Lucene search
K

1111 matches found

Fedora
Fedora
added 3 days ago7 views

[SECURITY] Fedora 44 Update: sssd-2.13.1-2.fc44

Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy...

8.8CVSS6.1AI score0.00501EPSS
Exploits0
EUVD
EUVD
added 2026/07/06 8:25 p.m.4 views

EUVD-2026-25014

printenv: environment variables with invalid UTF-8 are silently skipped evades inspection...

4.4CVSS5.9AI score0.0017EPSS
Exploits1References6
Fedora
Fedora
added 2026/07/03 12:56 a.m.11 views

[SECURITY] Fedora 44 Update: nmap-7.92-11.fc44

Nmap is a utility for network exploration or security auditing. It supports ping scanning determine which hosts are up, many port scanning techniques determine what services the hosts are offering, and TCP/IP fingerprinting remote host operating system identification. Nmap also offers flexible ta...

6.9CVSS6.6AI score0.00278EPSS
Exploits0
Fedora
Fedora
added 2026/06/27 1:12 a.m.8 views

[SECURITY] Fedora 44 Update: openbao-2.5.5-1.fc44

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/06/27 12:56 a.m.6 views

[SECURITY] Fedora 43 Update: openbao-2.5.5-1.fc43

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/06/22 5:16 p.m.35 views

CVE-2026-54289 Hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so...

4.8CVSS0.00114EPSS
Exploits0References1
OSV
OSV
added 2026/06/18 8:16 p.m.7 views

GHSA-68XW-R643-9P5W OpenClaw: Skill-command dispatch could skip before-tool-call hooks

Summary Skill-command dispatch could skip before-tool-call hooks. In affected versions, a skill command routed through the affected dispatch path could run without the same runBeforeToolCallHook coverage as other tool entry points. This advisory is scoped to the named feature and configuration. I...

4.3CVSS5.7AI score0.00185EPSS
Exploits0References4
NVD
NVD
added 2026/06/16 7:17 p.m.11 views

CVE-2026-53845

OpenClaw before 2026.5.6 contains a hook bypass vulnerability where skill commands routed through the affected dispatch path skip before-tool-call hook coverage. Attackers can exploit this by sending skill commands through the vulnerable dispatch path to bypass hook-based auditing and policy...

4.3CVSS0.00185EPSS
Exploits0References2
CVE
CVE
added 2026/06/16 6:4 p.m.37 views

CVE-2026-53845

OpenClaw prior to version 2026.5.6 has a hook bypass in the skill-command dispatch path, where commands routed through the affected path skip the before-tool-call hook coverage, potentially bypassing auditing and policy enforcement. This is described in the CVE entry as a dispatch hook bypass vul...

4.3CVSS5.4AI score0.00185EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.33 views

PT-2026-49762

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.6 Description A hook bypass issue exists where skill commands routed through a specific dispatch path skip the runBeforeToolCallHook coverage. This allows attackers to send skill commands through the affected...

4.3CVSS5.3AI score0.00185EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 3:14 a.m.17 views

Malicious code in @403name/ether-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 927758f43d6eaa6514273bd8ab8f3559624055b9bbf8c9ef9a190b645c0a6eef On require'@403name/ether-js', index.js runs an IIFE that targets macOS only returns early on non-darwin and when CI/GITHUBACTIONS env vars are set,...

6.3AI score
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/06/10 12:0 a.m.12 views

PI-Hunter: Automated Red-Teaming for Exposing and Localizing Prompt Injections

Large Language Models LLMs are rapidly evolving into agentic systems that interact with external tools and environments, introducing new security risks such as indirect prompt injection attacks through untrusted external sources. Existing defenses mainly focus on blocking malicious content at...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/08 12:0 a.m.9 views

Secure WebSocket Upgrade Handler Auditor for HTTP/HTTPS Services

This Python tool implements a concurrent network auditing framework focused on testing HTTP Upgrade handling behavior, especially WebSocket upgrade negotiation. It connects directly to target servers over TCP or TLS, sends crafted upgrade requests, parses raw HTTP responses, and reports whether t...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/08 12:0 a.m.11 views

Revive Adserver 6.0.6 Security Auditor

This script is a defensive security auditing utility designed to identify exposed services, review configuration weaknesses, and collect security posture information from a Revive Adserver deployment without performing direct exploitation...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/03 12:0 a.m.9 views

MCPJam Inspector 1.4.2 Defensive API Security Assessment Tool

This Python-based defensive auditing tool evaluates the exposure and security posture of MCP-related API endpoints in a controlled and authorized environment. It is designed to assist security teams in identifying insecure API configurations, exposed execution interfaces, and potential operationa...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/03 12:0 a.m.51 views

ZERO-APT: A Closed-Loop Adversarial Framework for LLM-Driven Automated Penetration Testing under Intelligent Defense

LLM-driven automated penetration testing agents are typically evaluated against static targets that neither detect nor respond to attacks, so their behavior under intelligent defense remains untested. The causal consistency of multi-step attack chains likewise hinges on unstable LLM reasoning, an...

5.5AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/02 3:8 p.m.94 views

Exploit for Out-of-bounds Write in Linux Linux_Kernel

Charantej Architecture: Hardened Container Staging & Syscall T...

7.8CVSS6.2AI score0.03663EPSS
Exploits11
Packet Storm News
Packet Storm News
added 2026/06/02 12:0 a.m.14 views

PCLink 4.1.1 Basic API Exposure / Header Misconfiguration Scanner

This Python script is a lightweight security auditing tool designed to assess a PCLink server for potential exposure of sensitive headers and extension-related API endpoints. It's written to analyze version 4.1.1...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/02 12:0 a.m.18 views

WebADM Security Auditor and Content Exposure Scanner

This Python script is a defensive security auditing tool designed to analyze a target web application for potential information exposure and security misconfigurations, specifically focusing on environments resembling WebADM. This was tested on version 2.4.17-1...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/01 10:29 a.m.10 views

com.infobip.kafkistry:kafkistry-app (>=0.7.0 <=0.10.1), com.infobip.kafkistry:kafkistry-auditing (>=0.7.0 <=0.10.1) +19 more potentially affected by CVE-2026-48827 via org.apache.sshd:sshd-git (>=2.10.0 <=2.17.1)

org.apache.sshd:sshd-git MAVEN version =2.10.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.9.9, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.62.0, =2.25.0, =1.1.0, =1.1.1 and more Source cves: CVE-2026-48827 Source advisory: SNYK:JAVA-ORGAPACHESSHD-17151844...

7.1CVSS5.7AI score0.00527EPSS
Exploits0
Rows per page
Query Builder