CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNVD•added 2025/09/19 12:0 a.m.•1 views

Ashlar-Vellum Cobalt Memory Corruption Vulnerability

Ashlar-Vellum Cobalt is a 3D modeling software developed by Ashlar Vellum, which supports Windows and Mac systems, and is mainly used for 3D modeling and CAD drawing in industrial product design, architectural design and other fields. A memory corruption vulnerability exists in Ashlar-Vellum Coba...

7.8CVSS7.5AI score0.00189EPSS

CNVD•added 2025/09/19 12:0 a.m.•2 views

Ashlar-Vellum Cobalt Out-of-Bounds Read Vulnerability (CNVD-2025-22916)

7.8CVSS7.4AI score0.00189EPSS

CNVD•added 2025/09/19 12:0 a.m.•1 views

Ashlar-Vellum Cobalt Out-of-Bounds Read Vulnerability (CNVD-2025-22913)

7.8CVSS7.4AI score0.00189EPSS

CNNVD•added 2025/09/17 12:0 a.m.•3 views

Ashlar-Vellum Cobalt 安全漏洞

Ashlar-Vellum Cobalt is a 3D modeling software developed by Ashlar Vellum, which supports Windows and Mac systems, and is mainly used for 3D modeling and CAD drawing in industrial product design, architectural design and other fields. A type confusion vulnerability exists in Ashlar-Vellum Cobalt,...

7.8CVSS7.3AI score0.00189EPSS

Packet Storm News•added 2025/09/16 12:0 a.m.•6 views

Bridging Threat Models and Detections: Formal Verification Via CADP

Threat detection systems rely on rule-based logic to identify adversarial behaviors, yet the conformance of these rules to high-level threat models is rarely verified formally. We present a formal verification framework that models both detection logic and attack trees as labeled transition syste...

Packet Storm News•added 2025/08/28 12:0 a.m.•3 views

AegisShield: Democratizing Cyber Threat Modeling with Generative AI

The increasing sophistication of technology systems makes traditional threat modeling hard to scale, especially for small organizations with limited resources. This paper develops and evaluates AegisShield, a generative AI enhanced threat modeling tool that implements STRIDE and MITRE ATT&CK to...

6.5AI score

Packet Storm News•added 2025/08/24 12:0 a.m.•3 views

Rethinking Denial-Of-Service: a Conditional Taxonomy Unifying Availability and Sustainability Threats

This paper proposes a unified, condition-based framework for classifying both legacy and cloud-era denial-of-service DoS attacks. The framework comprises three interrelated models: a formal conditional tree taxonomy, a hierarchical lattice structure based on order theory, and a conceptual Venn...

Wallarm Lab•added 2025/08/21 11:0 a.m.•9 views

Comprehensive MCP Security Checklist: Protecting Your AI-Powered Infrastructure

With innovation comes risk. As organizations race to build AI-first infrastructure, security is struggling to keep pace. Multi-Agentic Systems – those built on Large Language Models LLMs and Multi-Component Protocols MCP - bring immense potential, but also novel vulnerabilities that traditional...

9.6AI score

Packet Storm News•added 2025/08/19 12:0 a.m.•2 views

KillChainGraph: ML Framework for Predicting and Mapping ATT&CK Techniques

The escalating complexity and volume of cyberattacks demand proactive detection strategies that go beyond traditional rule-based systems. This paper presents a phase-aware, multi-model machine learning framework that emulates adversarial behavior across the seven phases of the Cyber Kill Chain...

6.8AI score

OSSF Malicious Packages•added 2025/08/14 6:52 p.m.•4 views

Malicious code in system-modeling (npm)

The package system-modeling was found to contain malicious code...

7AI score

OSV•added 2025/08/14 6:52 p.m.•3 views

MAL-2025-34350 Malicious code in system-modeling (npm)

The package system-modeling was found to contain malicious code...

7.2AI score

Packet Storm News•added 2025/08/14 12:0 a.m.•2 views

Yet Another Mirage of Breaking MIRAGE: Debunking Occupancy-Based Side-Channel Attacks on Fully Associative Randomized Caches

Recent work presented at USENIX Security 2025 claims that occupancy-based attacks can recover AES keys from the MIRAGE randomized cache. In this paper, we examine these claims and find that they arise from fundamental modeling flaws. Most critically, the authors' simulation of MIRAGE uses a...

CNNVD•added 2025/08/12 12:0 a.m.•2 views

Adobe Substance3D Modeler 缓冲区错误漏洞

Adobe Substance3D Modeler is the core tool in the Adobe Substance 3D series of software, designed for 3D modeling, supporting digital clay sculpting, symmetry tools, automated UV management, and other features for seamless switching across computer VR environments. An out-of-bounds read...

5.5CVSS6.6AI score0.00235EPSS

Packet Storm News•added 2025/08/11 12:0 a.m.•2 views

Securing Agentic AI: Threat Modeling and Risk Analysis for Network Monitoring Agentic AI System

When combining Large Language Models LLMs with autonomous agents, used in network monitoring and decision-making systems, this will create serious security issues. In this research, the MAESTRO framework consisting of the seven layers threat modeling architecture in the system was used to expose,...

7AI score

Packet Storm News•added 2025/08/06 12:0 a.m.•4 views

Multilingual Source Tracing of Speech Deepfakes: a First Benchmark

Recent progress in generative AI has made it increasingly easy to create natural-sounding deepfake speech from just a few seconds of audio. While these tools support helpful applications, they also raise serious concerns by making it possible to generate convincing fake speech in many languages...

7.1AI score

Packet Storm News•added 2025/08/03 12:0 a.m.•2 views

Generative AI-Empowered Secure Communications in Space-Air-Ground Integrated Networks: a Survey and Tutorial

Space-air-ground integrated networks SAGINs face unprecedented security challenges due to their inherent characteristics, such as multidimensional heterogeneity and dynamic topologies. These characteristics fundamentally undermine conventional security methods and traditional artificial...

7AI score

Packet Storm News•added 2025/08/03 12:0 a.m.•3 views

Proactive Disentangled Modeling of Trigger-Object Pairings for Backdoor Defense

Deep neural networks DNNs and generative AI GenAI are increasingly vulnerable to backdoor attacks, where adversaries embed triggers into inputs to cause models to misclassify or misinterpret target labels. Beyond traditional single-trigger scenarios, attackers may inject multiple triggers across...