Lucene search
K

278 matches found

GithubExploit
GithubExploit
added 2026/05/07 2:15 p.m.77 views

web-app-pentest-playbook

Web Application Pentest Playbook A structured methodology and...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/05/06 7:32 p.m.6 views

Binding to an Unrestricted IP Address

Overview Affected versions of this package are vulnerable to Binding to an Unrestricted IP Address which defaults to 0.0.0.0 when the -port argument is used or the -listen argument is used without specifying a host. An attacker can execute arbitrary code remotely by connecting to the exposed...

8.8CVSS5.9AI score0.00223EPSS
Exploits0References2
OSV
OSV
added 2026/05/04 12:0 a.m.11 views

MAL-2026-3323 Malicious code in paypal-payouts-bridge (npm)

Malicious npm package published by the microsop threat actor as part of a dependency-confusion campaign that impersonates internal tooling at Microsoft, Google Cloud, and PayPal using inflated semver values e.g. 99.9.x, 100.1.x to win npm resolution against private internal packages. All packages...

5.6AI score
Exploits0References1
Microsoft Secure
Microsoft Secure
added 2026/04/30 4:0 p.m.6 views

What’s new, updated, or recently released in Microsoft Security

New capabilities in Microsoft Agent 365; new Microsoft Defender and GitHub integration At Microsoft, security innovations are purpose-built to help every organization protect end-to-end with the speed and scale of AI. Our vision is simple: security should be ambient and autonomous, just like the ...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/04/29 12:58 p.m.122 views

h2database-rce-poc

H2 Console RCE Exploit Toolkit Vulnerability exploitation scr...

10CVSS7.2AI score0.64766EPSS
Exploits7
Fedora
Fedora
added 2026/04/25 1:55 a.m.16 views

[SECURITY] Fedora 44 Update: qt6-qtgrpc-6.10.3-1.fc44

Protocol Buffers Protobuf is a cross-platform data format used to serialize structured data. gRPC provides a remote procedure call framework based on Protobuf. Qt provides tooling and classes to use these technologies...

5.5AI score
Exploits0
Fedora
Fedora
added 2026/04/25 1:52 a.m.14 views

[SECURITY] Fedora 44 Update: rauc-1.15.2-1.fc44

RAUC is a lightweight update client that runs on your Embedded Linux device and reliably controls the procedure of updating your device with a new firmwa re revision. RAUC is also the tool on your host system that lets you create, inspect and modify update artifacts for your device. Service is no...

7.2CVSS5.2AI score0.00141EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.12 views

PT-2026-35643

Name of the Vulnerable Software and Affected Versions LiteLLM versions 1.81.16 through 1.83.6 Description An unauthenticated pre-auth SQL injection exists in the proxy API key verification process. The issue occurs because a database query mixes caller-supplied values directly into the query text...

9.8CVSS6.2AI score0.86607EPSS
Exploits7References218
Packet Storm News
Packet Storm News
added 2026/04/23 12:0 a.m.7 views

A Sociotechnical, Practitioner-Centered Approach to Technology Adoption in Cybersecurity Operations: An LLM Case

Technology for security operations centers SOCs has a storied history of slow adoption due to concerns about trust and reliability. These concerns are amplified with artificial intelligence, particularly large language models LLMs, which exhibit issues such as hallucinations and inconsistent...

5.4AI score
Exploits0
GithubExploit
GithubExploit
added 2026/04/22 4:10 a.m.182 views

Bug-Bounty-Hunting-Methodology-2026

██████╗ ██╗ ██╗ ██████╗ ██████╗ ██████╗ ██╗ ██╗███╗...

5.9AI score
Exploits0
UbuntuCve
UbuntuCve
added 2026/04/16 11:16 p.m.10 views

CVE-2026-40253

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library asn1.c accept a raw pointer but no buffer length parameter, and trust attacker-controlled BER length fields without validating them...

6.8CVSS6AI score0.0016EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/16 6:58 p.m.6 views

Security Bulletin: Go-getter may allow to arbitrary filesystem reads through git operations

Summary HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and...

7.5CVSS5.8AI score0.00583EPSS
Exploits1Affected Software1
GithubExploit
GithubExploit
added 2026/04/14 5:19 a.m.102 views

CORScanner

CORS Exploiter Automated CORS misconfiguration scanner with...

5.8AI score
Exploits0
Wolfi
Wolfi
added 2026/04/11 2:51 a.m.7 views

CVE-2026-32280 vulnerabilities

Vulnerabilities for packages: regclient, kyverno-policy-reporter-ui, ip-masq-agent, gitness, flux-image-automation-controller, chart-testing, terraform-provider-kubernetes, bank-vaults, actions-runner-controller, stakater-reloader, sftpgo-plugin-eventsearch, slsa-verifier,...

7.5CVSS7AI score0.00615EPSS
Exploits0
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.8 views

CVE-2026-32289 vulnerabilities

Vulnerabilities for packages: k9s-fips, grafana-mimir, kyverno-policy-reporter-fips, omni-fips, prometheus-podman-exporter-fips, prometheus-process-exporter-fips, jobset-fips, blob-csi-fips, crossplane-provider-aws-ecr-fips, crossplane-provider-gitlab, image-factory, kubevela-fips,...

6.1CVSS6.7AI score0.0029EPSS
Exploits0
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.9 views

GHSA-M4PR-4J3G-9V7V vulnerabilities

Vulnerabilities for packages: k9s-fips, grafana-mimir, kyverno-policy-reporter-fips, prometheus-nats-exporter, flux-source-watcher, omni-fips, minio-operator-fips, pgtimetable, prometheus-podman-exporter-fips, jobset-fips, prometheus-process-exporter-fips, blob-csi-fips,...

6.1AI score
Exploits0
Talos Blog
Talos Blog
added 2026/04/10 3:29 p.m.6 views

[Video] The TTP Ep. 22: The Collapse of the Patch Window

!\Video\ The TTP Ep. 22: The Collapse of the Patch Windowhttps://storage.ghost.io/c/af/a0/afa04ee3-414f-4481-8d23-7e7c146f192e/content/images/2026/04/YiR2025cover2x1-3.jpg One of the clearest trends in the 2025 Talos Year in Review is just how quickly vulnerabilities are now being turned into...

5.9AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/06 5:43 p.m.2 views

CVE-2026-35167 Kedro has a path traversal in versioned dataset loading via unsanitized version string

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences...

7.1CVSS5.9AI score0.00327EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/03/28 12:45 p.m.144 views

hays-london-azure-platform-2-poc

Hays London Azure Platform Engineer POC — AKS Operations & Pla...

6AI score
Exploits0
NVD
NVD
added 2026/03/27 3:16 p.m.7 views

CVE-2026-1496

Vulnerable versions of Coverity Connect lack an error handler in the authentication logic for command line tooling that makes it vulnerable to an authentication bypass. A malicious actor with access to the /token API endpoint that either knows or guesses a valid username, can use this in a...

9.3CVSS0.00478EPSS
Exploits0References4
Rows per page
Query Builder