Lucene search
K

302339 matches found

The Hacker News
The Hacker News
added 37 minutes ago3 views

Critical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run Commands

Two flaws in Cursor, an AI code editor, could let a single, ordinary-looking prompt break out of the editor's safety sandbox and run any command on a developer's computer. There is no click to fall for and no approval box to ignore. Cato AI Labs found the pair and named them DuneSlide. They are...

9.8CVSS0.00582EPSS
Exploits0
NVD
NVD
added 1 hour ago2 views

CVE-2026-53330

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds read in dpgeteqauxrdinterval Why & How The auxrdinterval array in struct dclttprcaps is declared with MAXREPEATERCNT - 1 7 elements, indexed 0..6. However, the offset parameter passed to...

Exploits0References3
NVD
NVD
added 1 hour ago2 views

CVE-2026-13603

The payment integration pretix-oppwa provides support for the payment providers VR Payment, Hobex, and potentially others based on Oppwa's technology. The integration of Oppwa, following their official documentation, includes a step where the user is redirected from the payment provider back to o...

10CVSS
Exploits0References1
GithubExploit
GithubExploit
added 1 hour ago4 views

Stopen

Stopen — Automated Penetration Testing Agent OODA loop + Bl...

6.2AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 1 hour ago2 views

CVE-2026-13602

We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any user in the backend and access any data: The payment integration plugins Stripe included in the core system, pretix-mollie, pretix-oppwa, pretix-bitpay, pretix-payone, pretix-secuconnect,...

9.4CVSS
Exploits0References2Affected Software1
CVE
CVE
added 1 hour ago3 views

CVE-2026-13602 Session takeover vulnerability

We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any user in the backend and access any data: The payment integration plugins Stripe included in the core system, pretix-mollie, pretix-oppwa, pretix-bitpay, pretix-payone, pretix-secuconnect,...

9.4CVSS
Exploits0References1
Cvelist
Cvelist
added 1 hour ago3 views

CVE-2026-13602 Session takeover vulnerability

We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any user in the backend and access any data: The payment integration plugins Stripe included in the core system, pretix-mollie, pretix-oppwa, pretix-bitpay, pretix-payone, pretix-secuconnect,...

9.4CVSS
Exploits0References1
CVE
CVE
added 1 hour ago3 views

CVE-2026-53330

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds read in dpgeteqauxrdinterval Why & How The auxrdinterval array in struct dclttprcaps is declared with MAXREPEATERCNT - 1 7 elements, indexed 0..6. However, the offset parameter passed to...

5.8AI score
Exploits0References3
Cvelist
Cvelist
added 1 hour ago3 views

CVE-2026-53330 drm/amd/display: Fix out-of-bounds read in dp_get_eq_aux_rd_interval()

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds read in dpgeteqauxrdinterval Why & How The auxrdinterval array in struct dclttprcaps is declared with MAXREPEATERCNT - 1 7 elements, indexed 0..6. However, the offset parameter passed to...

Exploits0References3
EUVD
EUVD
added 1 hour ago2 views

EUVD-2026-40964

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds read in dpgeteqauxrdinterval Why & How The auxrdinterval array in struct dclttprcaps is declared with MAXREPEATERCNT - 1 7 elements, indexed 0..6. However, the offset parameter passed to...

Exploits0References3
ATTACKERKB
ATTACKERKB
added 1 hour ago2 views

CVE-2026-53330

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds read in dpgeteqauxrdinterval Why & How The auxrdinterval array in struct dclttprcaps is declared with MAXREPEATERCNT - 1 7 elements, indexed 0..6. However, the offset parameter passed to...

Exploits0References4
EUVD
EUVD
added 2 hours ago1 views

EUVD-2026-40958

The payment integration pretix-oppwa provides support for the payment providers VR Payment, Hobex, and potentially others based on Oppwa's technology. The integration of Oppwa, following their official documentation, includes a step where the user is redirected from the payment provider back to o...

10CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 hours ago2 views

CVE-2026-13603

The payment integration pretix-oppwa provides support for the payment providers VR Payment, Hobex, and potentially others based on Oppwa's technology. The integration of Oppwa, following their official documentation, includes a step where the user is redirected from the payment provider back to o...

10CVSS
Exploits0References2
Cvelist
Cvelist
added 2 hours ago3 views

CVE-2026-13603 SSRF with API key leak in pretix-oppwa

The payment integration pretix-oppwa provides support for the payment providers VR Payment, Hobex, and potentially others based on Oppwa's technology. The integration of Oppwa, following their official documentation, includes a step where the user is redirected from the payment provider back to o...

10CVSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2 hours ago2 views

CVE-2026-13603 SSRF with API key leak in pretix-oppwa

The payment integration pretix-oppwa provides support for the payment providers VR Payment, Hobex, and potentially others based on Oppwa's technology. The integration of Oppwa, following their official documentation, includes a step where the user is redirected from the payment provider back to o...

10CVSS
Exploits0References1
CVE
CVE
added 2 hours ago3 views

CVE-2026-13603

The payment integration pretix-oppwa provides support for the payment providers VR Payment, Hobex, and potentially others based on Oppwa's technology. The integration of Oppwa, following their official documentation, includes a step where the user is redirected from the payment provider back to o...

10CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2 hours ago3 views

CVE-2026-53906

MCO is vulnerable to Path Disclosure and Path Traversal in file handling functionality related to data export and upload. Improper validation of the filename parameter allows writing files to arbitrary locations as well as indirect disclosure of absolute server paths through error messages. Becau...

5.1CVSS
Exploits0References2
NVD
NVD
added 3 hours ago4 views

CVE-2026-14198

@fastify/middie versions 9.1.0 through 9.3.2 decode the encoded slash %2F inside path parameter values before matching middleware paths, while Fastify's underlying router preserves the encoding during route lookup. The two layers disagree on the canonical request path, so the middleware fails to...

9.1CVSS
Exploits0References2
CVE
CVE
added 3 hours ago6 views

CVE-2026-53906

CVE-2026-53906 concerns MCO’s file handling during data export and upload. The issue stems from improper validation of the filename parameter, enabling path traversal (writing files to arbitrary locations) and potential path disclosure via error messages. The vulnerability has been confirmed in v...

5.1CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 3 hours ago2 views

EUVD-2026-40952

MCO is vulnerable to Path Disclosure and Path Traversal in file handling functionality related to data export and upload. Improper validation of the filename parameter allows writing files to arbitrary locations as well as indirect disclosure of absolute server paths through error messages. Becau...

7.1CVSS5.9AI score
Exploits0References2
Rows per page
Query Builder