Lucene search
K

6888 matches found

HackRead
HackRead
added 2026/05/04 9:48 a.m.11 views

7 Key Features That Make Secure Browsers Safer

Secure Browsers boost safety with tracking blocks, fingerprint protection, session control, and real-time threat defense against modern web attacks...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.16 views

PT-2026-37197

Name of the Vulnerable Software and Affected Versions Pillow versions prior to 12.2.0 Description An integer overflow can occur when the library tracks the current position if a font advances for each glyph by an excessively large amount. Recommendations Update to version 12.2.0...

8.7CVSS5.9AI score0.00671EPSS
Exploits3References55
OSV
OSV
added 2026/05/02 1:2 a.m.7 views

CLSA-2026-1777541147 squid34: Fix of 12 CVEs

CVE-2019-12525: fix heap buffer over-read in Digest auth parameter parsing - CVE-2018-1000027: fix NULL pointer dereference in X-Forwarded-For logging for internal transactions - CVE-2018-19131: escape certificate field injection via %D in ERRSECURECONNECTFAIL page - CVE-2018-19132: fix memory...

9.8CVSS6.7AI score0.74477EPSS
Exploits2References1
NVD
NVD
added 2026/05/01 3:16 p.m.7 views

CVE-2026-43029

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix soft lockup in mptcprecvmsg syzbot reported a soft lockup in mptcprecvmsg 0. When receiving data with MSGPEEK | MSGWAITALL flags, the skb is not removed from the skreceivequeue. This causes skwaitdata to always find...

7.5CVSS0.00329EPSS
Exploits0References3
NVD
NVD
added 2026/05/01 3:16 p.m.7 views

CVE-2026-43027

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackhelper: pass helper to expect cleanup nfconntrackhelperunregister calls nfctexpectiteratedestroy to remove expectations belonging to the helper being unregistered. However, it passes NULL instead of the help...

7.8CVSS0.00126EPSS
Exploits0References8
CVE
CVE
added 2026/05/01 2:15 p.m.25 views

CVE-2026-43029

The CVE-2026-43029 issue affects the Linux kernel MPTCP implementation. When data is received with MSG_PEEK and MSG_WAITALL, skb’s are not removed from the sk_receive_queue, causing sk_wait_data() to incorrectly report data available and potentially trigger a soft lockup. The root cause is the mi...

7.5CVSS5.8AI score0.00329EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/01 2:15 p.m.5 views

CVE-2026-43029

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix soft lockup in mptcprecvmsg syzbot reported a soft lockup in mptcprecvmsg 0. When receiving data with MSGPEEK | MSGWAITALL flags, the skb is not removed from the skreceivequeue. This causes skwaitdata to always find...

7.5CVSS5.7AI score0.00329EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2026/05/01 2:15 p.m.4 views

CVE-2026-43009

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix incorrect pruning due to atomic fetch precision tracking When backtrackinsn encounters a BPFSTX instruction with BPFATOMIC and BPFFETCH, the src register or r0 for BPFCMPXCHG also acts as a destination, thus receiving th...

7.8CVSS5.7AI score0.00134EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/01 2:15 p.m.30 views

CVE-2026-43009 bpf: Fix incorrect pruning due to atomic fetch precision tracking

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix incorrect pruning due to atomic fetch precision tracking When backtrackinsn encounters a BPFSTX instruction with BPFATOMIC and BPFFETCH, the src register or r0 for BPFCMPXCHG also acts as a destination, thus receiving th...

7.8CVSS0.00134EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/04/30 12:0 a.m.140 views

📄 DeskTime Time Tracking App 1.3.671 Missing Certificate / Remote Code Execution

DeskTime Time Tracking App version 1.3.671 has an issue where due to missing TLS certificate validation, attackers, who can inject themselves into the network path between the client and the DeskTime update servers, can return a malicious executable in response to an update request and achieve...

4.8CVSS6.1AI score0.00179EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.7 views

RHEL 8 : webkit2gtk3 (RHSA-2026:11814)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:11814 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously...

8.8CVSS7.9AI score0.00961EPSS
Exploits2References38
RedhatCVE
RedhatCVE
added 2026/04/29 8:48 p.m.4 views

CVE-2025-10539

Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime update servers can return a malicious executable in response to an update request. This allows the...

4.8CVSS6.3AI score0.00179EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2026/04/29 4:17 p.m.7 views

webkitgtk: A website may be able to track users through Safari web extensions

A flaw was found in WebKitGTK. A malicious website can track users through web extensions due to improper state management...

5.3CVSS7.5AI score0.00222EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/29 4:17 p.m.7 views

Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

8.8CVSS7.1AI score0.00961EPSS
Exploits2References19
OSV
OSV
added 2026/04/29 1:50 p.m.7 views

USN-8223-1 roundcube vulnerabilities

It was discovered that Roundcube Webmail mishandled Punycode xn-- domain names. An attacker could possibly use this issue to cause a homograph attack. CVE-2019-15237 It was discovered that Roundcube Webmail did not properly sanitize certain attributes when handling CSS within HTML messages and...

9.3CVSS7AI score0.5281EPSS
Exploits6References8
Packet Storm News
Packet Storm News
added 2026/04/29 12:0 a.m.8 views

Taking a Bite out of the Forbidden Fruit: Characterizing Third-Party Iranian IOS App Stores

Due to U.S. sanctions and strict internet censorship, Iranian iOS users are barred from accessing the Apple App Store and developer services. In response, despite violating Apple's developer terms, a thriving underground ecosystem of third-party iOS app stores has emerged to serve Iranian users...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.6 views

AlmaLinux 8 : webkit2gtk3 (ALSA-2026:10702)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:10702 advisory. webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash CVE-2025-43213 webkitgtk: Processing maliciously crafted web...

8.8CVSS7.1AI score0.00961EPSS
Exploits2References20
OSV
OSV
added 2026/04/27 6:1 p.m.6 views

RLSA-2026:10702 Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash CVE-2025-43213 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari...

8.8CVSS7.1AI score0.00961EPSS
Exploits2References19
Rockylinux
Rockylinux
added 2026/04/27 6:1 p.m.8 views

webkit2gtk3 security update

An update is available for webkit2gtk3. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list WebKitGTK is the port of the portable web rendering engine WebKit to the...

8.8CVSS5.7AI score0.00961EPSS
Exploits2
Debian CVE
Debian CVE
added 2026/04/27 5:34 p.m.6 views

CVE-2026-31691

In the Linux kernel, the following vulnerability has been resolved: igb: remove napisynchronize in igbdown When an AFXDP zero-copy application terminates abruptly e.g., kill -9, the XSK buffer pool is destroyed but NAPI polling continues. igbcleanrxirqzc repeatedly returns the full budget,...

5.5CVSS5.5AI score0.00112EPSS
Exploits0
Rows per page
Query Builder