Lucene search
K

2685 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/25 10:8 p.m.4 views

CVE-2026-27494

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could use the Python Code node to escape the sandbox. The sandbox did not sufficiently restrict access to certain built-in Python...

9.9CVSS5.8AI score0.00352EPSS
Exploits0References5Affected Software1
Packet Storm News
Packet Storm News
added 2026/02/20 12:0 a.m.6 views

Increase in Malware Enabled ATM Jackpotting Incidents across United States

The Federal Bureau of Investigation FBI is releasing this FLASH to disseminate indicators of compromise IOCs and technical details associated with malware enabled ATM jackpotting. Threat actors exploit physical and software vulnerabilities in ATMs and deploy malware to dispense cash without a...

5.5AI score
Exploits0
Veeam
Veeam
added 2026/02/19 12:0 a.m.30 views

Veeam Backup & Replication Platform Migration Guide (Windows to Linux)

Article Applicability This article is related to a new capability to migrate the configuration of a Windows-based Veeam Backup & Replication deployment to a Veeam Software Appliance. Due to the variability in how Veeam Backup & Replication can be used, configured, and deployed, and the complexity...

5.6AI score
Exploits0Affected Software1
Snyk
Snyk
added 2026/02/17 4:43 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the sessionKey parameter in the POST /hooks/agent endpoint. An attacker can inject messages or prompts into arbitrary sessions by...

7.1CVSS6AI score0.00284EPSS
Exploits0References2
Schneier on Security
Schneier on Security
added 2026/02/16 12:4 p.m.9 views

The Promptware Kill Chain

Attacks against modern generative artificial intelligence AI large language models LLMs pose a real threat. Yet discussions around these attacks and their potential defenses are dangerously myopic. The dominant narrative focuses on "prompt injection," a set of techniques to embed instructions int...

6.4AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/02/04 8:33 p.m.6 views

n8n's domain allowlist bypass enables credential exfiltration

Impact A vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfiltration. This only might affect user who have credentials that use wildcard domain...

6.5CVSS5.5AI score0.00275EPSS
Exploits0References3Affected Software1
HackRead
HackRead
added 2026/01/29 6:28 p.m.6 views

Common Cloud Migration Security Mistakes (and How to Avoid Them)

Common cloud migration security mistakes explained, from weak access controls to misconfigurations, plus practical steps organisations can take to avoid risk...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/28 12:0 a.m.1 views

What Are Brands Telling You about Smishing? A Cross-Industry Evaluation of Customer Guidance

Phishing attacks through text, also known as smishing, are a prevalent type of social engineering tactic in which attackers impersonate brands to deceive victims into providing personal information and/or money. While smishing awareness and cyber education are a key method by which organizations...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/22 11:30 a.m.10 views

Filling the Most Common Gaps in Google Workspace Security

Security teams at agile, fast-growing companies often have the same mandate: secure the business without slowing it down. Most teams inherit a tech stack optimized for breakneck growth, not resilience. In these environments, the security team is the helpdesk, the compliance expert, and the incide...

5.9AI score
Exploits0
Snyk
Snyk
added 2026/01/20 1:1 a.m.6 views

Integer Overflow or Wraparound

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

9.8CVSS6AI score0.00609EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/16 6:4 a.m.7 views

CVE-2026-22036

A flaw was found in Undici, an HTTP/1.1 client for Node.js. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP response with an unbounded number of links in the decompression chain. This could lead to high CPU usage and excessive memory allocation, resulting in...

7.5CVSS5.2AI score0.00433EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/01/15 5:23 p.m.329 views

Exploit for CVE-2026-23550

CYBERDUDEBIVASH Modular DS CVE-2026-23550 Detector Overvie...

10CVSS7AI score0.20631EPSS
Exploits7
Snyk
Snyk
added 2026/01/13 7:54 p.m.4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview UmbracoForms is a tool that makes creating contact forms, entry forms and questionnaires just as easy as using Word. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the dynamic SOAP client generation...

9.9CVSS7.6AI score0.00681EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 10:47 a.m.8 views

CVE-2022-31025

Discourse is an open source platform for community discussion. Prior to version 2.8.4 on the stable branch and 2.9.0beta5 on the beta and tests-passed branches, inviting users on sites that use single sign-on could bypass the mustapproveusers check and invites by staff are always approved...

5.3CVSS6.7AI score0.00891EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/08 4:24 p.m.4 views

EUVD-2026-1483

Missing Authorization vulnerability in niklaslindemann Bulk Landing Page Creator for WordPress LPagery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Landing Page Creator for WordPress LPagery: from n/a through 2.4.9...

5.4CVSS6.1AI score0.00173EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/01/06 12:0 a.m.4 views

Quantum Key Distribution without Authentication and Information Leakage

Quantum key distribution QKD is the most widely studied quantum cryptographic model that exploits quantum effects to achieve information-theoretically secure key establishment. Conventional QKD contains public classical post-processing steps that require authentication to prevent impersonation an...

6.8AI score
Exploits0
EUVD
EUVD
added 2026/01/05 7:52 a.m.6 views

EUVD-2026-0820

Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting XSS if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be used by multiple components. The fixed version...

4.8CVSS5.8AI score0.00327EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/01 10:45 a.m.6 views

CVE-2025-15276

A flaw was found in FontForge. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted SFD file. This issue arises from improper validation of user-supplied data during SFD file parsing, leading to deserialization of untrusted data. Successful exploitatio...

7.8CVSS7.5AI score0.00329EPSS
Exploits1References4
NVD
NVD
added 2025/12/30 8:16 p.m.10 views

CVE-2025-69257

theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.1.1, the application loads custom Python rules and configuration files from user-writable locations e.g., /.config/theshit/ without validating ownership or permissions when...

6.7CVSS0.0012EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/12/30 3:14 p.m.202 views

Exploit for CVE-2025-14847

CVE-2025-14847-MongoBleed - Scanner+Detection+Exploit+Remediat...

8.7CVSS7.2AI score0.83007EPSS
Exploits39
Rows per page
Query Builder