Lucene search
K

2625 matches found

EUVD
EUVD
added yesterday10 views

EUVD-2026-36095

Fission: Cross-namespace event leakage via KubernetesWatchTrigger allows persistent tenant surveillance...

7.7CVSS5.8AI score0.00231EPSS
Exploits0References5
Wired Threat Level
Wired Threat Level
added 2026/06/11 12:0 p.m.32 views

Signal Alums Reveal ‘Encrypted Spaces,’ a System for Making Private Collaboration Apps

The new open-source project could serve as the basis for a future of apps with features as complex as Slack, Discord, or Google Docs—but with added protection against surveillance...

5.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/11 11:1 a.m.11 views

Enhanced License Plate Tracking

The surveillance company Leonardo wants more data: A surveillance company plans to add sensors to automatic license plate readers ALPRs that would mean the devices, as well as capture the license plate of passing vehicles, would also sweep up unique identifiers of mobile phones, wearables, and...

5.5AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 6:49 a.m.9 views

Malicious code in sysnu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eac9873e59ffdf79c56fd4f9366b56e0532f87dc00c4380fae18d714785b0bc8 On require / CLI invocation, sysnu performs two install-time-equivalent actions on Windows hosts. First, if python is not on PATH, index.js lines 42-...

5.6AI score
Exploits0References2
OSV
OSV
added 2026/06/11 6:49 a.m.68 views

MAL-2026-5617 Malicious code in sysnu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eac9873e59ffdf79c56fd4f9366b56e0532f87dc00c4380fae18d714785b0bc8 On require / CLI invocation, sysnu performs two install-time-equivalent actions on Windows hosts. First, if python is not on PATH, index.js lines 42-...

5.6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 3:5 a.m.10 views

Malicious code in sensivity (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ef8c17866ac1aee489e207f2a4cdb2eefbd17336edd0398b34c40ee5c69a8ef5 On require/import package main is launcher.js with no install hook, the package performs the following without consent: 1 Persistence — runs PowerShe...

5.6AI score
Exploits0References71
OSV
OSV
added 2026/06/11 3:5 a.m.11 views

MAL-2026-5558 Malicious code in sensivity (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ef8c17866ac1aee489e207f2a4cdb2eefbd17336edd0398b34c40ee5c69a8ef5 On require/import package main is launcher.js with no install hook, the package performs the following without consent: 1 Persistence — runs PowerShe...

5.6AI score
Exploits0References71
Wired Threat Level
Wired Threat Level
added 2026/06/10 8:28 p.m.12 views

Trump Risks Key Surveillance Authority Over ‘Unqualified’ Spy-Chief Pick

US lawmakers are alarmed that Bill Pulte, a housing official with no intelligence experience, is poised to take charge of one of the government's most powerful surveillance tools...

5.5AI score
Exploits0
Cvelist
Cvelist
added 2026/06/10 5:22 p.m.24 views

CVE-2026-49822 Fission: Cross-namespace event leakage via KubernetesWatchTrigger allows persistent tenant surveillance

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a low-privilege developer who could create a KubernetesWatchTrigger KWT in their own namespace was able to establish a persistent...

7.7CVSS0.00231EPSS
Exploits0References3
CVE
CVE
added 2026/06/10 5:22 p.m.16 views

CVE-2026-49822

CVE-2026-49822 affects the Fission framework (Kubernetes-native serverless) prior to version 1.24.0. A low-privilege developer who could create a KubernetesWatchTrigger (KWT) in their own namespace could establish a persistent surveillance channel into other namespaces, enabling cross-namespace e...

7.7CVSS5.4AI score0.00231EPSS
Exploits0References3
Wired Threat Level
Wired Threat Level
added 2026/06/10 10:0 a.m.22 views

Mapping Every Flock License Plate Reader Near US World Cup Stadiums

Most US World Cup stadiums are surrounded by surveillance cameras. Want to know if you’re being watched on your way to a match? These maps will help you...

5.5AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2026/06/10 10:0 a.m.22 views

Soccer Fans, You’re Being Watched

From anti-drone tech to face recognition, 2026 World Cup stadiums in the US, Canada, and Mexico are subjecting fans to an array of surveillance tech. Here’s what you need to know...

5.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.10 views

PT-2026-48504

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.24.0 Description Fission is an open-source, Kubernetes-native serverless framework used for deploying functions and applications on Kubernetes. A flaw exists where a low-privilege developer with permissions to creat...

7.7CVSS5.8AI score0.00231EPSS
Exploits0References9
Malwarebytes
Malwarebytes
added 2026/06/09 1:57 p.m.10 views

Meta’s face-recognition code raises new concerns about smart glasses

Meta’s smart glasses are once again at the center of a privacy debate due to face recognition. WIRED reports that Meta had quietly embedded unreleased face-recognition code, internally called “NameTag,” into its Meta AI companion app, which powers the company’s smart glasses. The code was not...

5.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 6:49 p.m.10 views

CVE-2024-47272

Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors...

2.7CVSS5.5AI score0.00249EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 6:49 p.m.9 views

CVE-2024-47267

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vecto...

2.7CVSS5.5AI score0.00325EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 6:49 p.m.8 views

CVE-2024-47270

Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors...

2.7CVSS5.5AI score0.00249EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 6:49 p.m.8 views

CVE-2024-47268

Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors...

4.9CVSS5.5AI score0.0034EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 6:49 p.m.9 views

CVE-2024-47271

Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors...

4.9CVSS5.5AI score0.0034EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 6:49 p.m.8 views

CVE-2024-47269

Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors...

4.9CVSS5.5AI score0.0023EPSS
Exploits0References1
Rows per page
Query Builder