0.00225EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/10 2:33 p.m.2 views

Improper Authentication

Overview @capgo/capacitor-native-biometric is a This plugin gives access to the native biometric apis for android and iOS Affected versions of this package are vulnerable to Improper Authentication via the onAuthenticationSucceeded function. An attacker can gain unauthorized access by hooking and...

5.2CVSS5.6AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/02/10 2:33 p.m.7 views

@authnlabs/authn (>=1.0.10 <=1.0.18), @s-ui/sui-tool-app (>=1.5.0 <=1.27.0) potentially affected by unknown CVE via @capgo/capacitor-native-biometric (>=5.1.1 <=6.0.4)

@capgo/capacitor-native-biometric NPM version =5.1.1, =1.0.10, =1.5.0, =1.27.0 Source cves: unknown CVE Source advisory: OSV:GHSA-VX5F-VMR6-32WF...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/02/10 2:33 p.m.16 views

cap-go/capacitor-native-biometric Authentication Bypass

There is a potential issue with the cap-go/capacitor-native-biometric library. --- Summary The cap-go/capacitor-native-biometric library was found to be subject to an authentication bypass as the current implementation of the onAuthenticationSucceeded does not appear to handle a...

5.8AI score
Exploits0References3Affected Software1
The Hacker News
The Hacker News
added 2026/02/09 8:37 a.m.12 views

TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure

Cybersecurity researchers have called attention to a "massive campaign" that has systematically targeted cloud native environments to set up malicious infrastructure for follow-on exploitation. The activity, observed around December 25, 2025, and described as "worm-driven," leveraged exposed Dock...

10CVSS6.2AI score0.99621EPSS
Exploits429
Tenable Nessus
Tenable Nessus
added 2026/02/07 12:0 a.m.13 views

openSUSE 16 Security Update : golang-github-prometheus-prometheus (openSUSE-SU-2026:20177-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20177-1 advisory. Update to version 3.5.0: Security issues fixed: - CVE-2025-13465: prototype pollution in the .unset and .omit functions can lead to deletion of...

8.6CVSS6.7AI score0.01535EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/02/06 12:0 a.m.6 views

React Native Community CLI Server API Node.js Package 4.8.0 < 20.0.0 Remote Code Execution (CVE-2025-11953)

The version of the React Native Community CLI Server API Node.js Package installed on the remote host is 4.8.0 prior to 20.0.0. It is, therefore, affected by a remote code execution vulnerability: - The Metro Development Server, which is opened by the React Native Community CLI, binds to external...

9.8CVSS6.9AI score0.62378EPSS
Exploits5References2
CISA
CISA
added 2026/02/05 12:0 p.m.24 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-11953link is external React Native Community CLI OS Command Injection Vulnerability CVE-2026-24423link is external SmarterTools SmarterMail Missing...

9.8CVSS5.5AI score0.87693EPSS
In wildExploits5References7
CISA KEV Catalog
CISA KEV Catalog
added 2026/02/05 12:0 a.m.10 views

React Native Community CLI OS Command Injection Vulnerability

React Native Community CLI contains an OS command injection vulnerability which could allow unauthenticated network attackers to send POST requests to the Metro Development Server and run arbitrary executables via a vulnerable endpoint exposed by the server. On Windows, attackers can also execute...

9.8CVSS5.8AI score0.62378EPSS
In wildExploits5
hivepro
hivepro
added 2026/02/04 9:56 a.m.6 views

Rapid7 vs. Hive Pro: A Head-to-Head Comparison

See how Rapid7 and Hive Pro compare in features, setup, pricing, and threat intelligence to help you choose the right threat exposure management platform. Threat intelligence and Business context are the secret sauces that transform vulnerability management from a frantic game of whack-a-mole int...

6.2AI score
Exploits0
Saint
Saint
added 2026/02/04 12:0 a.m.91 views

React Native Community CLI remote command execution

Added: 02/04/2026 Background React Native is a framework for building mobile JavaScript applications. React Native Community CLI is a collection of command line tools that help developers build React Native mobile applications. Problem A vulnerability in React Native Community CLI when running wi...

9.8CVSS6.1AI score0.62378EPSS
Exploits5
Packet Storm News
Packet Storm News
added 2026/02/04 12:0 a.m.4 views

Post-Quantum Identity-Based TLS for 5G Service-Based Architecture and Cloud-Native Infrastructure

Cloud-native application platforms and latency-sensitive systems such as 5G Core networks rely heavily on certificate-based Public Key Infrastructure PKI and mutual TLS to secure service-to-service communication. While effective, this model introduces significant operational and performance...

5.5AI score
Exploits0
Saint
Saint
added 2026/02/04 12:0 a.m.149 views

React Native Community CLI remote command execution

Added: 02/04/2026 Background React Native is a framework for building mobile JavaScript applications. React Native Community CLI is a collection of command line tools that help developers build React Native mobile applications. Problem A vulnerability in React Native Community CLI when running wi...

9.8CVSS6.2AI score0.62378EPSS
Exploits5
SUSE Linux
SUSE Linux
added 2026/02/03 6:9 p.m.8 views

Security update for glibc

This update for glibc fixes the following issues: Security fixes: CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow bsc1256766. CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in nssdnsgetnetbyaddrr bsc1256822...

8.5CVSS5.6AI score0.00564EPSS
Exploits1References14
RedhatCVE
RedhatCVE
added 2026/02/03 3:18 p.m.26 views

CVE-2026-24070

During the installation of the Native Access application, a privileged helper com.native-instruments.NativeAccess.Helper2, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or set-permissions, is deployed as well. The communication with the XPC servi...

8.8CVSS5.8AI score0.00213EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/03 3:18 p.m.14 views

CVE-2026-24071

It was found that the XPC service offered by the privileged helper of Native Access uses the PID of the connecting client to verify its code signature. This is considered insecure and can be exploited by PID reuse attacks. The connection handler function uses xpcconnectiongetpidarg2 as argument f...

7.8CVSS5.5AI score0.00146EPSS
Exploits1References1
Rows per page
Query Builder