219617 matches found
CVE-2025-28343
striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function ThreadReadButtons...
Palo Alto Networks Trust Protection Foundation SQL注入漏洞
Palo Alto Networks Trust Protection Foundation is a machine identity and certificate security management platform developed by Palo Alto Networks. Palo Alto Networks Trust Protection Foundation has a SQL injection vulnerability. This vulnerability stems from SQL injection attacks, which may allow...
PT-2026-40808
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in the authentication key reset functionality allowed an authenticated organization administrator to reset authentication keys belonging to site administrator accounts within...
CVE-2026-36738
U-SPEED AC1200 Gigabit Wi-Fi Router Model: T18-21K V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control mechanisms. An attacker with physical access to the UART pins can connect to the interface and gain...
CVE-2025-28344
striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function AuxJack...
Malicious code in ms-graph-types (npm)
Two malicious npm packages published by the micresoft account typosquatting "microsoft" are part of a coordinated supply chain attack sharing identical infrastructure with packages published by the superbase account. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at...
CVE-2025-28343
striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function ThreadReadButtons...
CVE-2026-36738
U-SPEED AC1200 Gigabit Wi-Fi Router Model: T18-21K V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control mechanisms. An attacker with physical access to the UART pins can connect to the interface and gain...
CVE-2025-28343
striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function ThreadReadButtons...
Malicious code in supabase-javascript (npm)
Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...
CVE-2025-28344
striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function AuxJack...
CVE-2025-28344
CVE-2025-28344 affects striso-control-firmware version 54c9722 . The vulnerability is a buffer overflow in the function AuxJack that can impact availability. CVSS:3.1 vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (base score 7.5, HIGH). Connected entries (EUVD-2025-209826, NVD, CVE record e...
PT-2026-40684
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/i915/vrr component where writing to TRANS VRR VMAX or FLIPLINE before enabling TRANS DDI FUNC CTL can cause a system hang with a Machine Check Exception MCE on...
On the (Non-)Resilience of Encrypted Controllers to Covert Attacks
The security of networked control systems NCS is receiving increasing attention from both cyber-security and system-theoretic perspectives. The former focuses on classical IT security goals such as confidentiality, integrity, and availability of process data, while the latter investigates tailore...
Dashboard Import Overwrites ACL — Editor Privilege Escalation to Dashboard Admin
An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege...
MAL-2026-3648 Malicious code in auth-javascript (npm)
Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...
PT-2026-40720
Name of the Vulnerable Software and Affected Versions Nautobot versions prior to 2.4.33 Nautobot versions prior to 3.1.2 Description A user with permissions to add or modify a GitRepository record can use the REST API to directly set the current head field, which is not intended to be...
MAL-2026-3651 Malicious code in ms-graph-types (npm)
Two malicious npm packages published by the micresoft account typosquatting "microsoft" are part of a coordinated supply chain attack sharing identical infrastructure with packages published by the superbase account. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at...
ROS-20260513-73-0019
Vulnerability in lxd due to insufficient control over modification of dynamically defined object characteristics. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
ExploitBench: A Capability Ladder Benchmark for LLM Cybersecurity Agents
Exploitation is not a binary event. It is a ladder of acquiring progressive capabilities, from executing a single buggy line of code to taking full control of the target. However, existing LLM security benchmarks treat a crash as exploitation success. That single binary outcome collapses the hard...