Lucene search
K

6823 matches found

EUVD
EUVD
added 3 days ago5 views

EUVD-2026-42128

Cap's GET /api/video/ai endpoint fails to validate user ownership or membership before returning private video AI metadata including titles, summaries, and chapters. Authenticated attackers can supply arbitrary video IDs to read sensitive AI-generated content and trigger unauthorized AI generatio...

7.1CVSS6AI score0.00216EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago27 views

CVE-2026-59704 Cap - Missing Access Control in Video AI Metadata Endpoint

Cap's GET /api/video/ai endpoint fails to validate user ownership or membership before returning private video AI metadata including titles, summaries, and chapters. Authenticated attackers can supply arbitrary video IDs to read sensitive AI-generated content and trigger unauthorized AI generatio...

7.1CVSS0.00216EPSS
Exploits0References5
CVE
CVE
added 4 days ago10 views

CVE-2026-55434

The CVE affects Coder’s AI Bridge provider endpoints (v2.33.x and v2.34.x) where handlers read request bodies with io.ReadAll without a max size. An authenticated user could send oversized bodies, causing memory exhaustion and a denial of service that crashes the control plane. Patches are availa...

6.5CVSS6AI score0.00552EPSS
Exploits0References4Affected Software1
CVE
CVE
added 4 days ago11 views

CVE-2026-55435

CVE-2026-55435 affects Coder’s AI Bridge proxy endpoints. The vulnerability stems from Server.IsAuthorized not checking whether a suspended account is active, so an unexpired API key issued to a suspended user remains usable until the key is deleted. Impact is limited to already-issued keys; no n...

5.4CVSS6AI score0.00315EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 4 days ago6 views

EUVD-2025-13499

Open WebUI allows limited stored XSS vila uploaded html file...

6.3CVSS5.9AI score0.003EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56279

Name of the Vulnerable Software and Affected Versions Cap affected versions not specified Description The 'GET /api/video/ai' endpoint fails to validate user ownership or membership. This allows authenticated attackers to provide arbitrary video IDs to access private AI metadata, such as titles,...

7.1CVSS6AI score0.00216EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 5 days ago6 views

Coder's AI Bridge Proxy skips TLS certificate verification in default configuration

Summary The AI Bridge Proxy aibridgeproxyd created a goproxy server whose default transport set InsecureSkipVerify: true and only assigned a secure transport when an upstream proxy was configured. In the default configuration no upstream proxy, outbound HTTPS to the Coder access URL accepted any...

7.4CVSS6AI score0.00258EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 5 days ago8 views

Important: Red Hat Security Advisory: Red Hat AI Inference Server Model Optimization Tools 3.2.2 (cuda)

Red Hat AI Inference Server Model Optimization Tools 3.2.2 cuda is now available. Red Hat® AI Inference Server Model Optimization Tools...

9.8CVSS7.2AI score0.01335EPSS
Exploits1References8
Malwarebytes
Malwarebytes
added 5 days ago11 views

How to tell if an image is AI-generated

A photo of an injured dog by the roadside. A dating profile with pictures that look almost too perfect. A donation appeal showing a family stranded on a rooftop after a flood. Scammers are already using AI-generated images to support fake stories, build trust, and persuade people to send money or...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 5 days ago22 views

SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing

Scanners meant to catch malicious add-on "skills" for AI coding agents can be fooled by a few simple changes that leave the malware working, according to a new study from researchers at the Hong Kong University of Science and Technology. Their strongest trick slipped past every scanner tested mor...

6.1AI score
Exploits0
Nuclei
Nuclei
added 5 days ago66 views

Oracle Fusion - Directory Traversal/Local File Inclusion

Oracle Business Intelligence Enterprise Edition 5.5.0.0.0, 12.2.1.3.0, and 12.2.1.4.0 are vulnerable to local file inclusion vulnerabilities via "getPreviewImage." id: CVE-2020-14864 info: name: Oracle Fusion - Directory Traversal/Local File Inclusion author: Ivo Palazzolo @palaziv severity: high...

7.8CVSS7.1AI score0.97233EPSS
Exploits2References5
EUVD
EUVD
added 2026/07/03 8:15 p.m.7 views

EUVD-2026-41611

A vulnerability was detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This issue affects some unknown processing. The manipulation results in session fixiation. The attack can be executed remotely. The attack requires a high level of complexity. The...

6.3CVSS5.7AI score0.00321EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55582

Name of the Vulnerable Software and Affected Versions SourceCodester CET Automated Grading System with AI Predictive Analytics version 1.0 Description An authorization bypass exists in the POST Handler component. Remote exploitation is possible by manipulating the ID variable within the...

5.3CVSS6AI score0.00223EPSS
Exploits0References10
Krebs on Security
Krebs on Security
added 2026/07/02 7:27 p.m.14 views

FBI Seizes NetNut Proxy Platform, Popa Botnet

The Federal Bureau of Investigation FBI said today it worked with industry partners to seize hundreds of domains associated with NetNut , a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum TechnologiesNASDAQ: ALAR. The action comes roughly two weeks after...

5.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/07/02 5:25 a.m.10 views

Important: Red Hat Security Advisory: Red Hat AI Base Images 3.0.2 (tpu)

Red Hat AI Base Images 3.0.2 tpu is now available. Red Hat® AI Base Images...

8CVSS5.8AI score0.0032EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/02 5:23 a.m.11 views

Important: Red Hat Security Advisory: Red Hat AI Base Images 3.2.2 (TPU)

Red Hat AI Base Images 3.2.2 TPU is now available. Red Hat® AI Base Images...

8CVSS5.8AI score0.0032EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/02 5:20 a.m.7 views

Important: Red Hat Security Advisory: Red Hat AI Base Images 3.3.2 (CUDA 12.9)

Red Hat AI Base Images 3.3.2 CUDA 12.9 is now available. Red Hat® AI Base Images...

8CVSS7.2AI score0.0032EPSS
Exploits0References3
NVD
NVD
added 2026/07/01 8:16 a.m.6 views

CVE-2026-12408

The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all versions up to, and including, 4.9.8 via the /wp-json/slim-seo/meta-tags/ai REST API endpoint. This is due to the endpoint's permissioncallback performin...

4.3CVSS0.00257EPSS
Exploits0References8
CVE
CVE
added 2026/07/01 7:53 a.m.15 views

CVE-2026-12408

The CVE-2026-12408 entry concerns the WordPress plugin Slim SEO (versions up to and including 4.9.8). The vulnerability arises from the REST endpoint /wp-json/slim-seo/meta-tags/ai: the permission_callback only checks a top-level edit_posts capability and does not verify that the requester can re...

4.3CVSS5.9AI score0.00257EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/01 12:34 a.m.5 views

EUVD-2026-40838

Inappropriate implementation in AI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.0022EPSS
Exploits0References3
Rows per page
Query Builder