Lucene search
K

2030 matches found

Packet Storm News
Packet Storm News
added 2026/05/26 12:0 a.m.14 views

Disentangling Adversarial Prompts: A Semantic-Graph Defense for Robust LLM Security

Large Language Models LLMs are increasingly vulnerable to adversarial prompts that exploit semantic ambiguities to bypass safety mechanisms, resulting in harmful or inappropriate outputs. Such attacks, including jailbreaking and prompt injection, pose significant risks to the integrity and...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/23 3:34 p.m.21 views

Malicious code in hiura-baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ebb60061f29d4f4279bca1129ebfccefb928bd22364f26961205935ff71393f This is a fork of the Baileys WhatsApp library that adds undocumented behavior abusing the consumer's authenticated WhatsApp account for the author's...

5.8AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/05/21 8:22 a.m.10 views

Android App "RoboForm Password Manager" insufficient validation of Android intents

Overview Android App "RoboForm Password Manager" provided by Siber Systems, Inc. accepts intents from other applications to open relevant web pages e.g., login pages, but without sufficient URL validation, user confirmation nor notification. Insufficient UI Warning of Dangerous Operations CWE-357...

4.6CVSS5.8AI score0.00132EPSS
Exploits0References5
NVD
NVD
added 2026/05/20 11:16 p.m.14 views

CVE-2026-47782

Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web page is given through an intent, RoboForm may silently download files without user confirmation nor...

4.6CVSS0.00132EPSS
Exploits0References3
CVE
CVE
added 2026/05/20 10:54 p.m.22 views

CVE-2026-47782

Technical details about CVE-2026-47782 are not publicly provided in the supplied documents; monitor for updates.

4.6CVSS5.8AI score0.00132EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/05/14 12:0 a.m.42 views

Exploiting LLM Agent Supply Chains Via Payload-Less Skills

Autonomous agents powered by Large Language Models LLMs acquire external functionalities through third-party skills available in open marketplaces. Adopting these integrations broadens the potential attack surface, prompting a need for systematic security evaluation. Current auditing mechanisms a...

5.9AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/13 3:30 p.m.10 views

nautobot-app-intent-networking (>=2.0.9 <=2.0.11), nautobot-bgp-models (>=3.0.0a1 <=3.0.0a2) +13 more potentially affected by CVE-2026-44794 via nautobot (>=3.0.0rc2 <=3.1.1)

nautobot PYPI version =3.0.0rc2, =2.0.9, =3.0.0a1, =3.0.0rc1, =4.0.0a1, =3.0.0a1, =4.0.0a1, =4.0.0a2 - nautobot-ssot =4.0.0a1 - nautobot-welcome-wizard =3.0.0a1 Source cves: CVE-2026-44794 Source advisory: OSV:GHSA-WPXJ-44W3-2J6X...

5.4CVSS5.8AI score0.00177EPSS
Exploits0
EUVD
EUVD
added 2026/05/08 3:31 p.m.15 views

EUVD-2026-28579

In the Linux kernel, the following vulnerability has been resolved: md raid: fix hang when stopping arrays with metadata through dm-raid When using device-mapper's dm-raid target, stopping a RAID array can cause the system to hang under specific conditions. This occurs when: - A dm-raid managed...

5.8AI score0.00121EPSS
Exploits0References4
NVD
NVD
added 2026/05/08 2:16 p.m.9 views

CVE-2026-43309

In the Linux kernel, the following vulnerability has been resolved: md raid: fix hang when stopping arrays with metadata through dm-raid When using device-mapper's dm-raid target, stopping a RAID array can cause the system to hang under specific conditions. This occurs when: - A dm-raid managed...

5.5CVSS0.00121EPSS
Exploits0References3
OSV
OSV
added 2026/05/08 2:16 p.m.5 views

UBUNTU-CVE-2026-43309

In the Linux kernel, the following vulnerability has been resolved: md raid: fix hang when stopping arrays with metadata through dm-raid When using device-mapper's dm-raid target, stopping a RAID array can cause the system to hang under specific conditions. This occurs when: - A dm-raid managed...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/05/08 2:16 p.m.10 views

CVE-2026-43309

In the Linux kernel, the following vulnerability has been resolved: md raid: fix hang when stopping arrays with metadata through dm-raid When using device-mapper's dm-raid target, stopping a RAID array can cause the system to hang under specific conditions. This occurs when: - A dm-raid managed...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References5
CVE
CVE
added 2026/05/08 1:11 p.m.24 views

CVE-2026-43309

The CVE-2026-43309 issue affects the Linux kernel’s md raid and device-mapper (dm-raid) components. When stopping a RAID array managed by dm-raid, the system could hang because md_stop() attempted to flush the write-intent bitmap to metadata sub-devices that were already suspended. The fix preven...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.11 views

PT-2026-38951

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A system hang can occur when stopping a RAID array using the device-mapper's dm-raid target. This happens when a dm-raid managed device tree is suspended from top to bottom and the...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References16
Patchstack
Patchstack
added 2026/05/04 5:34 p.m.7 views

WordPress Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin <= 1.52.0 - Missing Authorization to Unauthenticated Stripe PaymentIntent Reuse / Underpayment Bypass vulnerability

Missing Authorization to Unauthenticated Stripe PaymentIntent Reuse / Underpayment Bypass vulnerability discovered by Kittipat Jitphonchana in WordPress Plugin Forminator versions = 1.52.0...

5.3CVSS5.8AI score0.00367EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/30 10:16 a.m.5 views

CVE-2026-6498

The Five Star Restaurant Reservations plugin for WordPress is vulnerable to a payment bypass via PHP type juggling in versions up to, and including, 2.7.16 This is due to the validpayment function using a PHP loose comparison == between the attacker-controlled paymentid POST parameter and the...

5.3CVSS0.00185EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.6 views

PT-2026-36086

Name of the Vulnerable Software and Affected Versions Five Star Restaurant Reservations versions prior to 2.7.17 Description A payment bypass exists due to PHP type juggling, which occurs when a loose comparison is used between different data types, potentially leading to unexpected true results...

5.3CVSS5.4AI score0.00185EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/04/28 6:45 a.m.2 views

CVE-2026-4911 Booking Package <= 1.7.06 - Unauthenticated Price Manipulation via 'amount' Parameter

The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe function passing user-controlled $POST'amount' directly to the Stripe PaymentIntent API without validation, and the commitStripe function ignori...

5.3CVSS5.7AI score0.00308EPSS
Exploits0References10
CVE
CVE
added 2026/04/28 6:45 a.m.17 views

CVE-2026-4911

The Booking Package WordPress plugin (versions up to and including 1.7.06) is vulnerable to unauthenticated price manipulation via the amount parameter in PaymentIntent creation. The root cause is that user-controlled $_POST['amount'] is sent to Stripe without validation, and the server-calculate...

5.3CVSS5.7AI score0.00308EPSS
Exploits0References10
Packet Storm News
Packet Storm News
added 2026/04/27 12:0 a.m.8 views

Jailbreaking Frontier Foundation Models through Intention Deception

Large vision-language models exhibit remarkable capability but remain highly susceptible to jailbreaking. Existing safety training approaches aim to have the model learn a refusal boundary between safe and unsafe, based on the user's intent. It has been found that this binary training regime ofte...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/21 12:0 a.m.7 views

Adding Compilation Metadata to Binaries to Make Disassembly Decidable

The binary executable format is the standard method for distributing and executing software. Yet, it is also as opaque a representation of software as can be. If the binary format were augmented with metadata that provides security-relevant information, such as which data is intended by the...

5.7AI score
Exploits0
Rows per page
Query Builder