Lucene search
K

52493 matches found

Vulnrichment
Vulnrichment
added 2026/01/27 11:38 p.m.4 views

CVE-2026-24785 Clatter has a PSK Validity Rule Violation issue

Clatter is a nostd compatible, pure Rust implementation of the Noise protocol framework with post-quantum support. Versiosn prior to2.2.0 have a protocol compliance vulnerability. The library allowed post-quantum handshake patterns that violated the PSK validity rule Noise Protocol Framework...

9.3CVSS5.8AI score0.00122EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/27 11:38 p.m.9 views

CVE-2026-24785

Clatter is a nostd compatible, pure Rust implementation of the Noise protocol framework with post-quantum support. Versiosn prior to2.2.0 have a protocol compliance vulnerability. The library allowed post-quantum handshake patterns that violated the PSK validity rule Noise Protocol Framework...

9.3CVSS5.8AI score0.00122EPSS
Exploits0References4Affected Software1
GithubExploit
GithubExploit
added 2026/01/22 11:35 a.m.322 views

Exploit for Out-of-bounds Read in Libpng

Spring Boot Minimal Images PoC Dummy Spring Boot application...

7.8CVSS6.4AI score0.0036EPSS
Exploits6
AlpineLinux
AlpineLinux
added 2026/01/21 2:43 p.m.5 views

CVE-2025-13878

Malformed BRID/HHIT records can cause named to terminate unexpectedly. This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1...

7.5CVSS5.4AI score0.08219EPSS
Exploits0
OSV
OSV
added 2026/01/17 10:15 p.m.5 views

MAL-2026-324 Malicious code in typedoc-plugin-fuel-variants (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6adc38777e8d247da805a1d508c3d27067be2a85dc25149b0d18453a67dcc18a The package typedoc-plugin-fuel-variants was found to contain malicious code. Source: ossf-package-analysis...

5.5AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/17 10:15 p.m.8 views

Malicious code in typedoc-plugin-fuel-variants (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6adc38777e8d247da805a1d508c3d27067be2a85dc25149b0d18453a67dcc18a The package typedoc-plugin-fuel-variants was found to contain malicious code. Source: ossf-package-analysis...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.7 views

MiracleLinux 4 : kernel-2.6.32-696.18.7.el6 (AXSA:2018-2508:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-2508:01 advisory. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly use...

5.6CVSS7.4AI score0.93838EPSS
Exploits13References4
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.6 views

MiracleLinux 4 : dbus-1.2.24-4.AXS4 (AXSA:2011-116:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-116:01 advisory. D-BUS is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messagin...

2.1CVSS5.5AI score0.0058EPSS
Exploits1References2
NVD
NVD
added 2026/01/05 10:15 p.m.11 views

CVE-2026-0625

Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality. By directly requesting this endpoint, an attacker can modify the device’s DN...

9.3CVSS0.00964EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2025/12/23 11:35 a.m.9 views

INTERPOL Arrests 574 in Africa; Ukrainian Ransomware Affiliate Pleads Guilty

A law enforcement operation coordinated by INTERPOL has led to the recovery of $3 million and the arrest of 574 suspects by authorities from 19 countries, amidst a continued crackdown on cybercrime networks in Africa. The coordinated effort, named Operation Sentinel, took place between October 27...

6.5AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/22 12:0 a.m.212 views

📄 HPE OneView Unauthenticated Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability against Hewlett Packard Enterprise HPE OneView. All versions below 11.00 are vulnerable so long as the vendor supplied hotfix has not been applied, however some VM product versions do not enable the vulnerable...

10CVSS8.4AI score0.89733EPSS
Exploits8
NVD
NVD
added 2025/12/17 7:15 a.m.8 views

CVE-2025-13750

The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /webp-converter/v1/regenerate-attachment REST endpoint in all versions up to, and including, 6.3.2. This makes it possib...

4.3CVSS0.00234EPSS
Exploits0References2
CVE
CVE
added 2025/12/17 6:36 a.m.14 views

CVE-2025-13750

Technical details for CVE-2025-13750 are not publicly available in the provided documents. Monitor for updates from official advisories to confirm affected versions, impact, and remediation.

4.3CVSS4.9AI score0.00234EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.6 views

WordPress plugin Converter for Media 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

4.3CVSS6.5AI score0.00234EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.6 views

PT-2025-51816

The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /webp-converter/v1/regenerate-attachment REST endpoint in all versions up to, and including, 6.3.2. This makes it possib...

4.3CVSS5.3AI score0.00234EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/12 5:2 a.m.6 views

EUVD-2025-203021

GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. do not validate origins in WebSockets. If a user accesses a crafted page, Chat information sent to the user may be exposed...

6.9CVSS6AI score0.00132EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/12 5:1 a.m.4 views

CVE-2025-53523

Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. A logged-in user can prepare a malicious page or URL, and an arbitrary script may be executed on the web browser when...

5.4CVSS5.6AI score0.00147EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.11 views

PT-2025-50874

Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a malicious page while logged in, unintended operations may be performed...

5.1CVSS6.8AI score0.00109EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2025/12/09 6:41 a.m.167 views

Exploit for Deserialization of Untrusted Data in Facebook React

⚡ CVE-2025-55182 – Auto Exploit Toolkit Precision Engine...

10CVSS7.2AI score0.99562EPSS
Exploits374
GithubExploit
GithubExploit
added 2025/12/09 6:41 a.m.176 views

Exploit for Deserialization of Untrusted Data in Facebook React

⚡ CVE-2025-55182 – Advanced Auto Exploit Toolkit Precisi...

10CVSS7.2AI score0.99562EPSS
Exploits374
Rows per page
Query Builder