Lucene search
K

303 matches found

EUVD
EUVD
added 2026/07/06 9:54 p.m.7 views

EUVD-2026-25038

cut: -s ignored in -z -d '' newline-delimiter mode...

3.3CVSS5.9AI score0.00182EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.9 views

PT-2026-55447

Name of the Vulnerable Software and Affected Versions SFTPGo versions prior to 2.7.3 Description A stored Cross-Site Scripting XSS issue exists where the inline query parameter on the browsable-share file download and authenticated user file download endpoints suppresses the Content-Disposition:...

3.7CVSS5.9AI score0.00028EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 7:21 a.m.6 views

Malicious code in subsearch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04245cd013e6aa9edb766cf14249c9dd6abd19d6beb9671c22a1a8bbbff3d511 The package's main entry index.js is the only file of substance and is wrapped in obfuscator.io string-array + RC4 obfuscation that hides every liter...

6AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/23 7:53 p.m.4 views

CVE-2026-11819

Module: plugins/modules/keyringinfo.py CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: The module retrieves a passphrase from the OS native keyring GNOME Keyring, macOS Keychain, Windows Credential Manager and places it directly into result"passphrase" with no output suppression...

5.5CVSS6.1AI score0.00122EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 5:20 a.m.12 views

Malicious code in new-ecro-1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c4e172aa83f2b8742fb014ea649490c87815573cab692ea74eb402ee23f935c Package new-ecro-1 impersonates the legitimate big.js library by shipping its source verbatim banner, license, and homepage pointing at MikeMcl/big.j...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/06/19 5:20 a.m.13 views

MAL-2026-6198 Malicious code in new-ecro-1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c4e172aa83f2b8742fb014ea649490c87815573cab692ea74eb402ee23f935c Package new-ecro-1 impersonates the legitimate big.js library by shipping its source verbatim banner, license, and homepage pointing at MikeMcl/big.j...

5.8AI score
Exploits0References4
EUVD
EUVD
added 2026/06/12 11:53 a.m.11 views

EUVD-2026-36415

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the latest release suppresses mentions when creating, unbanning, unwarning, kicking, muting, and unmuting, but stored warning reasons are still printed by /warns without mention suppression. A moderator can create a warning with...

2.1CVSS5.2AI score0.00251EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.26 views

PT-2026-48861

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the latest release suppresses mentions when creating, unbanning, unwarning, kicking, muting, and unmuting, but stored warning reasons are still printed by /warns without mention suppression. A moderator can create a warning with...

2.1CVSS5.3AI score0.00251EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

Quest Bot 安全漏洞

Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.3 contained security vulnerabilities. These vulnerabilities stemmed from reminder messages that did not suppress mentions sent to @everyone or @here, potentially...

8.8CVSS5.3AI score0.00324EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 8:39 p.m.11 views

CVE-2026-53739 Yoast Duplicate Post through 4.6 Cross-Site Request Forgery via duplicate_post_dismiss_notice

Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicatepostdismissnotice handler, which verifies no nonce or capability. Attackers can trick any authenticated user into sending a request that sets the duplicatepostshownotice site option, suppressing...

5.1CVSS5.2AI score0.00104EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.17 views

PT-2026-48553

Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicate post dismiss notice handler, which verifies no nonce or capability. Attackers can trick any authenticated user into sending a request that sets the duplicate post show notice site option,...

5.1CVSS5.2AI score0.00104EPSS
Exploits0References3
OSV
OSV
added 2026/05/21 5:44 a.m.8 views

MAL-2026-4673 Malicious code in sparkecoder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4e17b053b29d371301e49a703b1b6d2fba5631df4bf7b6926503a6b8bb82257 package.json declares a postinstall hook: "npm install -g agent-browser 2/dev/null || true; agent-browser install 2/dev/null || true". On npm install...

6AI score
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: “fou”: removed the warning in guegroreceive for unsupported protocols. The warning for guegroreceive is removed if the encapsulated type is unknown or does not have a GRO handler. Such packets can be easily constructed. The Syzbo...

7.8CVSS6.3AI score0.00245EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 3:8 p.m.7 views

CVE-2026-43485

In the Linux kernel, the following vulnerability has been resolved: nouveau/gsp: drop WARNON in ACPI probes These WARNONs seem to trigger a lot, and we don't seem to have a plan to fix them, so just drop them, as they are most likely harmless...

5.8AI score0.00112EPSS
Exploits0References4Affected Software1
Packet Storm News
Packet Storm News
added 2026/05/10 12:0 a.m.9 views

Strategic Commitments Shape Collective Cybersecurity under AI Inequality

The growing integration of AI into cybersecurity is reshaping the balance between attackers and defenders. When access to advanced AI-enabled defence tools is uneven, resource-limited defenders may be unable to adopt effective protection, creating persistent system vulnerabilities. We study the...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/08 12:0 a.m.9 views

When the Ruler Is Broken: Parsing-Induced Suppression in LLM-Based Security Log Evaluation

LLM-based SOC log classifiers are commonly evaluated using regular-expression pipelines that extract structured fields from free-form model output. We demonstrate that this practice introduces a class of silent, systematic evaluation errors, which we term parsing-induced suppression that can caus...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/05/06 11:27 a.m.30 views

CVE-2026-43138 reset: gpio: suppress bind attributes in sysfs

In the Linux kernel, the following vulnerability has been resolved: reset: gpio: suppress bind attributes in sysfs This is a special device that's created dynamically and is supposed to stay in memory forever. We also currently don't have a devlink between it and the actual reset consumer. Suppre...

0.00134EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/06 1:41 a.m.10 views

SUSE CVE-2026-42041

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500, etc., causing them to be...

6.5CVSS5.8AI score0.00611EPSS
Exploits1References3
OSV
OSV
added 2026/04/27 11:24 p.m.2 views

CVE-2026-41362 OpenClaw 2026.2.19 through 2026.3.30 - Webhook Replay Dedupe Cache Event Suppression via Shared Authentication

OpenClaw versions 2026.2.19 before 2026.3.31 contain an improper cache isolation vulnerability in the Zalo webhook replay-dedupe mechanism that is shared across authenticated webhook targets. Attackers controlling one authenticated Zalo webhook path in multi-account deployments can suppress...

2.3CVSS6AI score0.00274EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/27 11:24 p.m.6 views

CVE-2026-41362 OpenClaw 2026.2.19 through 2026.3.30 - Webhook Replay Dedupe Cache Event Suppression via Shared Authentication

OpenClaw versions 2026.2.19 before 2026.3.31 contain an improper cache isolation vulnerability in the Zalo webhook replay-dedupe mechanism that is shared across authenticated webhook targets. Attackers controlling one authenticated Zalo webhook path in multi-account deployments can suppress...

4.3CVSS5.8AI score0.00274EPSS
Exploits0References4
Rows per page
Query Builder