Lucene search
K

646 matches found

Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.19 views

PT-2026-40841

Four CVEs CVE-2026-29103, CVE-2026-29104, CVE-2026-29892, CVE-2026-30441 shared the same root cause. An MCP server's response to the client includes free-form text fields — tool descriptions, resource summaries, prompt argument hints. These fields are surfaced into the…...

9.1CVSS5.8AI score0.00497EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 3:32 p.m.40 views

EUVD-2026-29050

A vulnerability was determined in Open5GS up to 2.7.7. This affects the function gsmhandlepdusessionmodificationqosflowdescriptions of the file src/smf/gsm-handler.c of the component SMF. Executing a manipulation of the argument n1SmMsg can lead to denial of service. The attack may be launched...

5.3CVSS5.5AI score0.00378EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/05/11 12:15 p.m.12 views

CVE-2026-8288 Open5GS SMF gsm-handler.c denial of service

A vulnerability was determined in Open5GS up to 2.7.7. This affects the function gsmhandlepdusessionmodificationqosflowdescriptions of the file src/smf/gsm-handler.c of the component SMF. Executing a manipulation of the argument n1SmMsg can lead to denial of service. The attack may be launched...

5.3CVSS5.5AI score0.00378EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the operation of the...

6.5CVSS5.8AI score0.00378EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2026/05/10 12:0 a.m.9 views

Skill Description Deception Attack against Task Routing in Internet of Agents

A new paradigm, Internet of Agents IoA, is transforming networked systems into LLM-driven service networks, where heterogeneous agents collaborate through task routing based on their self-declared skill descriptions. Although this promising paradigm enables agentic, distributed, and advanced...

5.7AI score
Exploits0
OSV
OSV
added 2026/05/08 7:0 p.m.7 views

GHSA-GF5M-WCRH-7928 open-webui Vulnerable to Stored XSS via Model Description

!IMPORTANT Relationship to CVE-2024-7990 CVE-2024-7990 issued by huntr.dev, March 2025 describes a stored XSS in the same field — the model description — but exploits a different bypass mechanism: a second-order injection through the sanitizeResponseContent function's video-tag placeholder...

7.3CVSS6AI score0.00308EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/05/08 7:0 p.m.10 views

open-webui Vulnerable to Stored XSS via Model Description

!IMPORTANT Relationship to CVE-2024-7990 CVE-2024-7990 issued by huntr.dev, March 2025 describes a stored XSS in the same field — the model description — but exploits a different bypass mechanism: a second-order injection through the sanitizeResponseContent function's video-tag placeholder...

8.4CVSS6AI score0.00897EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2026/05/08 2:16 p.m.8 views

CVE-2025-71299

In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing The recent refactoring of where runtime PM is enabled done in commit f1eb4e792bb1 "spi: spi-cadence-quadspi: Enable pm runtime earlier to avoid imbalance"...

5.5CVSS0.00121EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.11 views

PT-2026-38924

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the spi: cadence-quadspi driver where a runtime PM Power Management disable operation in the probe function error paths can trigger duplicate clock disables. This occu...

5.5CVSS5.4AI score0.00121EPSS
Exploits0References13
Packet Storm News
Packet Storm News
added 2026/05/06 12:0 a.m.8 views

YARA-X 1.16.0

YARA-X is a re-incarnation of YARA, a pattern matching tool designed with malware researchers in mind. This new incarnation intends to be faster, safer and more user-friendly than its predecessor. The ultimate goal of YARA-X is replacing YARA as the default pattern matching tool for malware...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/05 4:15 p.m.5 views

MINI-726W-CPRX-PMV6

Bulletin has no description...

6.5CVSS5.7AI score0.00294EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/05/04 6:30 p.m.7 views

CVE-2026-2828

REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

5.8AI score
Exploits0References1
Microsoft KB
Microsoft KB
added 2026/04/30 12:0 a.m.11 views

April 30, 2026—KB5083806 (OS Build 28000.1896) Preview

April 30, 2026—KB5083806 OS Build 28000.1896 Preview ​​​​This non-security update for Windows 11, version 26H1 KB5083806, includes production-quality improvements. To learn more about differences between security updates, optional non-security preview updates, out-of-band OOB updates, and...

5.4AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/04/28 11:26 p.m.11 views

SUSE CVE-2026-41079

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory i...

3.5CVSS5.3AI score0.00409EPSS
Exploits1References7
Snyk
Snyk
added 2026/04/28 12:0 a.m.6 views

Generation of Error Message Containing Sensitive Information

Overview Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information due to the raw message of every server-side AuthenticationException being returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker...

6.3CVSS5.8AI score0.002EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/25 7:22 a.m.7 views

CVE-2026-41134

Kiota is an OpenAPI based HTTP Client code generator. Versions prior to 1.31.1 are affected by a code-generation literal injection vulnerability in multiple writer sinks for example: serialization/deserialization keys, path/query parameter mappings, URL template metadata, enum/property metadata,...

7.8CVSS5.5AI score0.00421EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/24 4:54 p.m.5 views

CVE-2026-41079

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory i...

4.3CVSS5.3AI score0.00409EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/04/24 4:54 p.m.10 views

EUVD-2026-25574

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory i...

4.3CVSS5.3AI score0.00409EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.11 views

PT-2026-35029

Name of the Vulnerable Software and Affected Versions OpenPrinting CUPS versions prior to 2.4.17 Description A network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend, leading to an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory is convert...

6.5CVSS5.7AI score0.00409EPSS
Exploits3References23
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.11 views

OpenPrinting CUPS 缓冲区错误漏洞

OpenPrinting CUPS is an open-source printing system developed by OpenPrinting Inc., suitable for Linux® and other Unix®-based operating systems. Versions of OpenPrinting CUPS prior to 2.4.17 contained a buffer overflow vulnerability. This vulnerability was exploited by network-related attackers w...

5.4CVSS6AI score0.00409EPSS
Exploits1References1
Rows per page
Query Builder