Lucene search
+L

285 matches found

Virtuozzo
Virtuozzo
added 2026/07/09 12:0 a.m.9 views

Virtuozzo Infrastructure 7.4 (7.4.0-66)

This release updates managed Kubernetes to version 1.35.3 and Fedora CoreOS to version 43, introduces API credentials for external automation workflows, and provides the updater patches and tooling required to upgrade the product to version 8.0. It also includes object storage performance...

8.8CVSS7.3AI score0.00419EPSS
Exploits5
OSV
OSV
added 2026/07/07 4:59 p.m.2 views

SUSE-SU-2026:22572-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues: Update to go1.26.4 bsc1255111. Security issues fixed: - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. -...

9.8CVSS7AI score0.00939EPSS
Exploits0References53
The Hacker News
The Hacker News
added 2026/07/07 3:14 p.m.21 views

DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts

A Microsoft 365 device code phishing campaign has been observed leveraging collaboration-themed lures to take control of victim accounts between the last week of June 2026 and into early July, per findings from ZeroBEC. "The campaign did not depend on a fake Microsoft password page. It used a...

6.1AI score
Exploits0
Snyk
Snyk
added 2026/07/04 9:0 p.m.6 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.11 views

GHSA-89GR-R52H-F8RX vulnerabilities

Vulnerabilities for packages: neuvector-sigstore-interface, pulumi-language-dotnet, rootlesskit, grype, flux-notification-controller, fscrypt, argocd-image-updater, gitlab-runner, terraform-provider-azurerm, crossplane-provider-azure-storage, scorecard, rancher, trivy-operator, k9s, witness,...

5.3AI score
Exploits0
NVD
NVD
added 2026/06/22 10:16 p.m.10 views

CVE-2025-71339

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.evallength gadget in pickle reduce methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded by victims who trust Picklescan's safety validation...

8.1CVSS0.00301EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 4:16 p.m.11 views

CVE-2026-53655

node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extend...

6.9CVSS0.00107EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/22 2:55 p.m.37 views

CVE-2026-53655 node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)

node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extend...

6.9CVSS0.00107EPSS
Exploits1References1
OSV
OSV
added 2026/06/22 2:55 p.m.2 views

CVE-2026-53655 node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)

node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extend...

6.9CVSS5.9AI score0.00107EPSS
Exploits1References3
Fedora
Fedora
added 2026/06/22 12:51 a.m.7 views

[SECURITY] Fedora 44 Update: podman-5.8.3-1.fc44

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 7:9 p.m.14 views

Malicious code in opt-archetype-check (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6497b3f44c017bc9ba783cd75e17d4992f79542d8819558da92e152ee4d4471e On npm install, the package's postinstall hook executes node index.js, which collects the installer's public IP via api.ipify.org, hostname, username...

5.9AI score
Exploits0References4
OSV
OSV
added 2026/06/17 7:9 p.m.9 views

MAL-2026-6075 Malicious code in opt-archetype-check (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6497b3f44c017bc9ba783cd75e17d4992f79542d8819558da92e152ee4d4471e On npm install, the package's postinstall hook executes node index.js, which collects the installer's public IP via api.ipify.org, hostname, username...

5.9AI score
Exploits0References4
GithubExploit
GithubExploit
added 2026/06/16 10:6 a.m.78 views

binary-exploitation-labs

Binary Exploitation & Reverse Engineering Labs Hands-on labs...

5.3AI score
Exploits0
OSV
OSV
added 2026/06/15 5:23 p.m.9 views

MAL-2026-5805 Malicious code in flowcardano (npm)

flow/surf-lending DeFi cred-exfil campaign sibling c1655. Cardano-themed Sentinel-9.9.9 dependency-confusion squat. preinstall node index.js || true exfils env secrets mnemonic/private-key/token/blockfrost to raw C2 2.25.140.71:8443/surflending/npm-confusion same C2 as...

5.4AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/15 3:17 p.m.8 views

CVE-2026-9863 Core Privileged Access Manager (BoKS) upgrade tooling command injection vulnerability

Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be able to cause commands to be executed on the BoKS...

7.5CVSS5.3AI score0.00595EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 3:17 p.m.38 views

CVE-2026-9863 Core Privileged Access Manager (BoKS) upgrade tooling command injection vulnerability

Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be able to cause commands to be executed on the BoKS...

7.5CVSS0.00595EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 3:17 p.m.15 views

EUVD-2026-36731

Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be able to cause commands to be executed on the BoKS...

7.5CVSS5.4AI score0.00595EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 3:17 p.m.24 views

CVE-2026-9863

CVE-2026-9863 concerns Fortra BoKS Manager, where an OS command injection vulnerability exists in the client upgrade/patch tooling for legacy tar-based installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may cause commands to be executed on the B...

8.8CVSS5.4AI score0.00595EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.20 views

PT-2026-49246

Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be able to cause commands to be executed on the BoKS...

7.5CVSS5.4AI score0.00595EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.23 views

PT-2026-49577

Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.16 Description An interpretation differential exists in how the software parses tar archives. The issue occurs because the library applies a PAX extended header's size= record and other PAX overrides to the next...

6.9CVSS5.8AI score0.00107EPSS
Exploits1References6
Rows per page
Query Builder