Lucene search
K

352 matches found

Vulnrichment
Vulnrichment
added 2026/05/06 10:25 a.m.6 views

CVE-2025-59852 HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability

HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information...

3.7CVSS5.8AI score0.00088EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/05/05 9:7 a.m.11 views

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCall to likely target ethnic Koreans residing in China. While prior versions of the backdoor hav...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/07 9:45 a.m.7 views

Hong Kong Police Can Force You to Reveal Your Encryption Keys

According to a new law, the Hong Kong police can demand that you reveal the encryption keys protecting your computer, phone, hard drives, etc.--even if you are just transiting the airport. In a security alert dated March 26, the U.S. Consulate General said that, on March 23, 2026, Hong Kong...

5.9AI score
Exploits0
CNVD
CNVD
added 2026/03/31 12:0 a.m.5 views

IBM Concert Encryption Problem Vulnerability (CNVD-2026-16134)

IBM Concert is IBM's collaborative application lifecycle management platform. A security vulnerability exists in IBM Concert that originates when the program transmits data in clear text. An attacker could exploit the vulnerability to intercept and obtain sensitive information via man-in-the-midd...

5.9CVSS5.8AI score0.00186EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2026/03/22 10:2 p.m.9 views

This is all it takes to stop a train (Lock and Code S07E06)

This week on the Lock and Code podcast … Forget the runaway train thrillingly shot in Buster Keaton's 1926 film "The General," and never mind the charging locomotive rescued by actors Denzel Washington and Chris Pine in the 2010 film "Unstoppable," as there's a far more frequent and far less...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/09 12:0 a.m.6 views

Lockbox -- a Zero Trust Architecture for Secure Processing of Sensitive Cloud Workloads

Enterprises increasingly rely on cloud-based applications to process highly sensitive data artifacts. Although cloud adoption improves agility and scalability, it also introduces new security challenges such as expanded attack surfaces, a wider radius of attack from credential compromise, and...

6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.15 views

PT-2026-22370

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit authentication credentials over unencrypted HTTP, allowing attackers to capture credentials. An attacker positioned to observe network traffic between a user and the device can intercept credentials and reuse them to gain...

8.2CVSS6AI score0.00193EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/02/19 12:26 a.m.9 views

SUSE CVE-2026-23225

In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Don't assume CID is CPU owned on mode switch Shinichiro reported a KASAN UAF, which is actually an out of bounds access in the MMCID management code. CPU0 CPU1 T1 runs in userspace T0: forkT4 - Switch to per CPU CID...

5.3CVSS5.7AI score0.00113EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/18 4:22 p.m.7 views

CVE-2026-23225

In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Don't assume CID is CPU owned on mode switch Shinichiro reported a KASAN UAF, which is actually an out of bounds access in the MMCID management code. CPU0 CPU1 T1 runs in userspace T0: forkT4 - Switch to per CPU CID...

7.8CVSS5.8AI score0.00113EPSS
Exploits0References2
OSV
OSV
added 2026/02/18 4:22 p.m.6 views

UBUNTU-CVE-2026-23225

In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Don't assume CID is CPU owned on mode switch Shinichiro reported a KASAN UAF, which is actually an out of bounds access in the MMCID management code. CPU0 CPU1 T1 runs in userspace T0: forkT4 - Switch to per CPU CID...

7.8CVSS5.7AI score0.00113EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/18 2:53 p.m.30 views

CVE-2026-23225 sched/mmcid: Don't assume CID is CPU owned on mode switch

In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Don't assume CID is CPU owned on mode switch Shinichiro reported a KASAN UAF, which is actually an out of bounds access in the MMCID management code. CPU0 CPU1 T1 runs in userspace T0: forkT4 - Switch to per CPU CID...

7.8CVSS0.00113EPSS
Exploits0References2
CVE
CVE
added 2026/02/18 2:53 p.m.19 views

CVE-2026-23225

CVE-2026-23225 affects the Linux kernel MMCID mode switch logic. The issue arises when the per-other CPU CID ownership state (TRANSIT) is set but the CID is not CPU-owned, causing mm_drop_cid_on_cpu() to clear ONCPU and then touch an invalid bit, yielding an out-of-bounds access. The root cause i...

7.8CVSS5.3AI score0.00113EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.7 views

Atlas K12net 安全漏洞

Atlas K12net is an educational management software developed by the Turkish company Atlas. Versions of Atlas K12net from 09022026 onward have security vulnerabilities. These vulnerabilities stem from the insertion of sensitive information into transmitted data, which may lead to manipulation of...

6.8CVSS5.7AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/04 7:27 p.m.5 views

CVE-2026-0620

When configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept connections using L2TP without IPSec protection, even when IPSec is enabled. This allows VPN sessions without encryption, exposing data in transit and compromising confidentiality...

6CVSS5.3AI score0.00247EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/03 6:5 p.m.7 views

EUVD-2026-5210

When configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept connections using L2TP without IPSec protection, even when IPSec is enabled. This allows VPN sessions without encryption, exposing data in transit and compromising confidentiality...

6CVSS5.3AI score0.00247EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/03 6:5 p.m.28 views

CVE-2026-0620 L2TP over IPSec Encryption Failure on ArcherAXE75

When configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept connections using L2TP without IPSec protection, even when IPSec is enabled. This allows VPN sessions without encryption, exposing data in transit and compromising confidentiality...

6CVSS0.00247EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.7 views

PT-2026-6013

When configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept connections using L2TP without IPSec protection, even when IPSec is enabled. This allows VPN sessions without encryption, exposing data in transit and compromising confidentiality...

6CVSS5.4AI score0.00247EPSS
Exploits0References4
NVD
NVD
added 2026/01/23 10:15 a.m.9 views

CVE-2026-22274

Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability in the Fabric Syslog. An unauthenticated attacker with remote access could potentially exploit this vulnerability to intercept and...

6.5CVSS0.0016EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/23 9:25 a.m.4 views

CVE-2026-22274

Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability in the Fabric Syslog. An unauthenticated attacker with remote access could potentially exploit this vulnerability to intercept and...

6.5CVSS5.6AI score0.0016EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/23 9:25 a.m.3 views

CVE-2026-22274

Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability in the Fabric Syslog. An unauthenticated attacker with remote access could potentially exploit this vulnerability to intercept and...

6.5CVSS5.5AI score0.0016EPSS
Exploits0References2
Rows per page
Query Builder