Lucene search
K

2325 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/03 1:49 p.m.13 views

Malicious code in pwn-control (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 719b4c85917a0a8bc84e7591598b0d17098dd32c8f29b5c09eb25fe1d3e079c3 During installation, the code runs code to silently control the device via Telegram bot execute commands, exfiltrate files. --- Category: MALICIOUS - The...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/03 12:30 p.m.11 views

Malicious code in system-update-tool (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4902f753d49279adae969f368b995d1ec8990f506dfb70d9c8891098f657ae9b If run as a module, the code runs code to silently control the device via Telegram bot execute commands, exfiltrate files. --- Category: MALICIOUS - The campai...

6AI score
Exploits0References1
OSV
OSV
added 2026/05/03 12:30 p.m.9 views

MAL-2026-3245 Malicious code in system-update-tool (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4902f753d49279adae969f368b995d1ec8990f506dfb70d9c8891098f657ae9b If run as a module, the code runs code to silently control the device via Telegram bot execute commands, exfiltrate files. --- Category: MALICIOUS - The campai...

6AI score
Exploits0References1
Amazon
Amazon
added 2026/04/30 12:0 a.m.9 views

Important: ngtcp2

Issue Overview: ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently...

7.5CVSS5.8AI score0.00776EPSS
Exploits1
Amazon
Amazon
added 2026/04/30 12:0 a.m.6 views

Low: nodejs20

Issue Overview: A flaw was found in zlib. An attacker providing specially crafted input to the crc32combine64 or crc32combinegen64 functions could trigger an infinite loop within the x2nmodp function. This leads to excessive CPU consumption, which can result in a Denial of Service DoS for the...

5.5CVSS5.3AI score0.00204EPSS
Exploits1
Amazon
Amazon
added 2026/04/30 12:0 a.m.8 views

Low: librsvg2

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

6.8CVSS5.2AI score0.00291EPSS
Exploits0
Amazon
Amazon
added 2026/04/30 12:0 a.m.52 views

Important: glibc

Issue Overview: The iconv function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by removing...

7.5CVSS5.2AI score0.00357EPSS
Exploits1
Amazon
Amazon
added 2026/04/30 12:0 a.m.11 views

Important: glibc

Issue Overview: The iconv function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by removing...

7.5CVSS5.2AI score0.00357EPSS
Exploits1
Snyk
Snyk
added 2026/04/25 4:18 p.m.3 views

Server-side Request Forgery (SSRF)

Overview pagekit/pagekit is a modular and lightweight CMS built with Symfony components and Vue.js. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the url argument in the /index.php/admin/system/update/download process. An attacker can access internal...

5.8CVSS5.8AI score0.00273EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/25 3:15 p.m.7 views

EUVD-2026-25659

A vulnerability was identified in pagekit up to 1.0.18. Affected by this issue is some unknown functionality of the file /index.php/admin/system/update/download. The manipulation of the argument url leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit i...

5.8CVSS4.9AI score0.00273EPSS
Exploits0References4
CVE
CVE
added 2026/04/22 6:22 p.m.50 views

CVE-2026-28950

CVE-2026-28950 describes a logging issue in Apple’s Notification Services where copies of notifications marked for deletion could be retained in the device’s storage. The vulnerability is addressed by patches in iOS 18.7.8 and iPadOS 18.7.8, and iOS 26.4.2 and iPadOS 26.4.2. Affected products inc...

6.2CVSS6AI score0.0288EPSS
Exploits0References10Affected Software2
Fedora
Fedora
added 2026/04/22 11:42 a.m.8 views

[SECURITY] Fedora 42 Update: cups-2.4.17-1.fc42

CUPS printing system provides a portable printing layer for UNIX=C2=AE operating systems. It has been developed by Apple Inc. to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces...

7.8CVSS5.5AI score0.00502EPSS
Exploits7
OSV
OSV
added 2026/04/17 1:0 p.m.6 views

OESA-2026-1932 cups security update

CUPS is the standards-based, open source printing system developed by Apple Inc. for UNIX®-like operating systems. CUPS uses the Internet Printing Protocol IPP to support printing to local and network printers. Security Fixes: OpenPrinting CUPS is an open source printing system for Linux and othe...

7.8CVSS6.6AI score0.00502EPSS
Exploits7References8
Ubuntu
Ubuntu
added 2026/04/17 8:30 a.m.9 views

USN-8177-2: Linux kernel (Real-time) vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

7.8CVSS5.8AI score0.00191EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.10 views

Important: python3.13

Issue Overview: The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open. CVE-2026-4519 Affected Packages:...

7CVSS5.8AI score0.00308EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.7 views

Important: freerdp

Issue Overview: DoS via WINPRASSERT in rtsreadauthverifiernochecks NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4v4p-9v5x-hc93 CVE-2026-33952 DoS via WINPRASSERT in IMA ADPCM audio decoder dsp.c:331 NOTE:...

8.1CVSS5.8AI score0.00426EPSS
Exploits2
Amazon
Amazon
added 2026/04/13 12:0 a.m.8 views

Important: python3.12

Issue Overview: The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open. CVE-2026-4519 Affected Packages:...

7CVSS5.8AI score0.00308EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.11 views

Important: dovecot

Issue Overview: Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential will lead into full access to the affected component. Limit access to the doveadm ht...

7.5CVSS5.9AI score0.0079EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.5 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : cosign (SUSE-SU-2026:1098-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1098-1 advisory. This update for cosign rebuilds it against the current go 1.25 security release. Tenable has extracted th...

6AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.9 views

CVE-2026-28856

The issue was addressed with improved authentication. This issue is fixed in iOS 26.4 and iPadOS 26.4, visionOS 26.4, watchOS 26.4. An attacker with physical access to a locked device may be able to view sensitive user information...

4.6CVSS5.8AI score0.00277EPSS
Exploits0References1
Rows per page
Query Builder