Lucene search
K

172 matches found

Packet Storm News
Packet Storm News
added 2026/04/02 12:0 a.m.2 views

AgentWatcher: A Rule-Based Prompt Injection Monitor

Large language models LLMs and their applications, such as agents, are highly vulnerable to prompt injection attacks. State-of-the-art prompt injection detection methods have the following limitations: 1 their effectiveness degrades significantly as context length increases, and 2 they lack...

5.9AI score
Exploits0
Fedora
Fedora
added 2026/03/31 2:47 p.m.6 views

[SECURITY] Fedora 44 Update: rust-resctl-bench-2.2.5-12.fc44

resctl-bench is a collection of whole-system benchmarks to evaluate resource control and hardware behaviors using realistic simulated workloads. Comprehensive resource control involves the whole system. Furthermore, testing resource control end-to-end requires scenarios involving realistic...

6.5CVSS5.9AI score0.00379EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2026/03/23 12:0 a.m.1 views

Towards Secure Retrieval-Augmented Generation: A Comprehensive Review of Threats, Defenses and Benchmarks

Retrieval-Augmented Generation RAG significantly mitigates the hallucinations and domain knowledge deficiency in large language models by incorporating external knowledge bases. However, the multi-module architecture of RAG introduces complex system-level security vulnerabilities. Guided by the R...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/11 12:0 a.m.1 views

Security-By-Design for LLM-Based Code Generation: Leveraging Internal Representations for Concept-Driven Steering Mechanisms

Large Language Models LLMs show remarkable capabilities in understanding natural language and generating complex code. However, as practitioners adopt CodeLLMs for increasingly critical development tasks, research reveals that these models frequently generate functionally correct yet insecure cod...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/07 7:31 p.m.5 views

CVE-2026-29075

Mesa is an open-source Python library for agent-based modeling, simulating complex systems and exploring emergent behaviors. In version 3.5.0 and prior, checking out of untrusted code in benchmarks.yml workflow may lead to code execution in privileged runner. This issue has been patched via commi...

9.8CVSS6.1AI score0.0037EPSS
Exploits0References1
NVD
NVD
added 2026/03/06 5:16 p.m.7 views

CVE-2026-29075

Mesa is an open-source Python library for agent-based modeling, simulating complex systems and exploring emergent behaviors. In version 3.5.0 and prior, checking out of untrusted code in benchmarks.yml workflow may lead to code execution in privileged runner. This issue has been patched via commi...

9.8CVSS0.0037EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/06 4:30 p.m.3 views

EUVD-2026-10045

Mesa is an open-source Python library for agent-based modeling, simulating complex systems and exploring emergent behaviors. In version 3.5.0 and prior, checking out of untrusted code in benchmarks.yml workflow may lead to code execution in privileged runner. This issue has been patched via commi...

8.3CVSS6.1AI score0.0037EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/06 4:30 p.m.4 views

CVE-2026-29075

Mesa is an open-source Python library for agent-based modeling, simulating complex systems and exploring emergent behaviors. In version 3.5.0 and prior, checking out of untrusted code in benchmarks.yml workflow may lead to code execution in privileged runner. This issue has been patched via commi...

8.3CVSS6.1AI score0.0037EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/06 4:30 p.m.2 views

CVE-2026-29075 Mesa: Checking out of untrusted code in `benchmarks.yml` workflow may lead to code execution in privileged runner

Mesa is an open-source Python library for agent-based modeling, simulating complex systems and exploring emergent behaviors. In version 3.5.0 and prior, checking out of untrusted code in benchmarks.yml workflow may lead to code execution in privileged runner. This issue has been patched via commi...

8.3CVSS6.1AI score0.0037EPSS
Exploits0References2
CVE
CVE
added 2026/03/06 4:30 p.m.19 views

CVE-2026-29075

Mesa CVE-2026-29075 affects the Mesa library (versions ≤ 3.5.0). The vulnerability arises when untrusted code is checked out in the benchmarks.yml workflow, potentially allowing code execution in a privileged runner. The issue has been patched via commit c35b8cd. Public-facing exploitation detail...

