Lucene search
+L

7756 matches found

CVE
CVE
added 57 minutes ago4 views

CVE-2026-64015

In the Linux kernel, the following vulnerability has been resolved: security/keys: fix missed RCU read section on lookup Nicholas Carlini reports that the keyring code calls assocarrayfind in findkeytoupdate without holding the RCU read lock, while the assocarraygc code really is designed around...

5.5AI score
Exploits0References6
The Hacker News
The Hacker News
added 2 days ago10 views

Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT

Cybersecurity researchers have discovered a cluster of seven malicious npm packages targeting the Vite frontend tooling ecosystem as part of a software supply chain attack. The malicious package campaign, codenamed ViteVenom by Checkmarx, marks an expansion of ChainVeil , which was observed using...

6.1AI score
Exploits0
Securelist
Securelist
added 3 days ago23 views

GoSerpent: a persistent threat evolves with sophisticated data collection and exfiltration

Introduction In February 2026, we discovered a set of malicious activities that had been ongoing since late 2025. These activities involved a RAT module written in Go with proxy capabilities, which served as the main stage of the attack. The attack targeted government and diplomatic entities in...

6.3AI score
Exploits0
CVE
CVE
added 3 days ago21 views

CVE-2026-23538

The CVE affects Feast: Feast Feature Server /ws/chat accepts unauthenticated, persistent WebSocket connections. An attacker can open many concurrent connections to exhaust memory, CPU, and file descriptors, causing DoS. Affected software: Feast (Python SDK context cited by SNYK for Feast >=0.1...

7.5CVSS6.1AI score0.00748EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-44803

CVE-2026-55398 is a memory management vulnerability in Secure Access clients and servers prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against the server...

6.9CVSS6.1AI score0.00209EPSS
Exploits0References1
CVE
CVE
added 4 days ago10 views

CVE-2026-55398

CVE-2026-55398 is a memory management vulnerability in Secure Access clients and servers prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can cause a non-persistent DoS on the server. CVSS v4 base score 6.9 (Medium) with network attack, low complexit...

6.9CVSS6.1AI score0.00209EPSS
Exploits0References1Affected Software1
NVD
NVD
added 4 days ago5 views

CVE-2026-40955

CVE-2026-40955 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client...

3.7CVSS0.00201EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-44801

CVE-2026-33445 is a memory management vulnerability in Secure Access servers prior to 14.55. Attackers with an intimate knowledge of and total control over the tunnel protocol can create a persistent DoS against the server...

8.7CVSS6.1AI score0.00236EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-44799

CVE-2026-33444 is a memory management vulnerability in Secure Access servers prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against the server...

6.9CVSS6.1AI score0.00258EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-33443

CVE-2026-33443 is a memory management error in Secure Access servers prior to 14.55. Attackers with an intimate knowledge of and total control over the tunnel protocol can create a persistent DoS against the server...

7.1CVSS6.1AI score0.00213EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-44793

CVE-2026-40958 is a input validation error in Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client...

2.3CVSS6.1AI score0.00223EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 4 days ago3 views

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues The following security issues were fixed: CVE-2026-31771: Bluetooth: hcievent: move wake reason storage into validated event handlers bsc1264145. CVE-2026-43038: ipv6: icmp: clear skb2-cb in ip6errgenicmpv6unreach...

9.3CVSS7.1AI score0.00385EPSS
Exploits17References112
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago13 views

Malicious code in iwsdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66af3674e89512532e1448a9421b3318388094ff91bb2e8c32714670a7f5f2cc The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-47737

Puma is a Ruby/Rack web server built for parallelism. From 5.5.0 until 7.2.1 and 8.0.2, Puma is vulnerable to source IP spoofing when setremoteaddress proxyprotocol: :v1 is enabled and persistent connections are used because Puma incorrectly re-parses PROXY protocol headers after each keep-alive...

7.5CVSS0.00177EPSS
Exploits0References7
Cvelist
Cvelist
added 5 days ago36 views

CVE-2026-47737 Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections

Puma is a Ruby/Rack web server built for parallelism. From 5.5.0 until 7.2.1 and 8.0.2, Puma is vulnerable to source IP spoofing when setremoteaddress proxyprotocol: :v1 is enabled and persistent connections are used because Puma incorrectly re-parses PROXY protocol headers after each keep-alive...

7.5CVSS0.00177EPSS
Exploits0References7
OSV
OSV
added 5 days ago8 views

CVE-2026-47737 Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections

Puma is a Ruby/Rack web server built for parallelism. From 5.5.0 until 7.2.1 and 8.0.2, Puma is vulnerable to source IP spoofing when setremoteaddress proxyprotocol: :v1 is enabled and persistent connections are used because Puma incorrectly re-parses PROXY protocol headers after each keep-alive...

7.5CVSS6.1AI score0.00177EPSS
Exploits0References9
CVE
CVE
added 5 days ago41 views

CVE-2026-47737

CVE-2026-47737 affects the Puma Ruby/Rack web server. From 5.5.0 up to 7.2.1 and 8.0.2, it is vulnerable to source IP spoofing when set_remote_address proxy_protocol: :v1 is enabled and persistent connections are used. Puma re-parses PROXY protocol headers after each keep-alive on the same connec...

7.5CVSS6.1AI score0.00177EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago11 views

Malicious code in solana-key-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68b4680547530fce361014fe8c228734a8ec33bc8c834f46285e371e8f6b9f92 On require, index.js waits 37 seconds, reads test/fixtures/keypairs.dat a 53KB base64 blob disguised as a test fixture, no test harness references it...

6.4AI score
Exploits0References4
Cvelist
Cvelist
added 5 days ago28 views

CVE-2026-10051

In Eclipse Jetty, a first HTTP/1.1 request with trailers causes the server to retain the trailers in subsequent requests performed over the same connection. Subsequent request that do not have trailers report the trailers of the first request. Subsequent request that do have trailers report the...

6.9CVSS0.00253EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago11 views

Malicious code in @flcik/flick.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d31c087b34f156cf2b5ae7070222a57e2d760d68f9c4c73721c2800eb7b6bf62 @flcik/[email protected] replicates the discord.js public API surface FlickClient, GatewayIntentBits, SlashCommandBuilder, ButtonStyle, MessageFlags, th...

6.1AI score
Exploits0References10
Rows per page
Query Builder