Lucene search
K

126627 matches found

Hacker One
Hacker One
added 2026/04/01 3:36 p.m.14 views

curl: CVE-2026-5545: wrong reuse of HTTP Negotiate connection

Summary: An attacker sharing a libcurl multi-handle connection pool can hijack another user's Negotiate/Kerberos-authenticated connection. When User A authenticates via Negotiate SPNEGO and the connection returns to the pool, User B using CURLAUTHANY with different credentials gets that connectio...

6.5CVSS5.7AI score0.00414EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 3:31 p.m.11 views

Security Bulletin: IBM Financial Transaction Manager is impacted by multiple vulnerabilities in RedHat Proxy for Kubernetes RBAC authorization

Summary IBM Financial Transaction Manager for RedHat OpenShift has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-47907 DESCRIPTION: Cancelling a query e.g. by cancelling the context passed to one of the query methods during a call to the Scan method of the returned...

7.5CVSS7.2AI score0.00563EPSS
Exploits1Affected Software1
F5 Networks
F5 Networks
added 2026/04/01 2:17 p.m.8 views

K000160575: ingress-nginx vulnerability CVE-2026-24512

Security Advisory Description A security issue was discovered in ingress-nginx where the rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessib...

8.8CVSS6.6AI score0.00501EPSS
Exploits1
Malwarebytes
Malwarebytes
added 2026/04/01 1:0 p.m.10 views

Why we’re still not doing April Fools’ Day

People lost an estimated $442 billion to scams last year worldwide, according to the Global Anti-Scam Alliance. The scale of that is hard to picture, but people's day-to-day scam experience is easier to recognize: Our research found that 44% of people say they encounter mobile scams every single...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/01 11:46 a.m.5 views

Malicious code in kube-node-health (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 391555cff14c82156843bee267daf896c3e3e989b9c899ef34b12ac7e23b1c7e During import, the code download and starts remote executable that later connects to a C2 server, likely establishing a reverse tunnel. After executing the...

6AI score
Exploits0References7
OSV
OSV
added 2026/04/01 11:46 a.m.3 views

MAL-2026-2400 Malicious code in kube-node-health (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 391555cff14c82156843bee267daf896c3e3e989b9c899ef34b12ac7e23b1c7e During import, the code download and starts remote executable that later connects to a C2 server, likely establishing a reverse tunnel. After executing the...

6AI score
Exploits0References7
GithubExploit
GithubExploit
added 2026/04/01 11:3 a.m.251 views

Exploit for CVE-2025-48757

Vibe Coding Security Scanner A security audit skill for AI-as...

9.3CVSS7.5AI score0.00709EPSS
Exploits3
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 10:35 a.m.3 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by improper handling of Windows device names due to Werkzeug

Summary Werkzeug is used by IBM Cloud Pak for Data System 1.0 as a WSGI web application library. CVE-2025-66221 affects Werkzeug's handling of Windows device names, which could lead to improper resource handling and potential availability impact on Windows systems. This vulnerability relates to t...

6.3CVSS6.9AI score0.00474EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 10:31 a.m.5 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by multiple vulnerabilities due to urllib3

Summary The urllib3 library is used by IBM Cloud Pak for Data System 1.0 to provide HTTP client functionality for Python applications. Multiple vulnerabilities affect urllib3. CVE-2025-66418 involves allocation of resources without limits or throttling, which could lead to resource exhaustion...

8.9CVSS6.9AI score0.00622EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 10:28 a.m.2 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by improper handling of Windows device names due to Werkzeug

Summary Werkzeug is used by IBM Cloud Pak for Data System 1.0 as a WSGI web application library. CVE-2026-21860 affects Werkzeug's handling of Windows device names, which could lead to improper resource handling and potential availability impact on Windows systems. This vulnerability relates to t...

