Lucene search
K

1447 matches found

The Hacker News
The Hacker News
added 4 days ago15 views

U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case

A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiation chat and the blockchain trail the payment left. The odd part: the group that took the money calls itself Kairos ,...

5.7AI score
Exploits0
NVD
NVD
added 2026/06/29 2:16 p.m.10 views

CVE-2026-40523

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Audit Trail report handler that allows authenticated attackers with SAGLANALYTIC permission to execute arbitrary SQL queries by injecting malicious code into the PARAM2 and PARAM3 POST parameters. Attackers can exploit...

8.1CVSS0.00276EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/29 12:29 p.m.7 views

EUVD-2026-40081

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM0 POST parameter. Attackers can supply malicious SQL syntax through the...

7.1CVSS6AI score0.00148EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/29 12:29 p.m.6 views

CVE-2026-40523

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Audit Trail report handler that allows authenticated attackers with SAGLANALYTIC permission to execute arbitrary SQL queries by injecting malicious code into the PARAM2 and PARAM3 POST parameters. Attackers can exploit...

8.1CVSS6.1AI score0.00276EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.9 views

PT-2026-53270

Name of the Vulnerable Software and Affected Versions FrontAccounting versions prior to 2.4.20 Description An issue exists in the Audit Trail report handler that allows authenticated attackers with SA GLANALYTIC permission to execute arbitrary SQL queries. This is achieved by injecting malicious...

8.1CVSS6.1AI score0.00276EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/25 9:22 p.m.7 views

EUVD-2026-38383

MessagePack-CSharp: DynamicUnionResolver-generated deserializers miss depth enforcement...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 10:16 p.m.14 views

CVE-2026-48513

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, runtime-generated union deserializers emitted by DynamicUnionResolver do not call MessagePackSecurity.DepthStepref reader and do not decrement reader.Depth around recursive deserialization and skip paths. This means...

7.5CVSS0.00231EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:12 p.m.5 views

CVE-2026-48513

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, runtime-generated union deserializers emitted by DynamicUnionResolver do not call MessagePackSecurity.DepthStepref reader and do not decrement reader.Depth around recursive deserialization and skip paths. This means...

7.5CVSS5.9AI score0.00231EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 9:12 p.m.23 views

CVE-2026-48513 MessagePack-CSharp: DynamicUnionResolver generated deserializers miss depth enforcement

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, runtime-generated union deserializers emitted by DynamicUnionResolver do not call MessagePackSecurity.DepthStepref reader and do not decrement reader.Depth around recursive deserialization and skip paths. This means...

6.3CVSS0.00231EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 9:12 p.m.19 views

CVE-2026-48513

CVE-2026-48513 (MessagePack-CSharp) affects the MessagePack serializer for C#. The vulnerability arises in runtime-generated union deserializers created by DynamicUnionResolver, which did not call DepthStep(ref reader) or decrement reader.Depth during recursive deserialization and skip paths. As ...

7.5CVSS5.9AI score0.00231EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/22 9:12 p.m.5 views

CVE-2026-48513 MessagePack-CSharp: DynamicUnionResolver generated deserializers miss depth enforcement

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, runtime-generated union deserializers emitted by DynamicUnionResolver do not call MessagePackSecurity.DepthStepref reader and do not decrement reader.Depth around recursive deserialization and skip paths. This means...

6.3CVSS5.9AI score0.00231EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51397

Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description Runtime-generated union deserializers emitted by DynamicUnionResolver fail to call MessagePackSecurity.DepthStepref reader and do not decrement...

7.5CVSS5.9AI score0.00231EPSS
Exploits0References6
NVD
NVD
added 2026/06/19 6:16 p.m.11 views

CVE-2019-25755

Joomla Component vReview 1.9.11 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cmId parameter. Attackers can send POST requests to the editReview task endpoint with URL-encoded SQL UNION...

8.8CVSS0.00366EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 6:16 p.m.7 views

CVE-2019-25752

Joomla! Component J-BusinessDirectory 4.9.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the type parameter. Attackers can send GET requests to index.php with the...

8.8CVSS0.00366EPSS
Exploits0References4
CVE
CVE
added 2026/06/19 5:25 p.m.13 views

CVE-2019-25755

CVE-2019-25755 details: Joomla Component vReview 1.9.11 has an SQL injection in the editReview task via the cmId parameter. Unauthenticated attackers can send POST requests with URL-encoded SQL UNION payloads to extract database data (usernames, passwords, versions). Impact per sources is high (C...

8.8CVSS6.3AI score0.00366EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/19 5:15 p.m.7 views

CVE-2019-25752

Joomla! Component J-BusinessDirectory 4.9.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the type parameter. Attackers can send GET requests to index.php with the...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/19 5:15 p.m.13 views

CVE-2019-25752

CVE-2019-25752 affects the Joomla! extension J-BusinessDirectory 4.9.7 . The vulnerability is an SQL injection in the parameter screen path: attackers can inject UNION-based SQL via the type parameter when calling index.php with option=com_jbusinessdirectory&task=categories.getCategories, enablin...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 5:8 p.m.15 views

CVE-2019-25750 Joomla J-MultipleHotelReservation 6.0.7 SQL Injection

Joomla Component J-MultipleHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hotelid parameter. Attackers can send POST requests to the search-hotels endpoint with crafted S...

8.8CVSS0.00366EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 5:8 p.m.6 views

EUVD-2019-20186

Joomla Component J-MultipleHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hotelid parameter. Attackers can send POST requests to the search-hotels endpoint with crafted S...

8.8CVSS6.3AI score0.00366EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: libceph: fixed invalid accesses to cephconnectionv1info. There is a place where generic code in messenger.c reads from certain fields, and another place where it writes to members of the con-v1 union without checking that those...

7.8CVSS6.5AI score0.00144EPSS
Exploits0References2
Rows per page
Query Builder