Lucene search
K

5376 matches found

OSV
OSV
added 2026/06/15 5:30 p.m.10 views

MAL-2026-5800 Malicious code in boardstep (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d23139a90bc62310843522a9f8c266cf11ec4166f7a493072bf93b7d8ec05b0c The package wires all three npm lifecycle hooks preinstall, install, postinstall in package.json to run install.js, which downloads...

5.4AI score
Exploits0References9
Talos
Talos
added 2026/06/15 12:0 a.m.7 views

GeoVision GV-IP Device Utility Device Authentication insufficient encryption vulnerability

Summary A insufficient encryption vulnerability exists in the Device Authentication functionality of GV-IP Device Utility versions: 9.0.5. A specially crafted network sniffing can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. Confirmed...

9.3CVSS5.6AI score0.00214EPSS
Exploits0
OSV
OSV
added 2026/06/13 7:19 a.m.23 views

MAL-2026-5739 Malicious code in sheratan_haha (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b473b40e0c041d34e85161ed8c91e0e00d006a0822698a0d3994876cb685ddd On npm install, the package's declared postinstall hook node postinstall.js runs whoami on the installer's machine and POSTs the output to a hardcode...

5.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/13 7:19 a.m.16 views

Malicious code in sheratan_haha (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b473b40e0c041d34e85161ed8c91e0e00d006a0822698a0d3994876cb685ddd On npm install, the package's declared postinstall hook node postinstall.js runs whoami on the installer's machine and POSTs the output to a hardcode...

5.4AI score
Exploits0References2
OSV
OSV
added 2026/06/13 6:51 a.m.11 views

MAL-2026-5731 Malicious code in houzidawang807 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7568d90e7a8d940b5618fa36bccfc2b7fa02ceaa814f0a416d2cc989c685e489 Package advertises itself as 'a simple date formatting utility' but ships an SSH-key-stealing C2 client. postinstall.js enumerates /.ssh for .pub...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/06/13 6:51 a.m.11 views

MAL-2026-5732 Malicious code in houzidawang808 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71d6b96fe99e7f8503cb07df05d6b621dc8e8243fc7288844678d8aff043a654 The package presents itself as a 'simple date formatting utility' index.js exports a trivial formatDate wrapper around toLocaleDateString, but ships ...

5.3AI score
Exploits0References1
OSV
OSV
added 2026/06/13 4:37 a.m.12 views

MAL-2026-5729 Malicious code in houzidawang806 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2dbf603db6d0a3434c6c417dd460f26d08b9e230c03926f05987bb3841d3c72b Package self-describes as 'A simple date formatting utility' but ships two distinct attacker primitives. 1 postinstall.js enumerates /.ssh/ for .pub...

5.5AI score
Exploits0References23
RedHat Linux
RedHat Linux
added 2026/06/11 1:41 a.m.9 views

Important: Red Hat Security Advisory: rsync security update

An update for rsync is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

7.8CVSS5.5AI score0.00393EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2026/06/11 12:0 a.m.31 views

DNGInspector Structural Analyzer for DNG/TIFF Metadata and IFD Anomaly Detection

This Python script implements a static inspection tool for Digital Negative DNG files by parsing the TIFF-based header and analyzing Image File Directory IFD entries for structural anomalies. The tool validates basic header fields, traverses IFD records, and flags suspicious metadata patterns suc...

5.3AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/10 2:30 a.m.12 views

SUSE CVE-2026-11684

Insufficient policy enforcement in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the utility process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.5AI score0.00171EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/06/10 12:0 a.m.10 views

Bridging the Smart City Cybersecurity Data Gap through AI-Driven Synthetic Dataset Generation

Smart cities rely on interconnected cyber-physical systems that integrate sensors, IoT devices, cloud platforms, and AI-driven services and decision-making. While these systems enhance city services, they also introduce complex cybersecurity challenges due to their large attack surfaces,...

5.4AI score
Exploits0
NVD
NVD
added 2026/06/09 12:16 a.m.29 views

CVE-2026-11684

Insufficient policy enforcement in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the utility process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS0.00171EPSS
Exploits0References2
OSV
OSV
added 2026/06/09 12:16 a.m.11 views

DEBIAN-CVE-2026-11684

Insufficient policy enforcement in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the utility process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.5AI score0.00171EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.11 views

CVE-2026-11684

Insufficient policy enforcement in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the utility process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.5AI score0.00171EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/08 11:27 p.m.35 views

CVE-2026-11684

CVE-2026-11684 affects Google Chrome’s Network policy enforcement. Affected component: network policy handling in Chrome before 149.0.7827.103. Root cause: insufficient policy enforcement allowed a remote attacker who had compromised the utility process to leak cross-origin data via a crafted HTM...

3.1CVSS5.5AI score0.00171EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/08 11:27 p.m.10 views

CVE-2026-11684

Insufficient policy enforcement in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the utility process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.5AI score0.00171EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/08 11:27 p.m.10 views

CVE-2026-11684

Insufficient policy enforcement in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the utility process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

5.5AI score0.00171EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 11:27 p.m.44 views

CVE-2026-11684

Insufficient policy enforcement in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the utility process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

0.00171EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.26 views

PT-2026-47510

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description Insufficient policy enforcement in the Network component allows a remote attacker who has compromised the utility process to leak cross-origin data through the use of a crafted HTML...

9.6CVSS5.9AI score0.01654EPSS
Exploits4References85
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.11 views

CVE-2026-9502

A vulnerability was identified in GNU LibreDWG up to 0.14. This affects the function decompressR2004section of the file src/decode.c of the component Dwgread Utility. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available an...

5.3CVSS5.9AI score0.00154EPSS
Exploits0References1
Rows per page
Query Builder