Lucene search
K

2685 matches found

GithubExploit
GithubExploit
added 2026/05/22 11:15 p.m.75 views

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 / Copy Fail Checker 🔒 Linux kernel vulnerabili...

7.8CVSS7.3AI score0.96267EPSS
Exploits228
Snyk
Snyk
added 2026/05/21 4:12 p.m.12 views

Malicious Package

Overview tailwindcss-theme-custom is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Fixed the bounds check for sx controls. For sx controls, the semantics of the max field are not the usual one; max represents the number of steps, rather than the maximum value. This means that our check in...

5.5CVSS6.2AI score0.00234EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevention of potential integer overflows If the tag length is greater than or equal to U32MAX – 3, the addition of “length + 4” can lead to an integer overflow. This issue can be addressed by breaking down the decoding...

5.5CVSS6.3AI score0.00225EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/19 7:50 p.m.10 views

OpenMcdf: Uncatchable infinite loop in DirectoryTree.TryGetDirectoryEntry on crafted CFB directory cycle

Summary The BST name-lookup loop in DirectoryTree.TryGetDirectoryEntry OpenMcdf/DirectoryTree.cs:35-46 walks directory entries by repeatedly calling directories.TryGetSiblingchild, siblingType, validateColor. A crafted CFB file with cyclic Left/Right sibling links among directory entries -...

5.9AI score0.00017EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/18 5:55 p.m.5 views

GHSA-JGG6-4RPR-WFH7 Broken dropper in @mistralai/mistralai, @mistralai/mistralai-azure, @mistralai/mistralai-gcp

Mistral npm @mistralai/mistralai, @mistralai/mistralai-azure, @mistralai/mistralai-gcp were compromised by a supply chain attack related to the TanStack security incident. An automated worm associated with the attack led to compromised npm package versions being published. Current investigation...

5.8AI score
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/14 11:3 a.m.84 views

poc-archive

poc-archive A structured archive of security research proof-o...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/05/13 7:28 p.m.43 views

CVE-2026-33376 Auth Proxy IPv6 whitelist bypass

When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask usually /128 to the addresses. Only auth proxy is affected; Okta, SAML, LDAP, etc are unaffected here...

7.4CVSS0.00271EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.14 views

CVE-2026-43477

In the Linux kernel, the following vulnerability has been resolved: drm/i915/vrr: Configure VRR timings after enabling TRANSDDIFUNCCTL Apparently ICL may hang with an MCE if we write TRANSVRRVMAX/FLIPLINE before enabling TRANSDDIFUNCCTL. Personally I was only able to reproduce a hang on an Dell X...

5.5CVSS0.00112EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/13 12:0 a.m.33 views

CVE-2025-27852

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a reflected cross site scripting XSS attack. This allows an attacker on the local network segment to execute arbitrary JavaScript code within the context of the WDU webpage. Full administrator level access to the device is...

0.0014EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/04 7:46 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the io.Copy process that handles binary import requests. An attacker can exhaust disk space on the host system by continuously streaming large amounts of data to the affected...

5.3CVSS5.8AI score0.00333EPSS
Exploits1References2
Wiz blog
Wiz blog
added 2026/05/04 12:0 p.m.8 views

From Foundation to Force: Your Guide to Operationalizing Wiz at Scale

Following your foundation, operationalize Wiz across development, detection and response, and program maturity so your security program never stops getting stronger...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/04 9:49 a.m.11 views

CVE-2026-6537

A flaw was found in Wireshark. A remote attacker could exploit a vulnerability in the ZigBee protocol dissector by crafting a malicious packet. This could lead to a crash of the Wireshark application, resulting in a denial of service DoS for the user. Mitigation To mitigate this issue, users can...

6.5CVSS5.8AI score0.0018EPSS
Exploits1References5
GithubExploit
GithubExploit
added 2026/04/30 3:36 p.m.84 views

Exploit for CVE-2026-31431

Copy-Fail-CVE-2026-31431 A proof-of-concept exploit reprodu...

7.8CVSS6.4AI score0.96267EPSS
Exploits228
GithubExploit
GithubExploit
added 2026/04/27 8:29 a.m.100 views

Sentinal-ai

Sentinal-ai Free, offline...

5.7AI score
Exploits0
GithubExploit
GithubExploit
added 2026/04/22 9:29 p.m.93 views

Exploit for Improper Input Validation in Microsoft

Overview Python exploit for CVE-2026-32201 - improper input va...

6.5CVSS5.7AI score0.24172EPSS
Exploits1
NVD
NVD
added 2026/04/22 1:16 a.m.12 views

CVE-2026-40344

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler PutObjectExtractHandler allows any user who knows a valid access key to write...

8.8CVSS0.00418EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/20 5:30 p.m.7 views

CVE-2026-23756 GFI HelpDesk < 4.99.9 Stored XSS via Troubleshooter Step Subject

GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the Troubleshooter module where the subject POST parameter is not sanitized in ControllerStep.InsertSubmit and EditSubmit before being rendered by ViewStep.RenderViewSteps. An authenticated staff member can inject...

5.4CVSS5.7AI score0.00141EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/16 9:28 p.m.6 views

Incorrect Authorization

Overview @clerk/shared is an Internal package utils used by the Clerk SDKs Affected versions of this package are vulnerable to Incorrect Authorization via the createPathMatcher function in @clerk/shared used by downstream createRouteMatcher. An attacker can gain unauthorized access to protected...

9.1CVSS5.5AI score0.00323EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.7 views

PT-2026-34215

Name of the Vulnerable Software and Affected Versions OAuth2 Proxy versions 7.5.0 through 7.15.1 Description A configuration-dependent authentication bypass exists when the software is deployed using skip auth routes or the legacy skip auth regex with patterns that can be widened by...

8.2CVSS5.8AI score0.00275EPSS
Exploits0References9
Rows per page
Query Builder