Lucene search
+L

434 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in etcd

A DNS rebinding vulnerability has been discovered in etcd 3.3.1 and earlier versions. An attacker can manipulate their DNS records to direct requests to localhost, thereby tricking the browser into sending requests to localhost or any other address...

5.5CVSS6.3AI score0.00512EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/12 7:48 a.m.7 views

CVE-2026-7437 AzonPost <= 1.3 - Reflected Cross-Site Scripting

The AzonPost plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the editposhidden parameter in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS6AI score0.00204EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/11 6:31 p.m.12 views

EUVD-2026-29149

OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver that loads setup-api.js from process.cwd during provider setup metadata resolution. Attackers can execute arbitrary JavaScript under the current user account by placing a malicious...

8.4CVSS6.4AI score0.00144EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/04 4:29 p.m.17 views

VM2 Sandbox Breakout Through __lookupGetter__

Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details The lookupGetter method allows to read the getter of an object. It is special in VM2 since it will switch...

9.8CVSS6.2AI score0.00917EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/21 6:43 a.m.5 views

CVE-2026-6711 Website LLMs.txt <= 8.2.6 - Reflected Cross-Site Scripting

The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.6. This is due to the use of filterinput without a sanitization filter and insufficient output escaping. This makes it possible for...

6.1CVSS5.9AI score0.00215EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 11:15 a.m.9 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the authentication process. An attacker can modify a user's authentication method by tricking the user into visiting a malicious page. Remediation Upgrade...

8.1CVSS5.8AI score0.00129EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/20 7:11 a.m.12 views

CVE-2026-33056

tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpackdir function uses fs::metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball...

5.1CVSS5.9AI score0.00379EPSS
Exploits1References3Affected Software1
Malwarebytes
Malwarebytes
added 2026/03/18 5:16 p.m.12 views

Researchers found font-rendering trick to hide malicious commands

Researchers have published a proof-of-concept PoC that uses custom fonts to fool many popular Artificial Intelligence AI assistants, including ChatGPT, Claude, Copilot, Gemini, Leo, Grok, Perplexity, Sigma, Dia, Fellou, and Genspark. Imagine a book where the visible text is harmless, but hidden...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/03/11 7:36 a.m.33 views

CVE-2026-3903 Modular Connector <= 2.5.1 - Cross-Site Request Forgery via postConfirmOauth

The Modular DS: Monitor, update, and backup multiple websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1. This is due to missing nonce validation on the postConfirmOauth function. This makes it possible for unauthenticated attacker...

4.3CVSS0.00104EPSS
Exploits0References2
HackRead
HackRead
added 2026/03/09 5:31 p.m.16 views

Fake CleanMyMac Site Uses ClickFix Trick to Install SHub Stealer on macOS

Researchers warn of a fake CleanMyMac site using a ClickFix attack to install SHub Stealer on macOS and steal passwords and crypto wallets...

5.6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.15 views

PT-2026-23608

Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.10 Description The node-tar package contains a flaw where it can be tricked into creating a hardlink that points outside the extraction directory. This is achieved by using a drive-relative link target, such as...

8.8CVSS5.9AI score0.00408EPSS
Exploits2References214
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.18 views

PT-2026-22083

Name of the Vulnerable Software and Affected Versions Drupal Theme Negotiation by Rules versions prior to 1.2.1 Description A Cross-Site Request Forgery CSRF issue exists in the Theme Negotiation by Rules module. The module allows site builders to create “theme rule” config entities to render pag...

4.3CVSS5.8AI score0.00098EPSS
Exploits0References5
Trend Micro Simply Security
Trend Micro Simply Security
added 2026/02/23 12:0 a.m.8 views

Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer

Malicious OpenClaw skills trick AI agents and users into installing a new AMOS variant that steals extensive data at scale...

5.5AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/02/18 5:45 p.m.14 views

Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER

Summary This is a scanning bypass to scanpytorch function in picklescan. As we can see in the implementation of getmagicnumber that uses pickletools.genopsdata to get the magicnumber with the condition opcode.name includes INT or LONG, but the PyTorch's implemtation simply uses picklemodule.load ...

7.1CVSS5.6AI score0.00434EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/02/18 5:45 p.m.5 views

GHSA-97F8-7CMV-76J2 Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER

Summary This is a scanning bypass to scanpytorch function in picklescan. As we can see in the implementation of getmagicnumber that uses pickletools.genopsdata to get the magicnumber with the condition opcode.name includes INT or LONG, but the PyTorch's implemtation simply uses picklemodule.load ...

7.1CVSS5.6AI score0.00434EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.19 views

PT-2026-50469

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 1.0.3 Description A scanning bypass exists in the scan pytorch function. The issue arises from a difference in how magic numbers are handled compared to PyTorch's implementation. While the software uses...

7.1CVSS6.5AI score0.00434EPSS
Exploits0References15
HackRead
HackRead
added 2026/02/10 3:47 p.m.7 views

New Cybercrime Group 0APT Accused of Faking Hundreds of Breach Claims

Researchers reveal the new 0APT cyber group is fabricating attacks on large organisations. Learn how they use fake data to trick companies into paying...

5.5AI score
Exploits0
NVD
NVD
added 2026/02/03 10:16 p.m.14 views

CVE-2026-25223

Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character \t followed by arbitrary content ...

7.5CVSS0.0077EPSS
Exploits0References12
EUVD
EUVD
added 2026/01/28 11:23 a.m.10 views

EUVD-2026-4922

The imwptip plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged...

4.3CVSS5.8AI score0.00124EPSS
Exploits0References3
NVD
NVD
added 2026/01/24 9:15 a.m.18 views

CVE-2026-1208

The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to update plugin setting...

4.3CVSS0.0016EPSS
Exploits1References4
Rows per page
Query Builder