Lucene search
K

5139 matches found

Nuclei
Nuclei
added 2 days ago136 views

Gogs <= 0.13.3 - Remote Code Execution

Gogs self-hosted Git service versions 0.13.3 and earlier contain a critical symlink bypass vulnerability that circumvents the fix for CVE-2024-55947. Authenticated users can exploit improper symbolic link handling in the PutContents API to overwrite files outside the repository by committing a...

8.8CVSS7.2AI score0.7654EPSS
Exploits19References4
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56921

Name of the Vulnerable Software and Affected Versions OpenPLC Runtime version 3 Description An authenticated arbitrary file write exists in the legacy web UI program-upload workflow. The application stores an attacker-supplied filename prog file into the Programs.File database field and uses this...

9.9CVSS6.5AI score0.00616EPSS
Exploits0References6
Krebs on Security
Krebs on Security
added 5 days ago8 views

Felons, Fraudsters Flog Offensive Cybersecurity Startup

A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platfor...

5.9AI score
Exploits0
Circl
Circl
added 2026/07/01 3:15 a.m.8 views

CVE-2026-43713

creationtimestamp| type| source ---|---|--- 2026-07-01 03:15:02+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0818 2026-07-01 16:00:59+00:00| seen| https://www.thezdi.com/blog/2026/6/30/the-june-2026-apple-security-update-review 2026-07-02 01:00:43+00:00| seen|...

6.5CVSS5.9AI score0.00312EPSS
Exploits0References3
Circl
Circl
added 2026/07/01 2:51 a.m.8 views

CVE-2026-43709

creationtimestamp| type| source ---|---|--- 2026-07-01 02:51:39+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0818 2026-07-01 16:00:59+00:00| seen| https://www.thezdi.com/blog/2026/6/30/the-june-2026-apple-security-update-review 2026-07-02 01:00:43+00:00| seen|...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References3
Circl
Circl
added 2026/07/01 2:51 a.m.10 views

CVE-2026-43703

creationtimestamp| type| source ---|---|--- 2026-07-01 02:51:25+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0818 2026-07-01 16:00:58+00:00| seen| https://www.thezdi.com/blog/2026/6/30/the-june-2026-apple-security-update-review 2026-07-02 01:00:42+00:00| seen|...

6.5CVSS5.9AI score0.00225EPSS
Exploits0References3
Circl
Circl
added 2026/07/01 2:51 a.m.8 views

CVE-2026-43701

creationtimestamp| type| source ---|---|--- 2026-07-01 02:51:23+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0818 2026-07-01 16:00:58+00:00| seen| https://www.thezdi.com/blog/2026/6/30/the-june-2026-apple-security-update-review 2026-07-02 01:00:42+00:00| seen|...

7.1CVSS5.9AI score0.00182EPSS
Exploits0References3
Circl
Circl
added 2026/07/01 2:51 a.m.7 views

CVE-2026-39868

creationtimestamp| type| source ---|---|--- 2026-07-01 02:51:08+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0818 2026-07-01 16:00:58+00:00| seen| https://www.thezdi.com/blog/2026/6/30/the-june-2026-apple-security-update-review 2026-07-02 01:00:42+00:00| seen|...

9.1CVSS7.1AI score0.00371EPSS
Exploits0References5
Circl
Circl
added 2026/07/01 2:49 a.m.5 views

CVE-2026-43716

creationtimestamp| type| source ---|---|--- 2026-07-01 02:49:57+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0818 2026-07-01 16:00:59+00:00| seen| https://www.thezdi.com/blog/2026/6/30/the-june-2026-apple-security-update-review 2026-07-02 01:00:43+00:00| seen|...

6.5CVSS6.1AI score0.00297EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2026/06/25 5:46 a.m.9 views

Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access

An unknown threat actor exploited a recently disclosed high-severity security flaw impacting Cisco Catalyst SD-WAN as a zero-day at least two months before it was publicly disclosed, according to new findings from Google-owned Mandiant. The vulnerability, tracked as CVE-2026-20245 CVSS score: 7.8...

