Lucene search
K

1245 matches found

Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.4 views

Can Drift-Adaptive Malware Detectors Be Made Robust? Attacks and Defenses under White-Box and Black-Box Threats

Concept drift and adversarial evasion are two major challenges for deploying machine learning-based malware detectors. While both have been studied separately, their combination, the adversarial robustness of drift-adaptive detectors, remains unexplored. We address this problem with AdvDA, a rece...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/04 12:0 a.m.6 views

Explainability-Guided Adversarial Attacks on Transformer-Based Malware Detectors Using Control Flow Graphs

Transformer-based malware detection systems operating on graph modalities such as control flow graphs CFGs achieve strong performance by modeling structural relationships in program behavior. However, their robustness to adversarial evasion attacks remains underexplored. This paper examines the...

5.9AI score
Exploits0
Snyk
Snyk
added 2026/04/03 3:26 a.m.5 views

Always-Incorrect Control Flow Implementation

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation via the onboarding process. An attacker can obtain gateway credentials by leveraging a scenario where a previously discovered endpoint persist...

6.9CVSS5.9AI score0.00252EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/04/03 12:0 a.m.6 views

ContractShield: Bridging Semantic-Structural Gaps Via Hierarchical Cross-Modal Fusion for Multi-Label Vulnerability Detection in Obfuscated Smart Contracts

Smart contracts are increasingly targeted by adversaries employing obfuscation techniques such as bogus code injection and control flow manipulation to evade vulnerability detection. Existing multimodal methods often process semantic, temporal, and structural features in isolation and fuse them...

6AI score
Exploits0
Snyk
Snyk
added 2026/04/02 5:8 p.m.2 views

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation in the handling of the authorizedkeys principals option when a principals list is used with a Certificate Authority that includes comma characters. An attacker can gain unauthorized access or...

8.1CVSS5.9AI score0.00176EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/02 4:52 p.m.1 views

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to the misinterpretation of the PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms configuration, which causes unintended ECDSA algorithms to be accepted. An attacker can compromise...

6.5CVSS5.9AI score0.00237EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/03/16 12:0 a.m.19 views

From Storage to Steering: Memory Control Flow Attacks on LLM Agents

Modern agentic systems allow Large Language Model LLM agents to tackle complex tasks through extensive tool usage, forming structured control flows of tool selection and execution. Existing security analyses often treat these control flows as ephemeral, one-off sessions, overlooking the persisten...

5.9AI score
Exploits0
Cvelist
Cvelist
added 2026/03/03 6:46 a.m.22 views

CVE-2026-1874 Denial-of-Service (DoS) vulnerability in Ethernet function of MELSEC iQ-F Series EtherNet/IP module and Ethernet module

Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior and Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP versions 1.000 and prior allo...

8.7CVSS0.00421EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/03 6:31 a.m.5 views

@tootallnate/once vulnerable to Incorrect Control Flow Scoping

Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then usage to hang indefinitely. This...

4.8CVSS5.9AI score0.00112EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/03 6:31 a.m.3 views

GHSA-VPQ2-C234-7XJ6 @tootallnate/once vulnerable to Incorrect Control Flow Scoping

Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then usage to hang indefinitely. This...

4.8CVSS5.9AI score0.00112EPSS
Exploits0References6
NVD
NVD
added 2026/03/03 5:17 a.m.5 views

CVE-2026-3449

Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then usage to hang indefinitely. This...

4.8CVSS0.00112EPSS
Exploits0References3
OSV
OSV
added 2026/03/03 5:17 a.m.4 views

CVE-2026-3449

Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then usage to hang indefinitely. This...

4.8CVSS5.7AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/03 5:0 a.m.2 views

CVE-2026-3449

Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then usage to hang indefinitely. This...

4.8CVSS5.9AI score0.00112EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/03 5:0 a.m.11 views

EUVD-2026-9278

Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then usage to hang indefinitely. This...

4.8CVSS5.9AI score0.00112EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/03 5:0 a.m.32 views

CVE-2026-3449

Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then usage to hang indefinitely. This...

4.8CVSS0.00112EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.5 views

PT-2026-22719

Name of the Vulnerable Software and Affected Versions @tootallnate/once versions prior to 3.0.1 Description The package @tootallnate/once versions prior to 3.0.1 are susceptible to an issue with incorrect control flow scoping in promise resolving when the AbortSignal option is utilized. When the...

4.8CVSS5.9AI score0.00112EPSS
Exploits0References19
Tenable Nessus
Tenable Nessus
added 2026/02/26 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-26965

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, in the RLE planar decode path, planardecompressplanerle writes into...

8.8CVSS5.9AI score0.00591EPSS
Exploits1References3
OSV
OSV
added 2026/02/25 9:16 p.m.3 views

UBUNTU-CVE-2026-26965

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, in the RLE planar decode path, planardecompressplanerle writes into pDstData at nYDst+y nDstStep + 4nXDst + nChannel without verifying that nYDst+nSrcHeight fits in the destination height or that...

8.8CVSS5.9AI score0.00591EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/25 8:59 p.m.23 views

CVE-2026-26965 FreeRDP has Out-of-bounds Write

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, in the RLE planar decode path, planardecompressplanerle writes into pDstData at nYDst+y nDstStep + 4nXDst + nChannel without verifying that nYDst+nSrcHeight fits in the destination height or that...

8.8CVSS0.00591EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2026/02/25 8:59 p.m.4 views

CVE-2026-26965

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, in the RLE planar decode path, planardecompressplanerle writes into pDstData at nYDst+y nDstStep + 4nXDst + nChannel without verifying that nYDst+nSrcHeight fits in the destination height or that...

8.8CVSS6AI score0.00591EPSS
Exploits1
Rows per page
Query Builder