Lucene search
K

22209 matches found

Circl
Circl
added 11 hours ago7 views

CVE-2026-15628

creationtimestamp| type| source ---|---|--- 2026-07-14 05:52:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqljbsldb52l...

6.5CVSS6.6AI score
Exploits0References1
NVD
NVD
added yesterday6 views

CVE-2026-61500

Rejetto HFS 3.0.0 through 3.2.0 derives its session-cookie signing key from the non-cryptographic Math.random generator and discloses outputs of the same generator to unauthenticated clients during login. A remote attacker can collect a small number of login responses, reconstruct the generator's...

9.8CVSS
Exploits0References2
Circl
Circl
added yesterday5 views

CVE-2026-12275

creationtimestamp| type| source ---|---|--- 2026-07-13 07:43:13+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqj6z3gyqz22 2026-07-14 00:00:15+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mqkvm5egav2z 2026-07-14 03:16:08+00:00| seen|...

7.1CVSS6.1AI score0.00132EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-43238

A vulnerability was detected in AojiaoZero Antaris 1.0. This affects the function rewardPurchase of the file /ipn.php of the component PayPal IPN Payment Handler. The manipulation of the argument itemnumber results in sql injection. The attack may be performed from remote. The vendor was contacte...

6.5CVSS6.5AI score0.00196EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-15502 AojiaoZero Antaris PayPal IPN Payment ipn.php _rewardPurchase sql injection

A vulnerability was detected in AojiaoZero Antaris 1.0. This affects the function rewardPurchase of the file /ipn.php of the component PayPal IPN Payment Handler. The manipulation of the argument itemnumber results in sql injection. The attack may be performed from remote. The vendor was contacte...

6.5CVSS0.00196EPSS
Exploits0References4
Circl
Circl
added 3 days ago8 views

CVE-2026-9017

creationtimestamp| type| source ---|---|--- 2026-07-11 07:32:53+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqe5ir7roy2w 2026-07-11 07:47:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqe6cypq4a2t...

5.3CVSS6.1AI score0.00273EPSS
Exploits0References2
Circl
Circl
added 4 days ago7 views

CVE-2026-53653

creationtimestamp| type| source ---|---|--- 2026-07-10 18:20:38+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mqcra4ilol2c 2026-07-10 22:51:15+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdadyx4fk27 2026-07-10 23:35:17+00:00| seen|...

8.7CVSS6.1AI score0.00301EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in stella-ai-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 936d3c8bc6611b58f5321ba5aab651bb3d2db821d172816283ca04633be00863 The stella CLI shipped in bin/stella.js prompts users for their phone number and the WhatsApp verification code and POSTs both to a hardcoded bare-IP...

6.2AI score
Exploits0References9
OSV
OSV
added 4 days ago3 views

MAL-2026-10133 Malicious code in stella-ai-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 936d3c8bc6611b58f5321ba5aab651bb3d2db821d172816283ca04633be00863 The stella CLI shipped in bin/stella.js prompts users for their phone number and the WhatsApp verification code and POSTs both to a hardcoded bare-IP...

6.2AI score
Exploits0References9
NVD
NVD
added 4 days ago6 views

CVE-2026-38059

The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID DID, Terminal Private Key identifier TPK, MAC address, and exact firmwa...

8.7CVSS0.00592EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42908

The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID DID, Terminal Private Key identifier TPK, MAC address, and exact firmwa...

8.7CVSS6.1AI score0.00592EPSS
Exploits0References3
CVE
CVE
added 4 days ago10 views

CVE-2026-38059

The CVE-2026-38059 entry concerns iDirect iQ200 devices where the /api/identity and /api/ REST endpoints are exposed without authentication. An unauthenticated attacker with network access can retrieve sensitive device data including serial number, Device ID (DID), Terminal Private Key (TPK) iden...

8.7CVSS6.1AI score0.00592EPSS
Exploits0References3
Circl
Circl
added 4 days ago7 views

CVE-2026-13347

creationtimestamp| type| source ---|---|--- 2026-07-10 11:16:00+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqbzis5yut2y 2026-07-10 12:15:24+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-13347 2026-07-12 18:01:08+00:00| seen|...

7.5CVSS6.1AI score0.00512EPSS
Exploits0References3
Circl
Circl
added 4 days ago6 views

CVE-2026-28564

creationtimestamp| type| source ---|---|--- 2026-07-10 10:58:20+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqbyj7nlat2y 2026-07-10 12:15:27+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-28564 2026-07-10 13:10:06+00:00| seen|...

9.8CVSS6.1AI score0.00367EPSS
Exploits0References6
Circl
Circl
added 4 days ago7 views

CVE-2026-15300

creationtimestamp| type| source ---|---|--- 2026-07-10 05:18:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqbfirxvof2v 2026-07-10 06:00:26+00:00| seen| https://infosec.exchange/users/offseq/statuses/116894153133982870 2026-07-10 06:00:28+00:00| seen|...

9.1CVSS6.1AI score0.00349EPSS
Exploits0References5
CVE
CVE
added 5 days ago10 views

CVE-2026-9028

Technical details are not publicly available in the provided documents. Monitor for updates.

5.3CVSS6AI score0.00288EPSS
Exploits0References8
Circl
Circl
added 5 days ago10 views

CVE-2026-14245

creationtimestamp| type| source ---|---|--- 2026-07-09 09:00:27+00:00| seen| https://infosec.exchange/users/offseq/statuses/116889198686002131 2026-07-09 09:00:30+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mq7bhkabxp24 2026-07-09 22:30:57+00:00| seen|...

9.8CVSS5.9AI score0.00586EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42509

The WP DSGVO Tools GDPR WordPress plugin before 3.1.40 does not perform an authorization check on the immediate-processing path of its data subject access request feature, allowing unauthenticated attackers to generate and download the full personal-data export including name, postal address, pho...

5.3CVSS6AI score0.00193EPSS
Exploits0References1
Circl
Circl
added 6 days ago8 views

CVE-2026-11903

creationtimestamp| type| source ---|---|--- 2026-07-08 17:37:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq5nvsx5n62g 2026-07-08 20:15:14+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/progress-security-advisory-av26-678 2026-07-09 11:30:31+00:00| seen|...

8CVSS5.9AI score0.00232EPSS
Exploits0References3
Circl
Circl
added last week12 views

CVE-2026-13020

creationtimestamp| type| source ---|---|--- 2026-07-07 19:25:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq3dhu46ku2f 2026-07-09 15:02:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mq7vo4wlz32b...

9.8CVSS5.9AI score0.00234EPSS
Exploits0References2
Rows per page
Query Builder