Lucene search
K

16 matches found

FreeBSD
FreeBSD
added 2025/11/17 12:0 a.m.7 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 2 security fixes: 460017370 High CVE-2025-13223: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2025-11-12 450328966 High CVE-2025-13224: Type Confusion in V8. Reported by Google Big Sleep on 2025-10-09...

8.8CVSS7AI score0.04835EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2025/11/04 8:10 a.m.6 views

Google's AI 'Big Sleep' Finds 5 New Vulnerabilities in Apple's Safari WebKit

Google's artificial intelligence AI-powered cybersecurity agent called Big Sleep has been credited by Apple for discovering as many as five different security flaws in the WebKit component used in its Safari web browser that, if successfully exploited, could result in a browser crash or memory...

9.8CVSS7.6AI score0.73495EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2025/10/21 12:0 a.m.4 views

PT-2025-43032

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 141.0.7390.122 Description An out-of-bounds memory access issue exists in the V8 JavaScript engine within Google Chrome. This flaw allows a remote attacker to perform out-of-bounds memory access by way of a...

10CVSS7.5AI score0.03638EPSS
Exploits0References42
FreeBSD
FreeBSD
added 2025/10/21 12:0 a.m.8 views

chromium -- security fix

Chrome Releases reports: This update includes 1 security fix: 452296415 High CVE-2025-12036: Inappropriate implementation in V8. Reported by Google Big Sleep on 2025-10-15...

8.8CVSS7AI score0.03638EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/10/06 12:0 a.m.2 views

CVE-2025-59728

When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent below 0, it returns a buffer precisely allocated to match the string length, using strdup internally. If this buffer is...

8.7CVSS6AI score0.00172EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/10/06 12:0 a.m.3 views

CVE-2025-59729

When parsing the header for a DHAV file, there's an integer underflow in offset calculation that leads to reading the duration from before the start of the allocated buffer. If we load a DHAV file that is larger than MAXDURATIONBUFFERSIZE bytes 0x100000 for example 0x101000 bytes, then at 0 we ha...

5.7CVSS5.9AI score0.00149EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/10/06 12:0 a.m.3 views

CVE-2025-59732

When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that the height and width are divisible by 8. If the height or width of the image is not divisible by 8, the copy loops at 0 and 1 will continue to write until the next multiple of 8. The buffer...

8.7CVSS6.6AI score0.00155EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/10/06 12:0 a.m.4 views

CVE-2025-59734

It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion storedframe. Stored frames can later be referenced by FTCH chunks. For files using subversion storedframe. Leaving ctx-hasdimensions set to false. A subsequent chunk with type...

8.7CVSS6AI score0.00167EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/10/06 12:0 a.m.3 views

CVE-2025-59733

When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that all image channels have the same pixel type and size, and that if there are four channels, the first four are "B", "G", "R" and "A". The channel parsing code can be found in decodeheader. The...

8.7CVSS6.7AI score0.00171EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/10/06 12:0 a.m.4 views

CVE-2025-59730

When decoding a frame for a SANM file ANIM v0 variant, the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48 can specify their resolution width x height. A buffer of appropriate size is allocated depending on the resolution. This codec can encode the frame...

5.7CVSS6AI score0.00149EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/19 12:0 a.m.6 views

PT-2025-33889

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 139.0.7258.138 Description An out-of-bounds write issue exists in the V8 JavaScript engine. This flaw allows a remote attacker to potentially exploit heap corruption—a condition where memory allocated in the hea...

8.8CVSS7.9AI score0.02954EPSS
Exploits0References52
Snyk
Snyk
added 2025/08/13 1:59 p.m.5 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the ReadOneJNGImage function. An attacker can access data on the heap or cause memory corruption by tricking a user into processing a specially crafted image file. Remediation A fix was pushed into the...

7.6CVSS7.1AI score0.00503EPSS
Exploits1References3
The Hacker News
The Hacker News
added 2025/07/16 7:44 a.m.8 views

Google AI "Big Sleep" Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act

Google on Tuesday revealed that its large language model LLM-assisted vulnerability discovery framework identified a security flaw in the SQLite open-source database engine before it could have been exploited in the wild. The vulnerability, tracked as CVE-2025-6965 CVSS score: 7.2, is a memory...

7.2CVSS7.7AI score0.73495EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.5 views

PT-2025-40347

Name of the Vulnerable Software and Affected Versions Chromium affected versions not specified Description An off-by-one error exists in V8. This issue was identified by Google and addressed in Chromium. Microsoft Edge, being Chromium-based, also ingests fixes for this issue. Recommendations At t...

8.8CVSS6.3AI score0.00356EPSS
Exploits0References43
The Hacker News
The Hacker News
added 2024/11/04 10:4 a.m.16 views

Google's AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine

Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model LLM assisted framework called Big Sleep formerly Project Naptime. The tech giant described the development as the "first real-world vulnerability" uncovered using the...

7.9AI score
Exploits0
GoogleProjectZero
GoogleProjectZero
added 2024/11/01 12:0 a.m.98 views

From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code

Posted by the Big Sleep team Introduction In our previous post, Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models, we introduced our framework for large-language-model-assisted vulnerability research and demonstrated its potential by improving the state-of-the-a...

7.7AI score
Exploits0
Rows per page
Query Builder