Lucene search
K

345 matches found

OSV
OSV
added 2026/06/19 9:42 p.m.6 views

GHSA-8W8F-R2XV-4Q4J OpenBao: Transit secrets engine crashes on key creation with `derived: true` for asymmetric key types

On OpenBao 2.5.4 and 2.5.2and likely earlier versions also, an authenticated caller with write access to transit/keys/ can crash the OpenBao server by issuing a single key-creation request that combines an asymmetric type rsa-, ecdsa-, ed25519 with derived: true. The server returns no HTTP respon...

6.5CVSS6AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.11 views

PT-2026-51111

Name of the Vulnerable Software and Affected Versions OpenBao versions 2.5.2 through 2.5.4 Description An authenticated user with write access to the transit/keys/ endpoint can cause a denial-of-service by crashing the server. This occurs when a key-creation request is sent combining an asymmetri...

6.5CVSS5.9AI score
Exploits0References7
NVD
NVD
added 2026/06/14 11:16 p.m.7 views

CVE-2026-12189

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The attack can only be executed locally. The exploit has been...

5.3CVSS0.00105EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/14 10:30 p.m.22 views

CVE-2026-12189 Moovit Bus & Public Transit App com.tranzmate improper authorization in handler for custom url scheme

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The attack can only be executed locally. The exploit has been...

5.3CVSS0.00105EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/14 10:30 p.m.7 views

CVE-2026-12189 Moovit Bus & Public Transit App com.tranzmate improper authorization in handler for custom url scheme

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The attack can only be executed locally. The exploit has been...

5.3CVSS5.3AI score0.00105EPSS
Exploits0References6
CVE
CVE
added 2026/06/14 10:30 p.m.22 views

CVE-2026-12189

The CVE-2026-12189 entry concerns Moovit Bus & Public Transit App 1.18 on Android, affecting the com.tranzmate component. The flaw is described as improper authorization in the handler for a custom URL scheme, enabling a local attacker to manipulate the app. Exploitability is local with low attac...

5.3CVSS5.4AI score0.00105EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/05/18 1:44 a.m.84 views

Exploit for CVE-2026-32683

CVE-2026-32683 Overview CVE-2026-32683 is a vulnerability...

5.3CVSS5.8AI score0.00088EPSS
Exploits1
EUVD
EUVD
added 2026/05/11 12:32 p.m.12 views

EUVD-2025-209757

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to...

5.6CVSS5.8AI score0.00235EPSS
Exploits0References2
NVD
NVD
added 2026/05/11 10:16 a.m.14 views

CVE-2025-43992

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to...

5.6CVSS0.00235EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/11 9:27 a.m.7 views

CVE-2025-43992

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to...

5.6CVSS5.8AI score0.00235EPSS
Exploits0References2
CVE
CVE
added 2026/05/11 9:27 a.m.21 views

CVE-2025-43992

CVE-2025-43992 affects Dell EMC: Dell ECS versions 3.8.1.0–3.8.1.7 and Dell ObjectScale versions before 4.3.0.0. The issue is an authentication bypass via assumed-immutable data in Geo replication, allowing an unauthenticated attacker with remote access to potentially access data in transit. The ...

5.6CVSS5.8AI score0.00235EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2026/05/11 9:27 a.m.38 views

CVE-2025-43992

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to...

5.6CVSS0.00235EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/11 9:27 a.m.7 views

CVE-2025-43992

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to...

5.6CVSS5.8AI score0.00235EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/06 10:25 a.m.31 views

CVE-2025-59852 HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability

HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information...

3.7CVSS0.00088EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/06 10:25 a.m.5 views

CVE-2025-59852 HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability

HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information...

3.7CVSS5.8AI score0.00088EPSS
Exploits0References1
CVE
CVE
added 2026/05/06 10:25 a.m.20 views

CVE-2025-59852

CVE-2025-59852 affects HCL DFXAnalytics. The vulnerability is described as Insufficient Transport Layer Protection, where data is transmitted over the network without encryption, potentially compromising the confidentiality, integrity, and authentication of sensitive information. The available do...

9.1CVSS5.8AI score0.00088EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2026/05/05 9:7 a.m.11 views

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCall to likely target ethnic Koreans residing in China. While prior versions of the backdoor hav...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/07 9:45 a.m.6 views

Hong Kong Police Can Force You to Reveal Your Encryption Keys

According to a new law, the Hong Kong police can demand that you reveal the encryption keys protecting your computer, phone, hard drives, etc.--even if you are just transiting the airport. In a security alert dated March 26, the U.S. Consulate General said that, on March 23, 2026, Hong Kong...

5.9AI score
Exploits0
CNVD
CNVD
added 2026/03/31 12:0 a.m.4 views

IBM Concert Encryption Problem Vulnerability (CNVD-2026-16134)

IBM Concert is IBM's collaborative application lifecycle management platform. A security vulnerability exists in IBM Concert that originates when the program transmits data in clear text. An attacker could exploit the vulnerability to intercept and obtain sensitive information via man-in-the-midd...

5.9CVSS5.8AI score0.00186EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2026/03/22 10:2 p.m.7 views

This is all it takes to stop a train (Lock and Code S07E06)

This week on the Lock and Code podcast … Forget the runaway train thrillingly shot in Buster Keaton's 1926 film "The General," and never mind the charging locomotive rescued by actors Denzel Washington and Chris Pine in the 2010 film "Unstoppable," as there's a far more frequent and far less...

5.8AI score
Exploits0
Rows per page
Query Builder