Lucene search
K

110 matches found

ATTACKERKB
ATTACKERKB
added 6 days ago9 views

CVE-2025-71375

picklescan before 0.0.34 fails to detect the operator.methodcaller built-in function when scanning pickle files for malicious code. Attackers can craft malicious pickle payloads using operator.methodcaller that evade detection and execute arbitrary code when loaded by pickle.load...

8.1CVSS6.3AI score0.00365EPSS
Exploits0References3
CVE
CVE
added 6 days ago20 views

CVE-2025-71375

The CVE-2025-71375 issue affects the Python package picklescan (prior to 0.0.34) and stems from failure to detect the built-in function _operator.methodcaller when scanning pickle files for malicious code. This oversight allows attackers to craft pickle payloads that evade detection and can lead ...

8.1CVSS6.3AI score0.00365EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago39 views

CVE-2025-71375 picklescan - Undetected Remote Code Execution via _operator.methodcaller

picklescan before 0.0.34 fails to detect the operator.methodcaller built-in function when scanning pickle files for malicious code. Attackers can craft malicious pickle payloads using operator.methodcaller that evade detection and execute arbitrary code when loaded by pickle.load...

8.1CVSS0.00365EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:12 p.m.4 views

CVE-2025-71365

picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary code that evades picklescan detection and executes remote code when loaded...

8.1CVSS6.3AI score0.003EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 5:16 p.m.17 views

CVE-2025-71325

picklescan before 0.0.27 contains a parsing logic error in the listglobals function when handling STACKGLOBAL opcodes, failing to track arguments in the correct range and allowing malicious pickle files to bypass detection. Attackers can craft pickle files with arguments at position zero to trigg...

9.8CVSS0.00475EPSS
Exploits0References3
HackRead
HackRead
added 2026/05/30 5:13 p.m.15 views

Fake Anthropic Sites Deliver Fileless Infostealer to Claude Code Users

Fake Anthropic websites are being used to target Claude Code users with a fileless infostealer campaign that steals browser credentials and evades detection...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/05 4:20 p.m.84 views

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431: Detection & Defense Against iouring Bypass of...

7.8CVSS6.1AI score0.96267EPSS
Exploits229
Packet Storm News
Packet Storm News
added 2026/04/30 12:0 a.m.8 views

I Can't Recognize (Yet): Delayed Rendering to Defeat Visual Phishing Detectors

Phishing webpages are continuously polluting the Web. Plenty of countermeasures have been proposed and the most advanced techniques leverage machine-learning methods that infer whether a webpage is benign or not by inspecting its visual representation. Yet, despite the demonstrated effectiveness ...

5.8AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/13 7:22 a.m.2 views

CVE-2026-0232 Cortex XDR Agent: Local Administrator can disable the agent on Windows

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent. This issue may be leveraged by malware to perform malicious activity without detection...

6.7CVSS5.8AI score0.00146EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/03/12 12:0 a.m.10 views

Highly Autonomous Cyber-Capable Agents: Anticipating Capabilities, Tactics, and Strategic Implications

This report introduces the concept of "Highly Autonomous Cyber-Capable Agents" HACCAs, AI systems capable of autonomously conducting multi-stage cyber campaigns at a level comparable to today's top criminal hacking groups or state-affiliated threat actors, and analyzes the security implications o...

5.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2026/01/27 5:31 p.m.9 views

Threat Actors Using AWS WorkMail in Phishing Campaigns

Introduction At Rapid7, we track a wide range of threats targeting cloud environments, where a frequent objective is hijacking victim infrastructure to host phishing or spam campaigns. Beyond the obvious security risks, this approach allows threat actors to offload their operational costs onto th...

6AI score
Exploits0
GithubExploit
GithubExploit
added 2026/01/27 11:29 a.m.233 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Citrix Netscaler_Application_Delivery_Controller

CTT-Citrix-RCE-v1.0---Convergent-Time-Theory-Enhanced-Exploit...

9.4CVSS6.3AI score0.99999EPSS
Exploits15
Packet Storm News
Packet Storm News
added 2025/12/23 12:0 a.m.7 views

Real-World Adversarial Attacks on RF-Based Drone Detectors

Radio frequency RF based systems are increasingly used to detect drones by analyzing their RF signal patterns, converting them into spectrogram images which are processed by object detection models. Existing RF attacks against image based models alter digital features, making over-the-air OTA...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/19 12:0 a.m.30 views

Hiding in the AI Traffic: Abusing MCP for LLM-Powered Agentic Red Teaming

Generative AI is reshaping offensive cybersecurity by enabling autonomous red team agents that can plan, execute, and adapt during penetration tests. However, existing approaches face trade-offs between generality and specialization, and practical deployments reveal challenges such as...

6.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.5 views

PT-2025-44225

Name of the Vulnerable Software and Affected Versions Supermicro BMC firmware versions affected versions not specified Description The Supermicro BMC firmware contains a flaw in its validation logic. An attacker can exploit this to update the system firmware with a specially crafted image...

7.2CVSS5.4AI score0.0012EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/10/21 12:23 a.m.12 views

CVE-2025-61303

Hatching Triage Sandbox Windows 10 build 2004 2025-08-14 and Windows 10 LTSC 20212025-08-14 contains a vulnerability in its Windows behavioral analysis engine that allows a submitted malware sample to evade detection and cause denial-of-analysis. The vulnerability is triggered when a sample...

9.8CVSS7AI score0.00415EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2006-0845

Malware in sbrugna...

5CVSS6.4AI score0.01376EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2007-5686

Malware in sbrugna...

4.3CVSS6.4AI score0.01068EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2005-1498

Malware in sbrugna...

7.5CVSS6.4AI score0.03208EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2015-8840

Malware in sbrugna...

5.5CVSS5.6AI score0.00734EPSS
Exploits0References2
Rows per page
Query Builder