Lucene search
K

476 matches found

Github Security Blog
Github Security Blog
added 2026/02/10 9:27 p.m.33 views

cryptography Vulnerable to a Subgroup Attack Due to Missing Subgroup Validation for SECT Curves

Vulnerability Summary The publickeyfromnumbers or EllipticCurvePublicNumbers.publickey, EllipticCurvePublicNumbers.publickey, loadderpublickey and loadpempublickey functions do not verify that the point belongs to the expected prime-order subgroup of the curve. This missing validation allows an...

8.2CVSS5.6AI score0.00341EPSS
Exploits0References6Affected Software1
Microsoft Secure
Microsoft Secure
added 2026/02/10 4:0 p.m.7 views

80% of Fortune 500 use active AI Agents: Observability, governance, and security shape the new frontier

Today, Microsoft is releasing the new Cyber Pulse report to provide leaders with straightforward, practical insights and guidance on new cybersecurity risks. One of today’s most pressing concerns is the governance of AI and autonomous agents. AI agents are scaling faster than some companies can s...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/30 12:0 a.m.5 views

No More, No Less: Least-Privilege Language Models

Least privilege is a core security principle: grant each request only the minimum access needed to achieve its goal. Deployed language models almost never follow it, instead being exposed through a single API endpoint that serves all users and requests. This gap exists not because least privilege...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/27 3:23 p.m.4 views

CVE-2025-59106

The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands...

8.8CVSS6AI score0.00684EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/27 12:0 a.m.4 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005108)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005108 advisory. In the Linux kernel, the following vulnerability has been resolved: memcg: protect concurrent access to memcgroupidr Commit 73f576c04b94 mm: memcontrol: fix cgroup...

4.7CVSS6.6AI score0.00229EPSS
Exploits0References3
OSV
OSV
added 2026/01/26 10:16 a.m.13 views

CVE-2025-59106

The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands...

8.8CVSS6AI score0.00684EPSS
Exploits0References3
NVD
NVD
added 2026/01/26 10:16 a.m.6 views

CVE-2025-59106

The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands...

8.8CVSS0.00684EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/26 10:6 a.m.3 views

CVE-2025-59106

The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands...

8.8CVSS6AI score0.00684EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/26 10:6 a.m.6 views

EUVD-2025-206378

The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands...

8.8CVSS6AI score0.00684EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/26 10:6 a.m.31 views

CVE-2025-59106 Web Server Running with Root Privileges in dormakaba access manager

The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands...

0.00684EPSS
Exploits0References3
CVE
CVE
added 2026/01/26 10:6 a.m.18 views

CVE-2025-59106

CVE-2025-59106 concerns the binary that serves the web server for the dormakaba access manager Web UI, which runs with root privileges. The underlying issue is least-privilege violation due to the Web UI binary executing actions with highest privileges, enabling direct command execution at root i...

8.8CVSS6AI score0.00684EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.14 views

PT-2026-4756

Name of the Vulnerable Software and Affected Versions affected versions not specified Description The binary responsible for serving the web server and executing actions initiated from the Web UI operates with root privileges, violating the principle of least privilege. Successful code execution ...

8.8CVSS6.3AI score0.00684EPSS
Exploits0References10
OSV
OSV
added 2026/01/22 3:15 a.m.8 views

UBUNTU-CVE-2026-23992

go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. This can lead to...

7.5CVSS7.3AI score0.00196EPSS
Exploits0References4
Fedora
Fedora
added 2026/01/20 1:42 a.m.8 views

[SECURITY] Fedora 43 Update: rust-lru-0.16.3-1.fc43

A LRU cache implementation...

5.9AI score
Exploits0
Fedora
Fedora
added 2026/01/20 1:38 a.m.4 views

[SECURITY] Fedora 42 Update: rust-lru-0.16.3-1.fc42

A LRU cache implementation...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/20 12:0 a.m.1 views

Stegano 2.1.0

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit LSB technique. It is possible to use a more advanced LSB method based on integers sets. The sets Sieve of...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/17 7:15 p.m.6 views

CVE-2026-23634

Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or enforce least-privilege guidance for module authors. The default behavior exists to make the “getting started” experience smooth: new users can experiment with...

4.3CVSS6.7AI score0.00227EPSS
Exploits0References1
NVD
NVD
added 2026/01/16 8:15 p.m.6 views

CVE-2026-23634

Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or enforce least-privilege guidance for module authors. The default behavior exists to make the “getting started” experience smooth: new users can experiment with...

4.3CVSS0.00227EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/16 7:14 p.m.4 views

CVE-2026-23634 Pepr Overly Permissive RBAC ClusterRole in Admin Mode

Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or enforce least-privilege guidance for module authors. The default behavior exists to make the “getting started” experience smooth: new users can experiment with...

6.3AI score0.00227EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/16 7:14 p.m.5 views

EUVD-2026-3113

Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or enforce least-privilege guidance for module authors. The default behavior exists to make the “getting started” experience smooth: new users can experiment with...

6.2AI score0.00227EPSS
Exploits0References2
Rows per page
Query Builder