Lucene search
K

717 matches found

AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in qBittTorrent

All versions of the qBittorrent client up to 4.5.5 use default credentials when the web user interface is enabled. Administrators are not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and...

9.8CVSS6AI score0.00908EPSS
Exploits0References3
Malwarebytes
Malwarebytes
added 2026/06/09 10:50 a.m.13 views

Update Chrome: Google patches actively exploited vulnerability and 73 others

Google has issued updates for the Chrome browser, patching a number of high‑severity vulnerabilities. The update includes fixes for 74 vulnerabilities, including one that is being actively exploited in the wild. The stable channel has been updated to 149.0.7827.102/.103 for Windows/Mac, and...

8.8CVSS6.4AI score0.01654EPSS
Exploits4
EUVD
EUVD
added 2026/06/05 4:22 p.m.15 views

EUVD-2026-34858

On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN Virtual Extensible LAN, decap-groups, or a GRE Generic Routing Encapsulation tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a...

6.9CVSS5.4AI score0.00836EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/05 4:22 p.m.8 views

CVE-2026-7473 Arista EOS Unexpected Tunnel Protocol Decapsulation and Forwarding Bypass

On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN Virtual Extensible LAN, decap-groups, or a GRE Generic Routing Encapsulation tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a...

6.9CVSS5.4AI score0.00836EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2026/06/05 12:0 a.m.24 views

MalSkillBench: A Runtime-Verified Benchmark of Malicious Agent Skills

AI coding agents such as Claude Code and Gemini CLI increasingly extend themselves with third-party skills: markdown packages bundling natural-language instructions, executable scripts, and tool permissions. Because a skill is at once code and agent-facing instruction, it introduces a supply chai...

5.6AI score
Exploits0
Information Security Automation
Information Security Automation
added 2026/06/02 11:0 a.m.11 views

May Linux Patch Wednesday

May Linux Patch Wednesday. A total of 1,638 vulnerabilities 474 in the Linux kernel. For comparison, in April there were 1,035 vulnerabilities a record!. And this time it turns out to be a record again, more than one and a half times higher! The acceleration is both impressive and alarming. But w...

9.8CVSS7.8AI score0.96267EPSS
Exploits361
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2024-0744

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulnerability affects...

7.5CVSS7.2AI score0.00602EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/22 11:42 p.m.92 views

Exploit for Link Following in Microsoft

Microsoft Defender Vulnerability Scanner 🛡️ CVE-2026-41091...

7.8CVSS6AI score0.63076EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2026/05/21 12:38 a.m.11 views

CVE-2026-48172

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

10CVSS5.8AI score0.18914EPSS
Exploits1References3Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Driver Core: Class: Fixed wild pointer dereferencing in the API classdeviternext. There is a potential issue of wild pointer dereferencing related to the APIs classdeviterinit|next|exit. This issue arises from the following typic...

5.5CVSS6.4AI score0.0018EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Firefox

An unexpected message in the WebGPU IPC framework could lead to a use-after-free error and an exploitable sandbox escape. There have been reports of attacks exploiting this flaw in real-world scenarios. This vulnerability affects Firefox versions earlier than 97.0.2, Firefox ESR versions earlier...

9.6CVSS8.4AI score0.02349EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in Firefox

In some cases, JIT-compiled code might have dereferenced a wild pointer value. This could lead to a exploitable crash. This vulnerability affects Firefox versions earlier than 122...

7.5CVSS7.2AI score0.00602EPSS
Exploits0References2
Metasploit
Metasploit
added 2026/05/19 7:0 p.m.324 views

Barracuda ESG Spreadsheet::ParseExcel Arbitrary Code Execution

This module exploits CVE-2023-7102, an arbitrary code execution vulnerability in Barracuda Email Security Gateway ESG appliances. The vulnerability exists in how the Amavis scanner processes Excel attachments using the Perl Spreadsheet::ParseExcel library. The library's Utility.pm contains an...

9.8CVSS8.1AI score0.43596EPSS
Exploits2
The Hacker News
The Hacker News
added 2026/05/15 6:19 a.m.44 views

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 CVSS score: 8.1, has been described as a spoofing bug stemming from a cross-site scriptin...

8.1CVSS5.9AI score0.0564EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.11 views

PT-2026-41417

Claude Mythos Preview case studies also, read your transcripts! https://t.co/drNlAH5mLE "Mythos demonstrates its bug reproduction and exploitation capabilities on CVE-2024-051912, an in-the-wild exploited bug that has no public report nor a working PoC whatsoever in the public domain. This bug ha...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.12 views

PT-2026-39534

Critical cPanel vulnerabilities CVE-2026-41940, CVE-2026-41941, CVE-2026-41942 exploited in the wild. Update your servers immediately to protect against unauthorized access. Link: https://t.co/BvY5rEh9wr cPanel Cybersecurity Vulnerabilities Exploits Patching Servers Security Infosec Malware Threa...

9.8CVSS6AI score0.981EPSS
Exploits64References1
Rapid7 Blog
Rapid7 Blog
added 2026/05/06 1:27 p.m.9 views

Critical Buffer Overflow in Palo Alto Networks PAN-OS User-ID Authentication Portal (CVE-2026-0300)

Overview On May 6, 2026, Palo Alto Networks published a security advisory for CVE-2026-0300, a critical unauthenticated buffer overflow vulnerability affecting PAN-OS PA-Series and VM-Series firewall appliances. Prisma Access, Cloud NGFW, and Panorama appliances are not affected by this...

9.8CVSS6.8AI score0.32074EPSS
Exploits6
Wiz blog
Wiz blog
added 2026/05/06 12:33 p.m.8 views

Critical Buffer Overflow Vulnerability in PAN-OS Exploited in-the-Wild

Detect and mitigate CVE-2026-0300, a critical vulnerability in Palo Alto Networks PAN-OS User-ID Authentication Portal that allows unauthenticated attackers to achieve remote code execution RCE with root privileges...

9.8CVSS6.7AI score0.32074EPSS
Exploits6
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.24 views

PT-2026-46983

Name of the Vulnerable Software and Affected Versions Arista EOS affected versions not specified Description On platforms running Arista EOS with tunnel decapsulation configurations—such as VXLAN Virtual Extensible LAN, decap-groups, or GRE Generic Routing Encapsulation tunnel interfaces—the swit...

6.9CVSS6AI score0.00836EPSS
Exploits1References33
Information Security Automation
Information Security Automation
added 2026/04/28 6:0 p.m.14 views

April "In the Trend of VM" (#26): one Microsoft SharePoint vulnerability

April "In the Trend of VM" 26: one Microsoft SharePoint vulnerability. Presenting the traditional monthly roundup of trending vulnerabilities according to Positive Technologies. Once again, it is single-vendor, Microsoft-related, and this time it could not be more compact. While the previous Marc...

9.8CVSS5.8AI score0.2943EPSS
Exploits0
Rows per page
Query Builder