Lucene search
K

1056 matches found

The Hacker News
The Hacker News
added 2 days ago6 views

Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer

A previously undocumented threat actor known as Armored Likho has been attributed to cyber attacks targeting government agencies and the electric power sector across Russia, Brazil, and Kazakhstan. "Armored Likho blends financially motivated campaigns targeting private individuals with targeted...

7.8CVSS7.7AI score0.63102EPSS
Exploits3
The Hacker News
The Hacker News
added 2026/06/19 2:0 p.m.19 views

CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday urged Fortinet customers with FortiGate appliances to take steps to secure against ongoing malicious activity aimed at thousands of internet-accessible devices. The sweeping campaign, believed to be the work of...

6AI score
Exploits0
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel 6.0.8, there is a use-after-free in the rununpack function in fs/ntfs3/run.c, which is related to a difference between the NTFS sector size and the media sector size...

7.8CVSS6.6AI score0.00386EPSS
Exploits1References2
NVD
NVD
added 2026/06/17 10:54 a.m.8 views

CVE-2026-46976

Vulnerability in the Oracle Public Sector Payroll product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Public...

7.2CVSS0.00339EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:54 a.m.11 views

CVE-2026-46967

Vulnerability in the Oracle Public Sector Financials International product of Oracle E-Business Suite component: Authorization. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracl...

8.8CVSS0.00402EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/06/16 5:41 p.m.14 views

ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures

Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loaders called BabaDeda Loader , Lorem Ipsum Loader , and Potemkin , per independent reports from Morphisec, BlueVoyant, and Huntress, respectively. Attacks involving BabaDeda Loader, observed in April...

6.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-50066

Vulnerability in the Oracle Public Sector Financials International product of Oracle E-Business Suite component: Authorization. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracl...

8.8CVSS5.3AI score0.00402EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.11 views

PT-2026-50073

Vulnerability in the Oracle Public Sector Payroll product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Public...

7.2CVSS5.2AI score0.00339EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/06/15 7:32 p.m.17 views

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North Korean threat cluster known as Contagious Interview aka Famous Chollima, HexagonalRodent, and Void Dokkaebi. According to a report published by Proofpoint, the threat actor has...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.10 views

CVE-2026-46823

Vulnerability in the Oracle Public Sector Financials International product of Oracle E-Business Suite component: Authorization. Supported versions that are affected are 12.2.6-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Orac...

7.7CVSS5.5AI score0.00211EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/05 3:14 a.m.11 views

SUSE CVE-2026-26824

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...

6.5CVSS5.8AI score0.00228EPSS
Exploits1References3
NVD
NVD
added 2026/06/03 8:16 p.m.12 views

CVE-2026-26824

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...

6.5CVSS0.00228EPSS
Exploits1References1
OSV
OSV
added 2026/06/03 8:16 p.m.9 views

UBUNTU-CVE-2026-26824

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...

6.5CVSS5.4AI score0.00228EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/06/03 12:0 a.m.7 views

CVE-2026-26824

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...

6.5CVSS5.4AI score0.00228EPSS
Exploits1
CVE
CVE
added 2026/06/03 12:0 a.m.23 views

CVE-2026-26824

CVE-2026-26824 affects libxls up to version 1.6.3, where the MSAT (Master Sector Allocation Table) memory allocated during read_MSAT() is not fully initialized before use by ole2_validate_sector_chain() in the OLE container parser. This use-of-uninitialized-memory can cause application crashes or...

6.5CVSS5.8AI score0.00228EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/06/03 12:0 a.m.16 views

EUVD-2026-34178

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...

5.8AI score0.00228EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/03 12:0 a.m.33 views

CVE-2026-26824

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...

0.00228EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/03 12:0 a.m.9 views

CVE-2026-26824

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...

5.8AI score0.00228EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.16 views

PT-2026-46057

Name of the Vulnerable Software and Affected Versions libxls versions prior to 1.6.4 Description The OLE container parser contains an issue where memory allocated for the Master Sector Allocation Table MSAT in the read MSAT function is not fully initialized before being used by the ole2 validate...

6.5CVSS5.8AI score0.00228EPSS
Exploits1References3
The Hacker News
The Hacker News
added 2026/06/01 11:54 a.m.35 views

China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan

A new cyber espionage campaign codenamed Operation Dragon Weave has been observed targeting officials and citizens in the Czech Republic and Taiwan to deliver an AdaptixC2 agent. According to Seqrite Labs, targets of the campaign include government, research, academic, technology, and financial...

6.1AI score
Exploits0
Rows per page
Query Builder