Lucene search
K

114639 matches found

CVE
CVE
added 55 minutes ago32 views

CVE-2026-45804 Diffusers: TOCTOU Trust Remote Code Bypass

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, Diffusers' DiffusionPipeline.frompretrained flow can bypass the trustremotecode guard because download validates modelindex.json and custom pipeline code before later loading from a cached folder that can change, allowin...

7.5CVSS6.2AI score0.00048EPSS
Exploits0References5
Cvelist
Cvelist
added 55 minutes ago4 views

CVE-2026-45804 Diffusers: TOCTOU Trust Remote Code Bypass

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, Diffusers' DiffusionPipeline.frompretrained flow can bypass the trustremotecode guard because download validates modelindex.json and custom pipeline code before later loading from a cached folder that can change, allowin...

7.5CVSS0.00048EPSS
Exploits0References5
The Hacker News
The Hacker News
added 1 hour ago5 views

OkoBot Malware Framework Injects Seed Phrase Phishing Into Ledger and Trezor Apps

A malware framework called OkoBot has been running on Windows machines since April 2025, and one of its modules is built to con hardware wallet owners out of their recovery phrase. On an infected PC, the request comes from inside the wallet's own desktop software. Sometimes it waits until you plu...

6.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2 hours ago3 views

Claude for Chrome flaw could let rogue extensions access your Gmail

First reported in May, ClaudeBleed is basically a “fake remote control” problem. A sneaky browser extension can pretend to be Claude’s own website and secretly drive the Claude for Chrome extension to read your data and take action in your accounts. The Claude for Chrome browser extension is an...

6.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 4 hours ago4 views

July 2026 Patch Tuesday fixes 622 Microsoft CVEs, including three zero-days

Just one month ago, June 2026 Patch Tuesday broke Microsoft’s previous record with 206 CVEs and three zero‑days. July now triples that count, reinforcing that the era of “small” Patch Tuesdays may be over as AI‑driven vulnerability discovery ramps up. The update includes 59 critical...

9.8CVSS6.1AI score
Exploits0
NVD
NVD
added 4 hours ago5 views

CVE-2026-61449

Grav 2.0.1 contains a decompression-bomb size-cap bypass in ZipArchiver and GPM\Installer. The size bound introduced in 2.0.1 sums the uncompressed size declared in each entry's ZIP central-directory header ZipArchive::statIndex'size' and rejects archives exceeding...

7.1CVSS
Exploits0References2
HackRead
HackRead
added 5 hours ago4 views

Microsoft’s July 2026 Patch Tuesday fixes 622 flaws and 2 exploited zero-days

Microsoft’s July 2026 Patch Tuesday fixes 622 CVEs, including exploited AD FS and SharePoint flaws, plus the disclosed BitLocker bypass requiring urgent action...

6.1AI score
Exploits0
Cvelist
Cvelist
added 5 hours ago3 views

CVE-2026-61449 Grav before 2.0.2 Decompression Bomb via Forged ZIP Size

Grav 2.0.1 contains a decompression-bomb size-cap bypass in ZipArchiver and GPM\Installer. The size bound introduced in 2.0.1 sums the uncompressed size declared in each entry's ZIP central-directory header ZipArchive::statIndex'size' and rejects archives exceeding...

7.1CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 5 hours ago3 views

CVE-2026-61449

Grav 2.0.1 contains a decompression-bomb size-cap bypass in ZipArchiver and GPM\Installer. The size bound introduced in 2.0.1 sums the uncompressed size declared in each entry's ZIP central-directory header ZipArchive::statIndex'size' and rejects archives exceeding...

7.1CVSS6.1AI score
Exploits0References3
CVE
CVE
added 5 hours ago4 views

CVE-2026-61449

Summary of CVE-2026-61449 (Grav): Grav 2.0.1 contains a decompression-bomb size-cap bypass in ZipArchiver and GPM Installer. The new per-entry size bound (ZipArchive::statIndex()['size']) is summed against system.gpm.archive.max_uncompressed_size and blocks extraction before it, but the declared ...

