Lucene search
K

5750 matches found

GithubExploit
GithubExploit
added 2026/06/12 7:47 p.m.157 views

Exploit for CVE-2026-20230

CVE-2026-20230 Scanner A Python-based scanner and validation...

8.6CVSS5.9AI score0.41694EPSS
Exploits3
Cvelist
Cvelist
added 2026/06/12 5:33 p.m.45 views

CVE-2026-44171 MariaDB: path traversal in mbstream

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper backup can never contai...

6.3CVSS0.00135EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/12 5:33 p.m.12 views

CVE-2026-44171

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper backup can never contai...

7.8CVSS5.3AI score0.00135EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 3:16 p.m.12 views

CVE-2026-47209

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the BaseHandler.set trap in bridge.js line 1231 ignores the receiver parameter and unconditionally writes to the host target object. Per the Proxy set trap specification, when receiver !== proxy e.g., when a child object...

8.6CVSS0.00287EPSS
Exploits0References3
Rapid7 Blog
Rapid7 Blog
added 2026/06/12 1:43 p.m.13 views

Active Exploitation of Oracle PeopleSoft Zero-Day (CVE-2026-35273)

Overview On June 10, 2026, Oracle published a security alert for CVE-2026-35273, a critical vulnerability in the Updates Environment Management component of PeopleSoft Enterprise PeopleTools. Oracle released an out-of-band patch the same day as the advisory, underscoring the urgency of remediatio...

9.8CVSS6.9AI score0.9233EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/06/12 12:0 a.m.76 views

📄 HTTP/2 Multi-Server HPACK Exhaustion

This code implements a multi-target HTTP/2 resource exhaustion framework designed to stress or overwhelm server implementations through protocol-level amplification techniques. It includes server-specific payload generation for multiple platforms, automated connection orchestration, stream scalin...

5.4AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/11 5:43 p.m.77 views

Systems-and-Cyber-Security-Coursework

CSI6SCS2526 — Systems and Cyber Security Coursework Gr...

9.8CVSS8.7AI score0.9923EPSS
Exploits58
Vulnrichment
Vulnrichment
added 2026/06/11 3:39 p.m.10 views

CVE-2026-44486 Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’ Node.js HTTP adapter can leak proxy credentials to a redirect target in affected versions. When a request is sent through an authenticated proxy, Axios may add a Proxy-Authorization header. If Axi...

7.5CVSS5.4AI score0.00552EPSS
Exploits1References1
Rapid7 Blog
Rapid7 Blog
added 2026/06/11 1:0 p.m.31 views

Criminal AI-as-a-Service in 2026: How the Underground Market Is Operationalizing Cybercrime

Introduction The underground market for criminally oriented generative AI has moved beyond the early hype surrounding 'malicious chatbots.' The gradual integration of AI as a productivity layer within cybercrime operations has become the dominant story, indicating that while the potential for ful...

6.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/11 11:46 a.m.7 views

kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()

A use-after-free flaw was found in the Linux kernel's iSCSI target subsystem. In the iscsitdecconnusagecount function, complete is called while still holding the conn-connusagelock spinlock. The waiting thread such as iscsitcloseconnection may wake up immediately and free the iscsitconn structure...

7.8CVSS5.4AI score0.00117EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/11 11:39 a.m.15 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.8CVSS5.5AI score0.00563EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2026/06/11 11:39 a.m.12 views

kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()

A use-after-free flaw was found in the Linux kernel's iSCSI target subsystem. In the iscsitdecconnusagecount function, complete is called while still holding the conn-connusagelock spinlock. The waiting thread such as iscsitcloseconnection may wake up immediately and free the iscsitconn structure...

7.8CVSS5.4AI score0.00117EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 3:15 a.m.12 views

Malicious code in @403name/electron-buidler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ed72e6dbbdb78cd8fc99bfafc15900f16543690460ae2cfad826aeee20c05a4 On require, index.js executes an immediately-invoked function that platform-gates to macOS, skips CI environments, drops a one-shot marker file in...

6.3AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 3:14 a.m.12 views

Malicious code in @403name/ether-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 927758f43d6eaa6514273bd8ab8f3559624055b9bbf8c9ef9a190b645c0a6eef On require'@403name/ether-js', index.js runs an IIFE that targets macOS only returns early on non-darwin and when CI/GITHUBACTIONS env vars are set,...

6.3AI score
Exploits0References2
OSV
OSV
added 2026/06/11 1:46 a.m.11 views

MAL-2026-5545 Malicious code in acme-widget-layout-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff800752007d4e55ddc8172e04c8d75ac04d61b499cc58d97f016cd34d70d6c4 On import, src/acmewidgetlayoututils/init.py executes a textbook reverse-shell pattern: it opens a TCP socket, duplicates the socket file descriptor...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 1:46 a.m.10 views

Malicious code in acme-widget-layout-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff800752007d4e55ddc8172e04c8d75ac04d61b499cc58d97f016cd34d70d6c4 On import, src/acmewidgetlayoututils/init.py executes a textbook reverse-shell pattern: it opens a TCP socket, duplicates the socket file descriptor...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/06/11 12:0 a.m.12 views

ALSA-2026:25217 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: scsi: target: iscsi: Fix use-after-free in iscsitdecconnusagecount CVE-2026-23216 kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service CVE-2026-31419 kernel:...

9.8CVSS5.5AI score0.00563EPSS
Exploits0References24
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.20 views

Keras 路径遍历漏洞

Keras is an open-source deep learning framework developed by Keras. Versions of Keras prior to 3.14.0 contained a path traversal vulnerability. This vulnerability stemmed from a path traversal issue in the archive extraction tool. The functions filtersafetarinfos and filtersafezipinfos used to...

8.1CVSS7.8AI score0.00518EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.7 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : NNCP vulnerability (USN-8359-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has a package installed that is affected by a vulnerability as referenced in the USN-8359-1 advisory. It was discovered that NNCP did not properly sanitize file paths in packet data during file requesting and file saving operations. A remote...

6.4CVSS5.7AI score0.00243EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.20 views

PT-2026-48643

Name of the Vulnerable Software and Affected Versions GitLab EE versions 17.1 through 18.10.7 GitLab EE versions 18.11 through 18.11.4 GitLab EE versions 19.0 through 19.0.1 Description Improper input sanitization in the Analytics Dashboard allows an authenticated user with developer-role...

8.7CVSS5.6AI score0.00249EPSS
Exploits0References11
Rows per page
Query Builder