Lucene search
K

472 matches found

Packet Storm News
Packet Storm News
added 2026/05/19 12:0 a.m.12 views

Set Shaping Theory As a Complementary Payload-Shaping Layer for Steganography

This paper studies the use of Set Shaping Theory SST as a reversible payload-shaping layer for least significant bit LSB image steganography. The proposal is not intended to replace existing steganographic methods or to compete with them as a new embedding scheme. Instead, SST is positioned as a...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.9 views

Duplicate Advisory: phpMyFAQ's Missing CONFIGURATION_EDIT Permission Check on 12 Admin API Configuration Tab Endpoints Allows Information Disclosure by Any Authenticated User

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pqh6-8fxf-jx22. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use...

5.3CVSS5.3AI score0.00221EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2026/05/15 9:31 p.m.8 views

GHSA-P26V-FX3X-R2RP Duplicate Advisory: phpMyFAQ's Missing CONFIGURATION_EDIT Permission Check on 12 Admin API Configuration Tab Endpoints Allows Information Disclosure by Any Authenticated User

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pqh6-8fxf-jx22. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use...

5.3CVSS5.3AI score0.00221EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/15 6:36 p.m.39 views

CVE-2026-45007 phpMyFAQ - Missing Permission Check on 12 Configuration API Endpoints Allows Information Disclosure

phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use userIsAuthenticated instead of userHasPermissionCONFIGURATIONEDIT. Any authenticated user can enumerate system configuration metadata including permission model, cache backend, mail...

5.3CVSS0.00221EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/15 6:36 p.m.9 views

CVE-2026-45007

phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use userIsAuthenticated instead of userHasPermissionCONFIGURATIONEDIT. Any authenticated user can enumerate system configuration metadata including permission model, cache backend, mail...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.8 views

PT-2026-41354

phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use userIsAuthenticated instead of userHasPermissionCONFIGURATION EDIT. Any authenticated user can enumerate system configuration metadata including permission model, cache backend, mail...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References3
Malwarebytes
Malwarebytes
added 2026/05/12 9:21 a.m.11 views

1 in 8 employees have sold company logins or know someone who has

UK anti-fraud non-profit Cifas just published research that should bother anyone who runs a business, or buys from one: One in eight workers at large enterprises have either sold their company login credentials or know someone who did. The internet is awash with compromised credentials that...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/11 12:0 a.m.10 views

MATRA: Modeling the Attack Surface of Agentic AI Systems -- OpenClaw Case Study

LLMs are increasingly deployed as autonomous agents with access to tools, databases, and external services, yet practitioners across different sectors lack systematic methods to assess how known threat classes translate into concrete risks within a specific agentic deployment. We present MATRA, a...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/05/08 5:13 p.m.12 views

EUVD-2026-27131

@fastify/accepts-serializer Vulnerable to Denial of Service via Unbounded Accept Header Cache Growth...

7.5CVSS5.8AI score0.00284EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/08 5:13 p.m.16 views

@fastify/accepts-serializer Vulnerable to Denial of Service via Unbounded Accept Header Cache Growth

Impact @fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct but matching Accept header variants to make the cache grow unbounded. Under sustained load,...

7.5CVSS5.8AI score0.00284EPSS
Exploits0References4Affected Software1
Packet Storm News
Packet Storm News
added 2026/05/07 12:0 a.m.8 views

SkillScope: Toward Fine-Grained Least-Privilege Enforcement for Agent Skills

Agent Skills have become a practical way to extend LLM agents by packaging metadata, natural-language instructions, and executable resources into reusable capability bundles. However, this growing Skill ecosystem introduces a new compliance risk: a Skill may perform high-impact actions that excee...

5.8AI score
Exploits0
CVE
CVE
added 2026/05/06 8:54 p.m.25 views

CVE-2026-41310

OpenTelemetry.Exporter.Zipkin for .NET (Zipkin exporter) has an unbounded remote endpoint cache in versions up to 1.15.2, where keys derived from span attributes can grow without bound in high-cardinality scenarios, leading to memory growth and degraded availability. The issue is addressed in ver...

5.3CVSS5.8AI score0.00311EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/06 8:54 p.m.6 views

CVE-2026-41310 OpenTelemetry .NET Zipkin exporter has unbounded remote endpoint cache leading to memory growth

OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span attributes. In high-cardinality scenarios, a process using Zipkin export for client or producer spa...

5.3CVSS5.8AI score0.00311EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/06 8:54 p.m.5 views

CVE-2026-41310

OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span attributes. In high-cardinality scenarios, a process using Zipkin export for client or producer spa...

5.3CVSS5.8AI score0.00311EPSS
Exploits0References3Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/06 1:41 a.m.15 views

SUSE CVE-2026-43037

In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: clear skb2-cb in ip4ip6err Oskar Kjos reported the following problem. ip4ip6err calls icmpsend on a cloned skb whose cb was written by the IPv6 receive path as struct inet6skbparm. icmpsend passes IPCBskb2 to...

7.5CVSS5.8AI score0.00563EPSS
Exploits0References27
NVD
NVD
added 2026/05/04 8:16 p.m.20 views

CVE-2026-7768

@fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct but matching Accept header variants to make the cache grow unbounded, eventually exhausting the...

7.5CVSS0.00284EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/04 4:48 p.m.8 views

CVE-2026-42810 Apache Polaris: could broaden vended S3 credentials through wildcard-bearing namespace or table names

Apache Polaris accepts literal characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and s3:prefix conditions. In S3 IAM policy matching, is treated as ...

9.9CVSS5.8AI score0.00424EPSS
Exploits0References1
CVE
CVE
added 2026/05/04 4:48 p.m.45 views

CVE-2026-42810

CVE-2026-42810 affects Apache Polaris. The issue arises because Polaris accepts literal ‘’ characters in namespace and table names, and these unescaped characters are reused in temporary S3 access policies for delegated table access. In S3 IAM policy matching, ‘ ’ is treated as a wildcard, allowi...

9.9CVSS5.8AI score0.00424EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/04 4:48 p.m.9 views

EUVD-2026-27035

Apache Polaris accepts literal characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and s3:prefix conditions. In S3 IAM policy matching, is treated as ...

9.9CVSS5.8AI score0.00424EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/04 4:48 p.m.2 views

CVE-2026-42810

Apache Polaris accepts literal characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and s3:prefix conditions. In S3 IAM policy matching, is treated as ...

9.9CVSS5.8AI score0.00424EPSS
Exploits0References2
Rows per page
Query Builder