9.8CVSS6.1AI score0.0037EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/06 4:30 p.m.6 views

CVE-2026-29075 Mesa: Checking out of untrusted code in `benchmarks.yml` workflow may lead to code execution in privileged runner

Mesa is an open-source Python library for agent-based modeling, simulating complex systems and exploring emergent behaviors. In version 3.5.0 and prior, checking out of untrusted code in benchmarks.yml workflow may lead to code execution in privileged runner. This issue has been patched via commi...

8.3CVSS6.1AI score0.0037EPSS
Exploits0References4
Wiz blog
Wiz blog
added 2026/03/06 12:0 p.m.3 views

The Agile FedRAMP Playbook, Part 4: Reactive Risk Management through Enriched Incident Response

In the final part of our series, we explore Reactive Risk Management. Discover how Wiz for U.S. Government transforms cloud detection and response to help satisfy FedRAMP Rev 5 IR controls and FedRAMP 20x detection benchmarks...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/02 12:0 a.m.1 views

VMWare Aria Operations 8.x < 8.18.6 Multiple Vulnerabilities (VMSA-2026-0001)

According to its self-reported version, the instance of VMWare Aria Operations formerly vRealize Operations running on the remote web server is 8.x 8.18.6. It is, therefore, affected by the following: - VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated...

9CVSS8.3AI score0.17424EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/02/27 12:0 a.m.4 views

Jailbreak Foundry: From Papers to Runnable Attacks for Reproducible Benchmarking

Jailbreak techniques for large language models LLMs evolve faster than benchmarks, making robustness estimates stale and difficult to compare across papers due to drift in datasets, harnesses, and judging protocols. We introduce JAILBREAK FOUNDRY JBF, a system that addresses this gap via a...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/26 10:34 p.m.4 views

CVE-2026-22720

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to create custom benchmarks may be able to inject script to perform administrative actions in VMware Aria Operations. To remediate CVE-2026-22720, apply the patches listed in the 'Fixed...

9CVSS5AI score0.00411EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/25 9:31 p.m.13 views

EUVD-2026-8709

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to create custom benchmarks may be able to inject script to perform administrative actions in VMware Aria Operations. To remediate CVE-2026-22720, apply the patches listed in the 'Fixed...

8CVSS5AI score0.00411EPSS
Exploits0References3
OSV
OSV
added 2026/02/18 2:53 p.m.3 views

CVE-2026-23229 crypto: virtio - Add spinlock protection with virtqueue notification

In the Linux kernel, the following vulnerability has been resolved: crypto: virtio - Add spinlock protection with virtqueue notification When VM boots with one virtio-crypto PCI device and builtin backend, run openssl benchmark command with multiple processes, such as openssl speed -evp aes-128-c...

5.5CVSS5.3AI score0.00121EPSS
Exploits0References11
Fedora
Fedora
added 2026/02/11 1:0 a.m.7 views

[SECURITY] Fedora 42 Update: rust-resctl-bench-2.2.5-10.fc42

resctl-bench is a collection of whole-system benchmarks to evaluate resource control and hardware behaviors using realistic simulated workloads. Comprehensive resource control involves the whole system. Furthermore, testing resource control end-to-end requires scenarios involving realistic...

7.5CVSS5.5AI score0.00443EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2026/02/11 12:0 a.m.4 views

Optimizing Agent Planning for Security and Autonomy

Indirect prompt injection attacks threaten AI agents that execute consequential actions, motivating deterministic system-level defenses. Such defenses can provably block unsafe actions by enforcing confidentiality and integrity policies, but currently appear costly: they reduce task completion...

5.6AI score
Exploits0
Fedora
Fedora
added 2026/02/10 1:34 a.m.7 views

[SECURITY] Fedora 43 Update: rust-resctl-bench-2.2.5-10.fc43

resctl-bench is a collection of whole-system benchmarks to evaluate resource control and hardware behaviors using realistic simulated workloads. Comprehensive resource control involves the whole system. Furthermore, testing resource control end-to-end requires scenarios involving realistic...

7.5CVSS5.5AI score0.00443EPSS
Exploits1
Rows per page
Query Builder