Lucene search
+L

1328 matches found

EUVD
EUVD
added 2026/07/09 12:31 a.m.10 views

EUVD-2026-42442

Malicious use of a stolen cookie might allow modifications to the contents of the IP phone’s webpage...

6CVSS5.9AI score0.00139EPSS
Exploits0References2
NVD
NVD
added 2026/07/08 10:17 p.m.7 views

CVE-2026-5923

Malicious use of a stolen cookie might allow modifications to the contents of the IP phone’s webpage...

6CVSS0.00139EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/08 9:29 p.m.7 views

CVE-2026-5923

Malicious use of a stolen cookie might allow modifications to the contents of the IP phone’s webpage...

6CVSS5.9AI score0.00139EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/08 9:29 p.m.34 views

CVE-2026-5923 Poly Voice – Potential Unauthorized Modification of WebUI using CSRF Attack

Malicious use of a stolen cookie might allow modifications to the contents of the IP phone’s webpage...

6CVSS0.00139EPSS
Exploits0References1
CVE
CVE
added 2026/07/08 9:29 p.m.15 views

CVE-2026-5923

CVE-2026-5923 affects Poly Voice IP phones’ WebUI. A stolen cookie may enable CSRF to modify the WebUI contents. Impact: integrity and availability High; confidentiality Low. Exploitation status and fixes are not detailed in the provided documents; no patch/version info is given.

6CVSS5.9AI score0.00139EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/07/04 12:47 p.m.17 views

U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case

A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiation chat and the blockchain trail the payment left. The odd part: the group that took the money calls itself Kairos ,...

5.7AI score
Exploits0
OSV
OSV
added 2026/06/26 4:48 p.m.7 views

PYSEC-2026-236 Malicious code in pyphetools (PyPI)

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08, malicious phantom releases of pyphetools were published to PyPI using stolen credentials. The package executes a bundled JavaScript payload via the Bun runtime on import that harvests and exfiltrates credentials and...

5.8AI score
Exploits0References3
EUVD
EUVD
added 2026/06/26 12:32 a.m.9 views

EUVD-2025-210341

Flowise before 3.0.10 affected versions 3.0.7 and earlier fails to invalidate existing sessions and session tokens after a user changes their password. An attacker who already holds an active session, for example via a stolen session token or a device left logged in, remains authenticated as the...

8.6CVSS5.9AI score0.00266EPSS
Exploits1References3
NVD
NVD
added 2026/06/25 10:16 p.m.9 views

CVE-2025-71335

Flowise before 3.0.10 affected versions 3.0.7 and earlier fails to invalidate existing sessions and session tokens after a user changes their password. An attacker who already holds an active session, for example via a stolen session token or a device left logged in, remains authenticated as the...

8.6CVSS0.00266EPSS
Exploits1References2
CVE
CVE
added 2026/06/25 9:41 p.m.23 views

CVE-2025-71335

Flowise prior to version 3.0.10 is affected. Versions 3.0.7 and earlier do not invalidate existing sessions or session tokens after a user changes their password, allowing an attacker with an active session (e.g., via a stolen token or an already-logged-in device) to remain authenticated post-pas...

8.6CVSS5.9AI score0.00266EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:45 p.m.7 views

CVE-2026-54040

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring any TOTP token or existing backup code verification. An attacker with a stolen session token can...

5.9CVSS6AI score0.0015EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/06/25 3:45 p.m.3 views

CVE-2026-54040 LibreChat: 2FA Backup Code Regeneration Without OTP Verification Allows 2FA Bypass

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring any TOTP token or existing backup code verification. An attacker with a stolen session token can...

5.9CVSS6.1AI score0.0015EPSS
Exploits1References3
NVD
NVD
added 2026/06/23 9:17 p.m.11 views

CVE-2026-53928

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a stolen refresh token survived a password-forgot flow and could be used to mint fresh JWTs even after the user reset their password. passwordChange and passwordReset deleted the user's refresh tokens, but passwordForg...

6.3CVSS0.00242EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/20 3:24 p.m.11 views

EUVD-2025-210289

Flowise before 3.0.8 contains a cross-site scripting XSS vulnerability caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript by sending an iframe payload e.g., in a chat box, or by having a custom agent function return an X...

6.1CVSS5.7AI score0.00222EPSS
Exploits1References2
Malwarebytes
Malwarebytes
added 2026/06/12 2:3 p.m.14 views

Stolen iPhones could soon be worth a lot less to thieves

The UK’s Metropolitan Police has reached an agreement with Apple designed to make stolen iPhones harder to resell and less attractive to thieves. The approach combines stronger technical protections with direct data sharing between Apple and law enforcement. In 2023, about 1.4 million mobile phon...

5.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2026/06/11 1:0 p.m.31 views

Criminal AI-as-a-Service in 2026: How the Underground Market Is Operationalizing Cybercrime

Introduction The underground market for criminally oriented generative AI has moved beyond the early hype surrounding 'malicious chatbots.' The gradual integration of AI as a productivity layer within cybercrime operations has become the dominant story, indicating that while the potential for ful...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/05 7:1 a.m.21 views

FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins

Security researchers and the FBI are warning that a wave of FIFA-themed fraud is already hitting World Cup 2026 fans, days before the June 11 kickoff. Recent reports describe thousands of lookalike FIFA domains, banking malware hidden inside pirate streaming apps, and at least one operation that...

5.5AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.16 views

Malicious code in github-archiver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4d8f3a21af0a31a899de9e8eabd09e30c6e05e620ab3a7d7af420c34214898b The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References7
OSV
OSV
added 2026/06/05 12:53 a.m.11 views

MAL-2026-5215 Malicious code in autotel-backends (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5791740e97cb185ebd5c0e59c386020857b44a67a8c890c3826e19c60e11c3b4 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.2AI score
Exploits0References4
OSV
OSV
added 2026/06/05 12:53 a.m.13 views

MAL-2026-5238 Malicious code in awaitly-postgres (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3015c3afc4f26f62482274726cb1ce34f803abd4b7e84a6eb7e0c802e8c8b7df The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.2AI score
Exploits0References26
Rows per page
Query Builder