6.3CVSS5.8AI score0.00424EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 10:11 a.m.7 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by multiple vulnerabilities due to urllib3

Summary The urllib3 library is used by IBM Cloud Pak for Data System 1.0 to provide HTTP client functionality for Python applications. Multiple vulnerabilities affect urllib3. CVE-2025-66418 involves allocation of resources without limits or throttling. CVE-2025-66471 and CVE-2026-21441 both rela...

8.9CVSS6.9AI score0.02667EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 10:8 a.m.2 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by multiple vulnerabilities due to Werkzeug

Summary Werkzeug is used by IBM Cloud Pak for Data System 1.0 as a WSGI web application library. Multiple vulnerabilities affect Werkzeug. CVE-2024-49767 involves a resource exhaustion vulnerability in the multipart/form-data parser where a specifically crafted form submission can cause the parse...

7.5CVSS7.2AI score0.01093EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 10:3 a.m.4 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by arbitrary code execution due to Jinja2

Summary Jinja2 is used by IBM Cloud Pak for Data System 1.0 as a template engine for generating dynamic content. CVE-2025-27516 affects Jinja2's sandboxed environment where an oversight in how the |attr filter interacts with the sandbox allows an attacker who controls template content to execute...

8.8CVSS6.2AI score0.00465EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 10:0 a.m.5 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by open redirect vulnerabilities due to urllib3

Summary The urllib3 library is used by IBM Cloud Pak for Data System 1.0 to provide HTTP client functionality for Python applications. Multiple open redirect vulnerabilities affect urllib3. CVE-2025-50182 relates to urllib3 not controlling redirects when used in Pyodide runtime with JavaScript...

6.1CVSS6.9AI score0.004EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 9:58 a.m.6 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by credential disclosure due to Python Requests library

Summary The Python Requests library is used by IBM Cloud Pak for Data System 1.0 to handle HTTP communications. CVE-2024-47081 affects Requests due to a URL parsing issue that may leak .netrc credentials to third parties when processing maliciously-crafted URLs. This vulnerability could result in...

5.3CVSS7AI score0.00846EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 9:55 a.m.5 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by multiple vulnerabilities due to Flask-Cors

Summary Flask-Cors is used by IBM Cloud Pak for Data System to handle Cross-Origin Resource Sharing CORS for web applications. Multiple vulnerabilities affect Flask-Cors path matching functionality. CVE-2024-6866 involves case-insensitive path matching that can allow unauthorized origins to acces...

7.5CVSS5.8AI score0.00652EPSS
Exploits3Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/01 9:47 a.m.10 views

Malicious code in kube-health-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4d36d5ed9b1bc15c12e89f48c1228a4f6e3aebe558a67d535655e280b25b4440 During import, the code download and starts remote executable that later connects to a C2 server, likely establishing a reverse tunnel. After executing the...

6AI score
Exploits0References7
OSV
OSV
added 2026/04/01 9:47 a.m.10 views

MAL-2026-2327 Malicious code in kube-health-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4d36d5ed9b1bc15c12e89f48c1228a4f6e3aebe558a67d535655e280b25b4440 During import, the code download and starts remote executable that later connects to a C2 server, likely establishing a reverse tunnel. After executing the...

6AI score
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 9:46 a.m.5 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by denial of service due to Python cryptography package

Summary The Python cryptography package is used by IBM Cloud Pak for Data System to provide cryptographic functionality. CVE-2024-0727 affects the underlying OpenSSL library used by the cryptography package. Processing a maliciously formatted PKCS12 file may cause a NULL pointer dereference in...

5.5CVSS6.7AI score0.03174EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 9:38 a.m.2 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by improper validation due to Eclipse Jetty.

Summary Eclipse Jetty is used by IBM Cloud Pak for Data System CPDS as part of its web server infrastructure. CVE-2024-6763 affects Eclipse Jetty's HttpURI class, which performs insufficient validation on the authority segment of a URI. This could potentially lead to open redirect attacks or...

5.3CVSS7.1AI score0.00986EPSS
Exploits1Affected Software1
Rows per page
Query Builder