Lucene search
K

12993 matches found

EUVD
EUVD
added 6 hours ago8 views

EUVD-2022-49110

Open Babel has out-of-bounds write in MOPAC translationVectors UNIT CELL TRANSLATION...

9.8CVSS6.7AI score0.00816EPSS
Exploits1References5
Nuclei
Nuclei
added 20 hours ago53 views

Kaseya Virtual System Administrator - Open Redirect

Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. id: CVE-2015-286...

4.3CVSS6.1AI score0.10317EPSS
Exploits2References5
EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2026-39592

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic...

8.7CVSS5.9AI score0.00232EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 12:16 a.m.8 views

CVE-2026-9220

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic...

8.7CVSS0.00232EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 11:13 p.m.16 views

CVE-2026-9220

The CVE-2026-9220 entry describes a vulnerability in Setracker2 Android Companion App (package com.tgelec.setracker) affecting versions 3.1.5 and earlier. The underlying issue is that requests between the wearable and backend are encrypted with static, hardcoded AES keys and initialization vector...

8.7CVSS5.9AI score0.00232EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 6:18 p.m.12 views

CVE-2026-50221

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...

5.4CVSS0.00146EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/06/23 5:3 p.m.8 views

Gogs's write-level collaborators can mutate admin-only repository settings via API

Summary Three API endpoints — PATCH /api/v1/repos/:owner/:repo/issue-tracker, PATCH /api/v1/repos/:owner/:repo/wiki, and POST /api/v1/repos/:owner/:repo/mirror-sync — are gated by reqRepoWriter rather than reqRepoAdmin. The equivalent operations in the web UI sit behind reqRepoAdmin, which requir...

7.1CVSS6AI score0.00478EPSS
Exploits0References5Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iavf: Freeing qvectors before queues in iavfdisablevf. The iavffreequeues function clears adapter-numactivequeues, which iavffreeqvectors relies on. Therefore, the order of these two function calls in iavfdisablevf needs to be...

5.5CVSS6AI score0.00235EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: gve: Added NULL pointer checks when freeing irqs. When freeing notification blocks, we index priv-msixvectors. If we fail to allocate priv-msixvectors see abortwithmsixvectors, this could lead to a NULL pointer dereferencing if t...

5.5CVSS6.2AI score0.00225EPSS
Exploits0References2
HackRead
HackRead
added 2026/06/11 1:20 p.m.23 views

Hackers Use Fake Claude Code Guide and AI PDFs to Spread AsyncRAT Malware

Hackers are using fake Claude Code guide and AI PDFs to spread AsyncRAT malware via Windows attack using PowerShell and Defender exclusions...

5.4AI score
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.12 views

Important: postgresql

Issue Overview: Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores...

8.8CVSS6.5AI score0.00464EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/06/06 10:1 p.m.100 views

Exploit for CVE-2019-5513

VMware Horizon /broker/xml Vulnerability Scanner !Security...

5.3CVSS5.6AI score0.01232EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 p.m.13 views

CVE-2026-11347

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...

8.5CVSS5.5AI score0.00073EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 9:47 p.m.9 views

GHSA-PR2W-4GPJ-CPQ4 Twig: Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion points

Description SandboxNodeVisitor enforces SecurityPolicy::checkMethodAllowed for implicit toString calls by wrapping selected AST nodes in CheckToStringNode. The set of wrapped nodes is incomplete, and several Twig language constructs still trigger PHP string coercion on a Stringable operand withou...

5.5AI score0.00044EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.10 views

CVE-2025-13167

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors...

5.4CVSS5.5AI score0.00254EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.10 views

CVE-2026-41957

An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.8CVSS6.4AI score0.00514EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 6:49 p.m.10 views

CVE-2024-47270

Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors...

2.7CVSS5.5AI score0.00249EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/05 10:18 a.m.8 views

CVE-2026-11347 Hardcoded Cryptographic Keys and Weak IV Generation in linqi

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...

8.5CVSS5.5AI score0.00073EPSS
Exploits0References1
CVE
CVE
added 2026/06/05 10:18 a.m.21 views

CVE-2026-11347

The CVE-2026-11347 entry describes vulnerabilities in the linqi application: hardcoded cryptographic keys and a weak IV-generation mechanism for AES/CBC using a limited ASCII charset. This combination enables known-plaintext attacks and allows an attacker with local access to decrypt obfuscated s...

8.5CVSS5.5AI score0.00073EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.6 views

Linqi 安全漏洞

Linqi is an English speaking practice platform developed by the German company Linqi. It combines human language interaction with AI-based feedback. Linqi has a security vulnerability, which stems from hard-coded encryption keys and weak algorithms for generating initialization vectors. This allo...

8.5CVSS5.3AI score0.00073EPSS
Exploits0References1
Rows per page
Query Builder