7.8CVSS6.6AI score0.25323EPSS
Exploits2
CVE
CVE
added 2026/06/24 9:36 p.m.25 views

CVE-2026-9776

ATEN Unizon contains a directory traversal flaw in writeFileToHttpServletResponse that allows remote disclosure of sensitive information without authentication. The issue stems from improper validation of a user-supplied path used in file operations, enabling an attacker to access data in the SYS...

7.5CVSS7AI score0.0158EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-52125

Name of the Vulnerable Software and Affected Versions ATEN Unizon affected versions not specified Description An issue in the ImportDeviceList method allows authenticated remote attackers to execute arbitrary code in the context of SYSTEM. This occurs due to insufficient validation of a...

7.2CVSS7.5AI score0.01477EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2026/06/17 12:36 p.m.20 views

Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development

Microsoft has formally disclosed that it's working to release a patch to address a Defender zero-day codenamed RoguePlanet. The vulnerability has now been assigned the CVE identifier CVE-2026-50656 CVSS score: 7.8, with the tech giant describing it as a privilege escalation flaw. "Microsoft is...

7.8CVSS5.6AI score0.03391EPSS
Exploits0
NCSC
NCSC
added 2026/06/16 1:13 p.m.18 views

Vulnerabilities found in Check Point Remote and Mobile Access VPN-products

Check Point has identified vulnerabilities in Remote and Mobile Access VPN products, specifically those implemented using the IKEv1 key exchange protocol. Two vulnerabilities have been identified in Check Point Security Gateways and Remote Access VPN environments that utilize the outdated IKEv1...

9.3CVSS6AI score0.70099EPSS
Exploits5References3
The Hacker News
The Hacker News
added 2026/06/15 1:49 p.m.22 views

⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More

Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod. This week is the same lesson in a new form: phishing kits are easier to rent, AI names are useful bait, old login paths still fail, and forgotten...

8.8CVSS7.4AI score0.01654EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.20 views

PT-2026-49259

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager affected versions not specified Description A directory or path traversal issue exists in the web UI of Cisco Catalyst SD-WAN Manager formerly SD-WAN vManage. The flaw occurs because the software does not properly...

6.8CVSS6.9AI score0.07683EPSS
Exploits2References84
Wired Threat Level
Wired Threat Level
added 2026/06/13 10:30 a.m.24 views

The FCC Wants to Kill Burner Phones

Plus: AI bug hunting fuels Microsoft’s biggest-ever Patch Tuesday, ShinyHunters ransomware gang exploits an Oracle zero-day, and more...

5.3AI score
Exploits0
HackRead
HackRead
added 2026/06/12 2:6 p.m.13 views

ShinyHunters Target Universities in Oracle PeopleSoft Zero-Day Attack

Google says ShinyHunters exploited Oracle PeopleSoft zero-day to steal data from 100+ organisations, with universities making up most victims...

5.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2026/06/12 1:43 p.m.13 views

Active Exploitation of Oracle PeopleSoft Zero-Day (CVE-2026-35273)

Overview On June 10, 2026, Oracle published a security alert for CVE-2026-35273, a critical vulnerability in the Updates Environment Management component of PeopleSoft Enterprise PeopleTools. Oracle released an out-of-band patch the same day as the advisory, underscoring the urgency of remediatio...

9.8CVSS6.9AI score0.9233EPSS
Exploits3
OSV
OSV
added 2026/06/12 12:25 p.m.10 views

OESA-2026-2638 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: A vulnerability was found in Apache HTTP Server Web Server affected version not known. It has been rated as critical.Using CWE to declare the problem leads to CWE-404. The product does not release or...

7.5CVSS5.2AI score0.11471EPSS
Exploits8References2
Rows per page
Query Builder