960122 matches found
Researcher Analyzes 3,000 Live ClickFix Payloads, Exposing API-Driven Malware Delivery
ClickFix , the trick that fools people into running malware by hand, has quietly grown a back office. New research shows the malicious commands behind its fake "prove you're human" pages are now handed out by API-driven servers that give each visitor the same malware in a different disguise. The...
CVE-2026-44040
UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. In rfb/vncauth.c:119-129, the vncRandomBytes function seeds libc rand with time0 + getpid + rand and generates a 16-byte challenge. The combined seed space is...
CVE-2026-44040
UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. In rfb/vncauth.c:119-129, the vncRandomBytes function seeds libc rand with time0 + getpid + rand and generates a 16-byte challenge. The combined seed space is...
CVE-2026-44040 UltraVNC vncauth.c uses time-seeded libc rand() to generate VNC authentication challenge bytes
UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. In rfb/vncauth.c:119-129, the vncRandomBytes function seeds libc rand with time0 + getpid + rand and generates a 16-byte challenge. The combined seed space is...
EUVD-2026-40879
UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. In rfb/vncauth.c:119-129, the vncRandomBytes function seeds libc rand with time0 + getpid + rand and generates a 16-byte challenge. The combined seed space is...
CVE-2026-44040
UltraVNC
CVE-2026-52924
creationtimestamp| type| source ---|---|--- 2026-07-01 02:47:10+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0812...
Exploit for CVE-2026-46331
CVE-2026-46331 pedit COW – Linux net/sched Packet-Editor Pag...
CVE-2026-54898
creationtimestamp| type| source ---|---|--- 2026-07-01 02:15:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpkh3gmaei2p...
CVE-2026-54897
creationtimestamp| type| source ---|---|--- 2026-07-01 02:10:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpkgsi5gey2v...
CVE-2026-54502
creationtimestamp| type| source ---|---|--- 2026-07-01 02:05:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpkgjjojkq2v...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity
Incident Response Report: TeamCity Compromise CVE-2024-27198...
EUVD-2026-40825
Inappropriate implementation in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40800
Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40806
Type Confusion in Bluetooth in Google Chrome on Windows prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. Chromium security severity: Low...
EUVD-2026-40804
Insufficient validation of untrusted input in DevTools in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security...
EUVD-2026-40811
Inappropriate implementation in CredentialProvider in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: Low...
EUVD-2026-40809
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40781
Use after free in Installer in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: Low...
EUVD-2026-40774
Heap buffer overflow in WebNN in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Low...