Lucene search
K

16142 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 12:0 a.m.5 views

Malicious code in polymarket-trading-developer-tools (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign targeting Polymarket developers. polymarket-trading-developer-tools uses a dropper technique: a postinstall hook downloads configuration from pm-trading-dev-tools-be.vercel.app and exfiltrates data to the...

6AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-54392

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in DevTools on Windows allows a remote attacker to obtain potentially sensitive information from process memory. This occurs when a user is...

9.6CVSS6AI score0.00413EPSS
Exploits0References438
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.5 views

PT-2026-54237

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in DevTools on Windows allows a remote attacker to obtain potentially sensitive information from process memory. This occurs when a user is...

9.6CVSS6AI score0.00413EPSS
Exploits0References438
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-53282

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x86/kexec: Push kjump return address even for non-kjump kexec The version of purgatory code shipped by kexec-tools attempts to look above the top of its stack t...

6AI score0.00166EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/06/29 3:30 p.m.10 views

Apple Patches 30+ iOS, macOS, Safari Flaws, Including AI-Discovered WebKit Bugs

Apple on Monday released security updates for iOS, macOS, and the Safari web browser to address over three dozen flaws, including four vulnerabilities in WebKit that were discovered using artificial intelligence AI tools like Anthropic Claude and OpenAI Codex Security. The WebKit vulnerabilities...

8.8CVSS5.8AI score0.0036EPSS
Exploits0
CVE
CVE
added 2026/06/29 1:18 p.m.11 views

CVE-2026-56457

The CVE concerns HCL DevOps Deploy / HCL Launch with a vulnerability that allows exposure of sensitive information via output logs. The description notes that an attacker with access to the logs could potentially obtain sensitive values associated with a step. The Connected CVE lists confirm the ...

4.3CVSS5.8AI score0.0018EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-472 PraisonAI MCP `tools/call` path-traversal => RCE via Python `.pth` injection

Summary PraisonAI's MCP Model Context Protocol server praisonai mcp serve registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and praisonai.workflow.show. Each accepts a path or filename string from MCP tools/call arguments and joi...

9.6CVSS6.4AI score0.00619EPSS
Exploits1References5
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-464 PraisonAI Has Path Traversal in FileTools

Executive Summary: The path validation has a critical logic bug: it checks for .. AFTER normpath has already collapsed all .. sequences. This makes the check completely useless and allows trivial path traversal to any file on the system. The path validation function also does not resolve the...

9.2CVSS6AI score0.00416EPSS
Exploits1References6
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-486 PraisonAI has sandbox escape via exception frame traversal in `execute_code` (subprocess mode)

Summary executecode in praisonaiagents.tools.pythontools defaults to sandboxmode="sandbox", which runs user code in a subprocess wrapped with a restricted builtins dict and an AST-based blocklist. The AST blocklist embedded inside the subprocess wrapper blockedattrs, line 143 of pythontools.py...

9.9CVSS6.4AI score0.00541EPSS
Exploits0References5
Securelist
Securelist
added 2026/06/29 10:0 a.m.10 views

The Gentlemen are knocking: сustom backdoors and evolving tactics

Introduction This year saw the emergence of The Gentlemen, a prominent example of a group operating under the ransomware-as-a-service RaaS model. Although our initial assessment suggested the group first appeared in mid-2025, it actually started ramping up its activities at the beginning of 2026...

6AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/28 2:31 p.m.5 views

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: libsolv: libsolv-0.7.39-3.hum1 aarch64, x8664 libsolv-demo-0.7.39-3.hum1 aarch64, x8664 libsolv-devel-0.7.39-3.hum1 aarch64, x8664 libsolv-tools-0.7.39-3.hum1 aarch64, x8664...

6.5CVSS5.8AI score0.00399EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/28 1:9 a.m.6 views

SUSE CVE-2026-53282

In the Linux kernel, the following vulnerability has been resolved: x86/kexec: Push kjump return address even for non-kjump kexec The version of purgatory code shipped by kexec-tools attempts to look above the top of its stack to find a return address for a kjump, even in a non-kjump kexec. After...

5.8AI score0.00166EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 9:4 p.m.9 views

EUVD-2026-38058

mcp-memory-service: OAuth read-only clients can write and delete memories through MCP tools/call...

8.1CVSS5.8AI score0.00264EPSS
Exploits0References4
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.5 views

GHSA-Q4H4-GMJ2-QVW2 vulnerabilities

Vulnerabilities for packages: gatus, witness, traefik, prometheus-operator, terragrunt, crossplane-provider-family-aws, neuvector-sigstore-interface, k8sgpt, rancher-agent, crossplane-provider-aws-sns, argo-events, crossplane-provider-aws-kinesis, containerd, pulumi-language-dotnet,...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.7 views

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: kaf, snyk-cli, flux, prometheus-operator, kine, aactl, kots, minio, mattermost, fscrypt, gitea, trivy-operator, rancher-agent, skaffold, chisel, cilium, telegraf, prometheus, zarf, containerd, external-dns, cloud-provider-aws, argo-cd, vitess, kubernetes-dashboard,...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.9 views

GHSA-89GR-R52H-F8RX vulnerabilities

Vulnerabilities for packages: gatus, witness, prometheus-operator, terragrunt, neuvector-sigstore-interface, k8sgpt, rancher-agent, argo-events, containerd, pulumi-language-dotnet, kubernetes-dashboard, flux-kustomize-controller, syft, cert-manager, kubernetes, step, dagger, buildkitd, hcloud,...

5.9AI score
Exploits0
EUVD
EUVD
added 2026/06/26 7:40 p.m.8 views

EUVD-2026-39887

In the Linux kernel, the following vulnerability has been resolved: x86/kexec: Push kjump return address even for non-kjump kexec The version of purgatory code shipped by kexec-tools attempts to look above the top of its stack to find a return address for a kjump, even in a non-kjump kexec. After...

5.8AI score0.00166EPSS
Exploits0References3
CVE
CVE
added 2026/06/26 7:40 p.m.12 views

CVE-2026-53282

The CVE concerns the Linux kernel x86/kexec purgatory code used by kexec-tools. The issue arises when, in non-kjump kexec, the code looks above the top of the stack to locate a return address for kjump. A fix previously changed behavior to stop pushing an unused return address, but that change ca...

5.8AI score0.00166EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2026/06/26 6:17 p.m.7 views

New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks

A newly discovered cyber attack campaign has been observed delivering a previously undocumented malware family called SharkLoader that acts as a loader for deploying Cobalt Strike Beacon on compromised hosts. Kaspersky, which is tracking the activity under the moniker StrikeShark , said the...

6.4AI score
Exploits0
NVD
NVD
added 2026/06/26 2:16 a.m.10 views

CVE-2026-50742

A stored XSS vulnerabilities exists in the maintenance-acl-check.php and maintenance-banners-check.php tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected. Whether the XSS payload is executed when an...

5.4CVSS0.00199EPSS
Exploits0References1
Rows per page
Query Builder