Lucene search
K

4387 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/19 12:59 a.m.7 views

Malicious code in ofjaaah-internal-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c8da6b0f3c7cb67171e251f86fdcd13d4809a9e46e59259c7fca02d1e463cab The package ofjaaah-internal-utils was found to contain malicious code. Source: ghsa-malware...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000613)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000613 advisory. The biomapuseriov and biounmapuser functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive...

6.5CVSS7AI score0.00531EPSS
Exploits0References23
AstraLinux
AstraLinux
added 2026/01/13 2:1 p.m.3 views

Astra Linux – Vulnerability in OpenSSL

Issue Summary: Validation of PBMAC1 parameters in PKCS12 files is missing. This can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereferencing during MAC verification. Impact Summary: The stack buffer overflow or NULL pointer dereferencing may cause a crash, leading to a...

6.1CVSS7.1AI score0.00515EPSS
Exploits1References3
FreeBSD
FreeBSD
added 2026/01/13 12:0 a.m.8 views

Mozilla -- multiple vulnerabilities

Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Denial-of-service in the DOM: Service Workers component. Information...

10CVSS7.4AI score0.00537EPSS
Exploits1
The Hacker News
The Hacker News
added 2026/01/09 5:43 p.m.19 views

China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines

Chinese-speaking threat actors are suspected to have leveraged a compromised SonicWall VPN appliance as an initial access vector to deploy a VMware ESXi exploit that may have been developed as far back as February 2024. Cybersecurity firm Huntress, which observed the activity in December 2025 and...

9.3CVSS8.7AI score0.01676EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 12:33 p.m.8 views

CVE-2023-31289

Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an abort...

7.5CVSS7.1AI score0.00615EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:24 p.m.8 views

CVE-2018-14867

Incorrect access control in the portal messaging system in Odoo Community 9.0 and 10.0 and Odoo Enterprise 9.0 and 10.0 allows remote attackers to post messages on behalf of customers, and to guess document attribute values, via crafted parameters...

5.3CVSS7.1AI score0.01399EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:12 a.m.6 views

CVE-2019-11867

Realtek NDIS driver rt640x64.sys, file version 10.1.505.2015, fails to do any size checking on an input buffer from user space, which the driver assumes has a size greater than zero bytes. To exploit this vulnerability, an attacker must send an IRP with a system buffer size of 0...

5.5CVSS7AI score0.00284EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:54 a.m.10 views

CVE-2020-10905

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

4.3CVSS5.9AI score0.03405EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:1 a.m.8 views

CVE-2023-25518

NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of...

7.1CVSS7AI score0.00266EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:49 a.m.9 views

CVE-2022-27834

Use after free vulnerability in dspcontextunloadgraph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform malicious actions...

7CVSS7.1AI score0.00092EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:48 a.m.13 views

CVE-2022-27658

Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access information which could lead to information gathering for further exploits and attacks...

7.5CVSS6.7AI score0.00853EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.1 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000238)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000238 advisory. A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bcsvcprocess use wrong...

8CVSS6.8AI score0.01455EPSS
Exploits0References4
NVD
NVD
added 2026/01/05 11:17 a.m.3 views

CVE-2025-68547

Missing Authorization vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Follow My Blog Post: from n/a through = 2.4.0...

7.5CVSS0.00242EPSS
Exploits0References1
NVD
NVD
added 2026/01/02 9:15 p.m.9 views

CVE-2026-21447

Bagisto is an open source laravel eCommerce platform. Prior to version 2.3.10, an Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated customer to add items from another customer's order to their own shopping cart by manipulating the order...

7.1CVSS0.00274EPSS
Exploits1References2
OSV
OSV
added 2025/12/31 4:15 p.m.4 views

CVE-2025-15390

A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for...

8.8CVSS5.5AI score0.00345EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/31 12:0 a.m.4 views

PT-2025-54348

Name of the Vulnerable Software and Affected Versions Realbig versions through 1.1.3 Description An authorization issue exists in Realbig due to incorrectly configured access control security levels. This allows for potential exploitation of the system. Recommendations Update Realbig to a version...

5.3CVSS6.5AI score0.00176EPSS
Exploits0References3
OSV
OSV
added 2025/12/30 4:12 p.m.4 views

MAL-2025-192974 Malicious code in rt-interactive-card-collection (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9858817ec5f5e5af9db5f5033c3626e4214faa07e1169e950573bbca309a975e The package rt-interactive-card-collection was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References1
Snyk
Snyk
added 2025/12/22 4:55 a.m.4 views

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the sgvalidatepipelinedesc function. An attacker can execute arbitrary code or cause a crash by supplying crafted input that triggers a stack-based buffer overflow. Remediation A fix was pushed into the...

5.3CVSS7.9AI score0.00127EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/12/19 1:16 p.m.6 views

CVE-2025-14946

A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell SSH process,...

4.8CVSS5.9AI score0.00118EPSS
Exploits0References5
Rows per page
Query Builder