Lucene search
+L

728536 matches found

The Hacker News
The Hacker News
added 10 hours ago16 views

UAC-0145 Uses ClickFix CAPTCHAs to Infect Ukrainian Devices wih Malware

Russian state-sponsored threat actors have been observed leveraging the infamous ClickFix strategy to trick Ukrainian targets into infecting their own machines with data-stealing malware. According to the Computer Emergency Response Team of Ukraine CERT-UA, the activity has been attributed to...

6AI score
Exploits0
The Hacker News
The Hacker News
added 10 hours ago7 views

SonicWall SMA Zero-Days Exploited Before Disclosure to Gain Root Access

A previously undocumented threat actor has been attributed to the exploitation of recently disclosed SonicWall Secure Mobile Access SMA 1000 series VPN appliances as zero-days prior their public disclosure since June 22, 2026. Cybersecurity company Volexity is tracking the activity under the...

10CVSS9.5AI score0.01486EPSS
Exploits5
BDU FSTEC
BDU FSTEC
added 11 hours ago22 views

The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed, allowing an attacker to execute arbitrary code.

The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

8.4CVSS6AI score0.00456EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 11 hours ago22 views

The vulnerability of the Directum Web Agent component of the Directum RX system, which arises due to insufficient validation of input data, allows a perpetrator to execute arbitrary code.

The vulnerability of the Directum Web Agent component of the Directum RX system exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially crafted file...

8.5CVSS6.1AI score
Exploits0Affected Software1
GithubExploit
GithubExploit
added 14 hours ago24 views

waf-log-detector

WAF Log Detector A defensive analyzer for HTTP access logs. I...

5.6AI score
Exploits0
GithubExploit
GithubExploit
added 14 hours ago28 views

Exploit for CVE-2026-60137

wp2shell-scanner by @bahartanirhttps://github.com/baha...

9.8CVSS6.4AI score0.08946EPSS
Exploits38
GithubExploit
GithubExploit
added 15 hours ago34 views

SecureProxy

SecureProxy Description: SecureProxy is a self-hosted W...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 17 hours ago35 views

Exploit for CVE-2026-60137

wp2shell — WordPress Core Pre-Auth RCE CVE-2026-63030 Ba...

9.8CVSS7.1AI score0.08946EPSS
Exploits38
GithubExploit
GithubExploit
added 17 hours ago35 views

Ruoyi-Scan

Ruoyi-Scan — RuoYi-specific vulnerability scanning tool 2...

5.6AI score
Exploits0
GithubExploit
GithubExploit
added 17 hours ago36 views

Exploit for CVE-2026-63030

wp2shell Pre-Authentication Remote Code Execution in WordPres...

9.8CVSS6.7AI score0.08946EPSS
Exploits38
Nuclei
Nuclei
added 19 hours ago14 views

Windmill/Nextcloud Flow < 1.603.3 - Unauthenticated Path Traversal

Windmill 1.603.3 contains a path traversal caused by unsanitized filename parameter in getlogfile endpoint, letting unauthenticated attackers read arbitrary files on the server, exploit requires no authentication. id: CVE-2026-29059 info: name: Windmill/Nextcloud Flow 1.603.3 - Unauthenticated Pa...

7.5CVSS7.7AI score0.02584EPSS
Exploits0References3
OSV
OSV
added 19 hours ago3 views

OESA-2026-3052 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

5.6CVSS5.6AI score0.00306EPSS
Exploits0References2
OSV
OSV
added 19 hours ago3 views

OESA-2026-3051 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

5.6CVSS5.6AI score0.00306EPSS
Exploits0References3
OSV
OSV
added 19 hours ago3 views

OESA-2026-3050 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

5.6CVSS5.6AI score0.00306EPSS
Exploits0References3
OSV
OSV
added 19 hours ago3 views

OESA-2026-3049 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

5.6CVSS5.6AI score0.00306EPSS
Exploits0References3
OSV
OSV
added 19 hours ago3 views

OESA-2026-3048 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

5.6CVSS5.6AI score0.00306EPSS
Exploits0References2
OSV
OSV
added 19 hours ago3 views

OESA-2026-3045 varnish security update

This is Varnish Cache, a web application accelerator also known as a caching HTTP reverse proxy. You install it in front of any server that speaks HTTP and configure it to cache the contents. Varnish Cache is really, really fast. It typically speeds up delivery with a factor of 300 - 1000x,...

9.8CVSS5.3AI score0.00202EPSS
Exploits1References2
OSV
OSV
added 19 hours ago3 views

OESA-2026-3012 mod_auth_openidc security update

This module enables an Apache 2.x web server to operate as an OpenID Connect Relying PartyRP to an OpenID Connect ProviderOP. Security Fixes: An out-of-bounds read and a one-byte out-of-bounds write exist in the state-cookie parser of modauthopenidc. oidcstatecookiesparsetoken src/state.c scans a...

5.7AI score
Exploits0References2
OSV
OSV
added 19 hours ago3 views

OESA-2026-3011 mod_auth_openidc security update

This module enables an Apache 2.x web server to operate as an OpenID Connect Relying PartyRP to an OpenID Connect ProviderOP. Security Fixes: An out-of-bounds read and a one-byte out-of-bounds write exist in the state-cookie parser of modauthopenidc. oidcstatecookiesparsetoken src/state.c scans a...

5.7AI score
Exploits0References2
OSV
OSV
added 19 hours ago3 views

OESA-2026-3010 mod_auth_openidc security update

This module enables an Apache 2.x web server to operate as an OpenID Connect Relying PartyRP to an OpenID Connect ProviderOP. Security Fixes: An out-of-bounds read and a one-byte out-of-bounds write exist in the state-cookie parser of modauthopenidc. oidcstatecookiesparsetoken src/state.c scans a...

5.7AI score
Exploits0References2
Rows per page
Query Builder