Lucene search
K

245 matches found

Veracode
Veracode
added 2025/11/06 8:9 a.m.5 views

Improper Input Validation

github.com/siderolabs/omni is vulnerable to an improper input validation. The vulnerability is due to the lack of validation on the destination address in the WireGuard SideroLink interface configuration, which allows an attacker with access to a malicious workload to send arbitrary packets over...

5.4CVSS7.1AI score0.00182EPSS
Exploits0References4Affected Software1
Trend Micro Simply Security
Trend Micro Simply Security
added 2025/10/14 12:0 a.m.5 views

Trend Micro launches new integration with Zscaler to deliver real-time, Risk-Based Zero Trust Access

Discover how Trend Vision One™ integrates with Zscaler to unify detection and access enforcement, accelerate threat containment, reduce dwell time, and deliver seamless Zero Trust protection for modern enterprises...

7AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2025/09/30 1:44 p.m.3 views

Google’s Latest AI Ransomware Defense Only Goes So Far

Google has launched a new AI-based protection in Drive for desktop that can shut down an attack before it spreads—but its benefits have their limits...

6.9AI score
Exploits0
CISA
CISA
added 2025/09/22 12:0 p.m.5 views

SonicWall Releases Advisory for Customers after Security Incident

SonicWall released a security advisory to assist their customers with protecting systems impacted by the MySonicWall cloud backup file incident. SonicWall’s investigation found that a malicious actor performed a series of brute force techniques against their MySonicWall.com web portal to gain...

6.6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/05 5:10 p.m.6 views

Malicious code in @zalastax/nolb-lion-i (npm)

The package @zalastax/nolb-lion-i was found to contain malicious code...

7AI score
Exploits0
GithubExploit
GithubExploit
added 2025/08/13 12:52 p.m.112 views

Exploit for Deserialization of Untrusted Data in Microsoft

ToolShell-CVE-2025-53770-SharePoint-Exploit-Lab-LetsDefend TL...

9.8CVSS10AI score0.99982EPSS
Exploits41
Packet Storm News
Packet Storm News
added 2025/06/05 12:0 a.m.6 views

Seven Security Challenges That Must Be Solved in Cross-Domain Multi-Agent LLM Systems

Large language models LLMs are rapidly evolving into autonomous agents that cooperate across organizational boundaries, enabling joint disaster response, supply-chain optimization, and other tasks that demand decentralized expertise without surrendering data ownership. Yet, cross-domain...

6.9AI score
Exploits0
OSV
OSV
added 2025/03/06 6:37 p.m.7 views

CVE-2025-24796 Remote Code Execution within Collabora Online jail with Macros Enabled

Collabora Online is a collaborative online office suite based on LibreOffice. Macro support is disabled by default in Collabora Online, but can be enabled by an administrator. Collabora Online typically hosts each document instance within a jail and is allowed to download content from locations...

6.3CVSS6.8AI score0.00475EPSS
Exploits0References3
CNVD
CNVD
added 2025/02/06 12:0 a.m.5 views

Unspecified vulnerability in LunaSVG (CNVD-2025-04482)

LunaSVG is a standalone C SVG rendering library. A security vulnerability exists in LunaSVG that stems from the discovery of a containment allocation size oversize error via the component plutovgsurfacecreate. No detailed vulnerability details are provided at this time...

7.5CVSS6.9AI score0.0044EPSS
Exploits1References1
CNVD
CNVD
added 2025/02/06 12:0 a.m.16 views

Unspecified Vulnerability in LunaSVG (CNVD-2025-04486)

LunaSVG is a standalone C SVG rendering library. A security vulnerability exists in LunaSVG that stems from a containment segmentation violation found via the component plutovgpathaddpath. No detailed vulnerability details are provided at this time...

6.5CVSS6.9AI score0.00334EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/01/23 12:0 a.m.3 views

LunaSVG 安全漏洞

LunaSVG is a standalone C SVG rendering library. A security vulnerability exists in LunaSVG that stems from the discovery of a containment allocation size oversize error via the component plutovgsurfacecreate. No detailed vulnerability details are provided at this time...

7.5CVSS6.8AI score0.0044EPSS
Exploits1References3
The Hacker News
The Hacker News
added 2024/11/28 4:37 a.m.5 views

U.S. Telecom Giant T-Mobile Detects Network Intrusion Attempts from Wireline Provider

U.S. telecom service provider T-Mobile said it recently detected attempts made by bad actors to infiltrate its systems in recent weeks but noted that no sensitive data was accessed. These intrusion attempts "originated from a wireline provider's network that was connected to ours," Jeff Simon,...

7.3AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/11/08 6:17 a.m.22 views

BEC-ware the Phish (part 2): Respond and Remediate Incidents in M365

TL;DR Ensure you can reliably take initial containment actions such as disabling accounts, resetting passwords, and revoking tokens. Token binding ensures that a token only works on the specific device the token was issued and is currently the best protection against token theft. As a minimum...

7.3AI score
Exploits0
CNNVD
CNNVD
added 2024/08/26 12:0 a.m.0 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a containment overflow problem found in the getfreeelt function...

5.5CVSS6.6AI score0.00255EPSS
Exploits0References11
The Hacker News
The Hacker News
added 2024/08/05 10:16 a.m.26 views

Enhancing Incident Response Readiness with Wazuh

Incident response is a structured approach to managing and addressing security breaches or cyber-attacks. Security teams must overcome challenges such as timely detection, comprehensive data collection, and coordinated actions to enhance readiness. Improving these areas ensures a swift and...

7.8AI score
Exploits0
CNNVD
CNNVD
added 2024/05/31 12:0 a.m.4 views

Moodle Security Breach

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle that stems from an attacker being able to perform a local file containment attack in a share...

6.5CVSS6.5AI score0.00475EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/05/30 4:15 p.m.24 views

CVE-2024-36898

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: fix uninitialised kfifo If a line is requested with debounce, and that results in debouncing in software, and the line is subsequently reconfigured to enable edge detection then the allocation of the kfifo to conta...

7.8CVSS6.4AI score0.00234EPSS
Exploits0References11
Wiz blog
Wiz blog
added 2024/05/14 3:30 p.m.74 views

Unveiling the power of Wiz's Security Graph with automated blast radius and root cause analysis for cloud incident response

Wiz assists Incident Response IR and SOC teams with containment through automated assessment of security incidents by identifying possible root causes and calculating the potential blast radius of compromised resources...

7.4AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/02/02 12:0 a.m.6 views

The vulnerability of FireEye Endpoint Security’s software for protecting servers and workstations lies in errors in the network subsystem’s counters. This allows a malicious actor to trigger a service failure.

The vulnerability of FireEye Endpoint Security’s software for protecting servers and workstations is related to errors in counting pointers within the network subsystem. Exploiting this vulnerability allows a malicious actor to trigger a service failure using the Containmentnotify/preview paramet...

7.8CVSS7.2AI score0.00315EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2024/01/16 12:0 a.m.15 views

Trend Micro Apex Central Local File Containment Vulnerability

Trend Micro Apex Central is a Web-based product console from Trend Micro. A local file inclusion vulnerability exists in Trend Micro Apex Central, which can be exploited by an attacker to execute arbitrary code in the system context by submitting a special request...

7.5CVSS7.5AI score0.04536EPSS
Exploits0References1
Rows per page
Query Builder