Lucene search
K

725 matches found

Nuclei
Nuclei
added yesterday97 views

Alibaba Sentinel - Server-side request forgery (SSRF)

There is a Pre-Auth SSRF vulnerability in Alibaba Sentinel version 1.8.2, which allows remote unauthenticated attackers to perform SSRF attacks via the /registry/machine endpoint through the ip parameter. id: CVE-2021-44139 info: name: Alibaba Sentinel - Server-side request forgery SSRF author:...

7.5CVSS7AI score0.06485EPSS
Exploits1References1
Metasploit
Metasploit
added 4 days ago12 views

Dword XOR Encoder (Tag-based)

Dword XOR encoder for RISC-V 32-bit Little Endian using a tag-based terminator rather than an encoded length. The decoder loop XORs each dword and stops when the result is zero the sentinel. This avoids encoding the payload length in the stub, eliminating a source of bad character conflicts. Note...

6.1AI score
Exploits0
NVD
NVD
added 2026/07/07 4:17 a.m.10 views

CVE-2026-34034

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the sentineltoken setting is used in shell commands without sufficient validation, allowing an authenticated user with access to server Sentinel settings to inject shell...

8.8CVSS0.00403EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/07 3:6 a.m.33 views

CVE-2026-34034 Coolify: Host RCE via Sentinel token injection

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the sentineltoken setting is used in shell commands without sufficient validation, allowing an authenticated user with access to server Sentinel settings to inject shell...

8.8CVSS0.00403EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/07 3:6 a.m.8 views

CVE-2026-34034

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the sentineltoken setting is used in shell commands without sufficient validation, allowing an authenticated user with access to server Sentinel settings to inject shell...

8.8CVSS6AI score0.00403EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/07/07 3:6 a.m.6 views

EUVD-2026-41987

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the sentineltoken setting is used in shell commands without sufficient validation, allowing an authenticated user with access to server Sentinel settings to inject shell...

8.8CVSS6AI score0.00403EPSS
Exploits0References3
CVE
CVE
added 2026/07/07 3:6 a.m.13 views

CVE-2026-34034

CVE-2026-34034 affects Coolify prior to version 4.0.0-beta.466. The issue arises from insufficient validation of the sentinel_token setting in shell commands, enabling an authenticated user with access to server Sentinel settings to inject shell syntax and execute commands on the host when Sentin...

8.8CVSS6AI score0.00403EPSS
Exploits0References3
OSV
OSV
added 2026/07/07 3:6 a.m.3 views

CVE-2026-34034 Coolify: Host RCE via Sentinel token injection

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the sentineltoken setting is used in shell commands without sufficient validation, allowing an authenticated user with access to server Sentinel settings to inject shell...

8.8CVSS6AI score0.00403EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 4:53 p.m.3 views

Security Bulletin: Vulnerabilities in lodash, cryptography and axios might affect IBM Storage Defender Sentinel Anomaly Scan Engine.

Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by lodash, cryptography and axios. Vulnerabilities include allowing an attacker to perform prototype pollution, create buffer overflows, improper validation of certificates and connect to internal services. More details are...

9.8CVSS7.7AI score0.01735EPSS
Exploits5Affected Software1
EUVD
EUVD
added 2026/06/25 6:6 p.m.5 views

EUVD-2026-39523

libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range sequential message IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM sentences over VHF marine radio or IP feeds,...

8.7CVSS5.9AI score0.00339EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53170

In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: reject DMA commands with uninitialized length cmdstateinit initializes the command state with memset0xff, leaving dma-len at U64MAX to signal missing setup. The only setter is NPUSETDMA0LEN; if userspace omits this...

8.8CVSS5.8AI score0.00137EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/25 8:38 a.m.30 views

CVE-2026-53170 accel/ethosu: reject DMA commands with uninitialized length

In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: reject DMA commands with uninitialized length cmdstateinit initializes the command state with memset0xff, leaving dma-len at U64MAX to signal missing setup. The only setter is NPUSETDMA0LEN; if userspace omits this...

8.8CVSS0.00137EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 8:38 a.m.12 views

CVE-2026-53170

Concrete details confirm a vulnerability in the Linux kernel accel/ethosu driver: cmd_state_init() leaves dma->len at U64_MAX to signal uninitialized length, and dma_length() can wrap a positive stride to a small value, causing a bypass of region checks in ethosu_job.c when userspace omits the...

8.8CVSS5.9AI score0.00137EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: PCI: mt7621: Added a sentinel to the quirks table. The current driver lacks a sentinel in the struct socdeviceattribute array, which causes a buffer overflow error when the socdevicematchmt7621pciequirksmatch function is called...

5.5CVSS6AI score0.00233EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.24 views

PT-2026-48482

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 2.0.0 through 2.0.13 Description Private services configured with EnableShowInService: false are enumerable, leading to the leak of service names and timing data. While the main service-listing endpoint correctly...

5.3CVSS5.3AI score0.00253EPSS
Exploits0References6
Microsoft Secure
Microsoft Secure
added 2026/06/09 5:35 p.m.14 views

Reconstructing AI activity in investigations

AI systems are now part of everyday work. Investigators need a consistent way to reconstruct what happened within them. Security teams are already investigating activity involving Microsoft 365 Copilot and Azure AI services—from prompt injection attempts to unexpected data access. Those signals a...

5.4AI score
Exploits0
OSV
OSV
added 2026/06/09 5:25 p.m.25 views

MAL-2026-5431 Malicious code in @webd-infra/query-designer-domain (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c7713f23c6a0044172532693bc43aee0d785a980fc5c83ba1f773af9082e3b3 The package's package.json declares its only dependency ltidisafe as a direct tarball URL:...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 7:53 a.m.10 views

Malicious code in @demica/shared (npm)

Note: This report is updated by a verification record Dep-confusion squat of internal @demica/shared at sentinel high version 99.99.100 + auto-exec postinstall canary.js beaconing to RAW IP 157.230.17.236:80/dc. Sentinel-high-version + auto-exec beacon = MALICIOUS per operator policy c913;...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 7:52 a.m.11 views

Malicious code in @demica/resources (npm)

Note: This report is updated by a verification record Dep-confusion squat of internal @demica/resources at sentinel high version 99.99.100 + auto-exec postinstall canary.js beaconing to RAW IP 157.230.17.236:80/dc. Sentinel-high-version + auto-exec beacon = MALICIOUS per operator policy c913;...

5.4AI score
Exploits0References3
OSV
OSV
added 2026/06/09 7:50 a.m.10 views

MAL-2026-5349 Malicious code in @demica/core (npm)

Dep-confusion squat of internal @demica/core at sentinel high version 99.99.100 + auto-exec postinstall canary.js beaconing to RAW IP 157.230.17.236:80/dc. Sentinel-high-version + auto-exec beacon = MALICIOUS per operator policy c913; "authorized benign canary" framing does NOT downgrade, raw-IP...

5.4AI score
Exploits0References3
Rows per page
Query Builder