7.1CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-44647

Grav 2.0.1 contains a decompression-bomb size-cap bypass in ZipArchiver and GPM\Installer. The size bound introduced in 2.0.1 sums the uncompressed size declared in each entry's ZIP central-directory header ZipArchive::statIndex'size' and rejects archives exceeding...

7.1CVSS6.1AI score
Exploits0References2
The Hacker News
The Hacker News
added 5 hours ago9 views

Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday

Security researcher Chaotic Eclipse aka Nightmare-Eclipse has released a new proof-of-concept PoC exploit called LegacyHive. It has been described as a Windows User Profile Service arbitrary hive load elevation of privileges vulnerability. The Windows User Profile Service, also referred to as...

9.8CVSS6.7AI score
Exploits0
The Hacker News
The Hacker News
added 5 hours ago5 views

New Webinar: Closing the Approval Gap in AI-Era Ad Tech

A single approved marketing tag can quietly load fourth-party code your security team has never seen, granting full access to your forms, customer data, and checkout pages. This on-demand webinar reveals how this Approval Gap forms, and gives your team the blueprint to close it before an auditor,...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 6 hours ago4 views

Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution

Open a repository in Cursor on Windows and, if a file named git.exe is sitting in the project root, Cursor runs it. No click, no approval dialog, no warning that anything in the folder is about to execute. Whatever that binary does, it does as you, with your source, your SSH keys and your cloud...

6.5AI score
Exploits0
GithubExploit
GithubExploit
added 6 hours ago9 views

Exploit for Missing Authentication for Critical Function in Estrongs Es_File_Explorer_File_Manager

CVE-2019-6447: ES File Explorer Unauthenticated HTTP Service...

8.1CVSS7AI score0.6202EPSS
Exploits9
Securelist
Securelist
added 7 hours ago2 views

OkoBot: new sophisticated malware framework targets cryptocurrency users

Introduction In January 2026, we identified multiple attacks involving unknown malware that captures the contents of cryptocurrency wallet windows. During the investigation, we reconstructed the complete infection chain, which consisted of four tightly linked stages initiated by the execution of...

6.3AI score
Exploits0
NCSC
NCSC
added 7 hours ago7 views

Zero-day vulnerabilities are exploited in SonicWall SMA1000 devices.

SonicWall has identified two vulnerabilities in the SonicWall SMA1000 appliance. The vulnerability with the identifier CVE-2026-15409 involves Server-Side Request Forgery SSRF in the Work Place interface, allowing an unauthorized attacker to send requests to the device to unintended locations. Th...

10CVSS6.4AI score
Exploits3References1
Malwarebytes
Malwarebytes
added 8 hours ago4 views

This fake Apple app can unlock your Mac’s password vault

CrashStealer is a new macOS infostealer that masquerades as Apple’s CrashReporter component, uses an Apple‑notarized installer to slip past Gatekeeper, tricks users into handing over their password, and then systematically loots browsers, password managers, crypto wallets, and Keychain secrets...

6AI score
Exploits0
The Hacker News
The Hacker News
added 11 hours ago6 views

Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands

SonicWall has warned of active exploitation of two zero-day vulnerabilities impacting Secure Mobile Access SMA 1000 series appliances, one of which could be exploited to achieve arbitrary command execution. The vulnerabilities are listed below - CVE-2026-15409 CVSS score: 10.0 - A Server-side...

10CVSS7.2AI score
Exploits3
Nuclei
Nuclei
added 12 hours ago61 views

Dzzoffice 2.02.1 - Cross-Site Scripting

Dzzoffice 2.02.1SCUTF8 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the zero parameter. id: CVE-2021-30203 info: name: Dzzoffice 2.02.1 - Cross-Site Scripting author: arafatansari severity: high description: | Dzzoffice...

6.1CVSS6.5AI score0.00596EPSS
Exploits1References2
Rows per page
Query Builder