Lucene search
K

5 matches found

Qualys Blog
Qualys Blog
added 2026/03/12 9:32 p.m.10 views

CrackArmor: Critical AppArmor Flaws Enable Local Privilege Escalation to Root

Executive Summary Qualys TRU has discovered confused deputy vulnerabilities in AppArmor named "CrackArmor" that allow unprivileged users to bypass kernel protections, escalate to root, and break container isolation. The flaw has existed since 2017, and affected over 12.6 million systems globally...

6.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/12/03 5:46 p.m.8 views

Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation

Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the company's November 2025 Patch Tuesday updates, according to ACROS Security's 0patch. The vulnerability in question is CVE-2025-9491 CVSS score: 7.8/7.0, which has been describ...

7.8CVSS7.5AI score0.63102EPSS
Exploits3
OSV
OSV
added 2023/05/15 10:15 a.m.1 views

CVE-2022-47937

Improper input validation in the Apache Sling Commons JSON bundle allows an attacker to trigger unexpected errors by supplying specially-crafted input. The org.apache.sling.commons.json bundle has been deprecated as of March 2017 and should not be used anymore. Consumers are encouraged to conside...

9.8CVSS5.7AI score0.02187EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2023/01/25 4:11 p.m.2 views

Over 4,500 WordPress Sites Hacked to Redirect Visitors to Sketchy Ad Pages

A massive campaign has infected over 4,500 WordPress websites as part of a long-running operation that's been believed to be active since at least 2017. According to GoDaddy-owned Sucuri, the infections involve the injection of obfuscated JavaScript hosted on a malicious domain named...

6.7AI score
Exploits0
OSV
OSV
added 2019/07/03 7:15 p.m.5 views

CVE-2019-12847

In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period...

7.2CVSS7.1AI score0.01115EPSS
Exploits0References1
Rows per page
Query Builder