Lucene search
K

2610 matches found

The Hacker News
The Hacker News
added 2026/05/21 7:35 a.m.19 views

9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros

Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years. The vulnerability, tracked as CVE-2026-46333 CVSS score: 5.5, is a case of improper privilege management that could permit an unprivileged local user to disclose...

7.1CVSS6.1AI score0.0138EPSS
Exploits6
OSV
OSV
added 2026/05/21 2:6 a.m.8 views

MAL-2026-4414 Malicious code in @onerjs/smart-filters (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66a4578e888bb6e53b7a5df17aa093931f6aff50773efd2634819294538217ab Package is published under the @onerjs scope but self-describes as 'Babylon.js Smart Filter core' with repository metadata pointing at...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 2:6 a.m.14 views

Malicious code in @onerjs/smart-filters (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66a4578e888bb6e53b7a5df17aa093931f6aff50773efd2634819294538217ab Package is published under the @onerjs scope but self-describes as 'Babylon.js Smart Filter core' with repository metadata pointing at...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 12:15 a.m.11 views

Malicious code in @kruzer/lib-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1bb1f66615de2b0b161721218d2bff4bb0e7100b5cb28b764fcc2e6f1ee671f The published tarball's package.json contains a hardcoded npm registry auth token embedded in the build:publish script: npm publish --tag alpha...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/05/21 12:15 a.m.11 views

MAL-2026-4401 Malicious code in @kruzer/lib-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1bb1f66615de2b0b161721218d2bff4bb0e7100b5cb28b764fcc2e6f1ee671f The published tarball's package.json contains a hardcoded npm registry auth token embedded in the build:publish script: npm publish --tag alpha...

5.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.12 views

PT-2026-42675

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.04.1 Description The OAuth token strategy attaches oauth scope and oauth granted resources to the request user, but the ACL Access Control List middleware fails to consult these values. Consequently, an OAuth toke...

2CVSS5.8AI score0.00151EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.11 views

PT-2026-42605

Summary Before the round-1 security sweep, pkg/builder/builder.go passed Environment.spec.builder.command directly into exec.Command... after a strings.Fields split, with no validation of the executable path or its arguments. A user who could create or update Environment CRDs in a namespace...

6.2AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.25 views

PT-2026-42688

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.23.0 Description In pkg/builder/builder.go, the software passes the Environment.spec.builder.command variable directly into the exec.Command function after a strings.Fields split without validating the executable pa...

6.9CVSS6.1AI score0.00364EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.11 views

PT-2026-42634

Summary The OAuth token strategy attached oauth scope and oauth granted resources to the request user, but the ACL middleware never consulted either. An OAuth token issued with a restricted scope e.g. MCP-only therefore inherited the full permissions of the underlying user across all routes; the...

2CVSS5.8AI score
Exploits0References3
GithubExploit
GithubExploit
added 2026/05/20 10:36 p.m.101 views

Exploit for CVE-2026-0265

CVE-2026-0265 Passive Detector v2 Defensive reconnaissanc...

9.2CVSS5.9AI score0.0044EPSS
Exploits3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 7:34 p.m.15 views

Malicious code in @ctrl/plex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20e1aad15739a79a359d88099a004fa395b66df8845c10823824e848f095c568 The @ctrl/ npm scope was compromised in the Shai-Hulud supply-chain incident September 2025. Versions of @ctrl/plex published during and after the...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 3:8 p.m.12 views

Malicious code in @nutui/nutui-react-taro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71ad42f4bfd953311c2d69f622cc6e8d5193a8852ac0bbc9ea0781ac6b651390 The package's postinstall.js invokes execSync'npm-usage-stats disable' and execSync'npm-usage-stats', stdio: 'inherit' . The npm-usage-stats bin is...

6.4AI score
Exploits0References1
OSV
OSV
added 2026/05/20 10:9 a.m.6 views

CLSA-2026-1779271781 vim: Fix of 6 CVEs

CVE-2022-4292: also check winvalidanytab in didsetspelllang after SpellFileMissing autocmd - CVE-2023-4751: resetVIsualandresel at start of exbufferall to prevent UAF on Visual mark - CVE-2023-0054: bail out of dostringsub when vimregsub returns sublen = 0 - CVE-2022-2206: clamp cmdlinerow/msgrow...

7.8CVSS6.7AI score0.01343EPSS
Exploits6References1
OSV
OSV
added 2026/05/20 3:22 a.m.13 views

MAL-2026-4449 Malicious code in @tailwind-core/oxide-win32-x64-msvc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d93cb69a6f12f5739ab03d78641f2a79179750b6182f65ba5b8fb8ec4a1399bc The package name @tailwind-core/oxide-win32-x64-msvc impersonates the legitimate Tailwind CSS scope @tailwindcss published by tailwindlabs. The READM...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 3:22 a.m.11 views

Malicious code in @tailwind-core/oxide-win32-x64-msvc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d93cb69a6f12f5739ab03d78641f2a79179750b6182f65ba5b8fb8ec4a1399bc The package name @tailwind-core/oxide-win32-x64-msvc impersonates the legitimate Tailwind CSS scope @tailwindcss published by tailwindlabs. The READM...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 2:47 a.m.14 views

Malicious code in @serviceshub/x-web-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cd81c2623e8f621801dcbfbf7d7eb8745bf702f1d5e85e410872400c7d2eea7 Package ships a trivial index.js module.exports = ; and exists solely to pull a direct-URL tarball dependency at install time. package.json line 9...

5.6AI score
Exploits0References2
OSV
OSV
added 2026/05/20 2:9 a.m.6 views

MAL-2026-4389 Malicious code in @flipbit2-bb/test-auth-state (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52ba26e89d1aca1f10772bf4cc8c9b23a436a39a8442fdf4ba9abf6c4c890e63 On npm install, a postinstall script phone-home.js collects os.hostname, os.userInfo.username, process.platform + os.release, a timestamp, and a...

5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/19 9:32 p.m.9 views

Apache Airflow Amazon provider: Prevent unauthorized access to team-scoped secrets in AWS Secrets Manager and SSM Parameter Store backends

In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...

5.3CVSS5.4AI score0.00413EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/05/19 7:17 p.m.39 views

CVE-2026-42526 Apache Airflow Amazon provider: Prevent unauthorized access to team-scoped secrets in AWS Secrets Manager and SSM Parameter Store backends

In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...

0.00413EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 7:17 p.m.15 views

CVE-2026-42526 Apache Airflow Amazon provider: Prevent unauthorized access to team-scoped secrets in AWS Secrets Manager and SSM Parameter Store backends

In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...

5.8AI score0.00413EPSS
Exploits0References2
Rows per page
Query Builder