Lucene search
K

27013 matches found

Packet Storm News
Packet Storm News
added 2026/04/01 12:0 a.m.1 views

Secure Network Function Computation for General Target and Security Functions

Secure network function computation is a critical research direction in network coding, which aims to ensure that the target function is correctly computed at the sink node while preventing the wiretapper from obtaining any information about the security function. In this paper, we focus on the...

6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.5 views

PT-2026-29811

Summary A path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to write arbitrary files to the filesystem of the machine running Ferret. When an operator scrapes a website that returns filenames containing ../ sequences, and uses those...

8.1CVSS6.5AI score0.00514EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.5 views

PT-2026-29623

IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...

4.3CVSS5.8AI score0.00118EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.6 views

Cisco Integrated Management Controller 命令注入漏洞

The Cisco Integrated Management Controller IMC is a set of software developed by Cisco, Inc., used for managing UCS Unified Computing System environments. This software supports HTTP and SSH access, and allows operations such as powering on, powering off, and restarting servers. The Cisco IMC has...

6.5CVSS6.1AI score0.00929EPSS
Exploits0References1
OSV
OSV
added 2026/03/31 11:43 p.m.3 views

GHSA-VFGX-5Q85-58Q3 openssl-encrypt has non-cryptographic PRNG used for steganography pixel selection

Summary The generatepseudorandomsequence function in opensslencrypt/plugins/steganography/core/utils.py at lines 89-91 uses Python's random module Mersenne Twister for steganographic pixel/sample selection. Affected Code python random.seedseed sequence = random.samplerangemaxvalue, minlength,...

8.7CVSS5.9AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/31 11:43 p.m.7 views

openssl-encrypt has non-cryptographic PRNG used for steganography pixel selection

Summary The generatepseudorandomsequence function in opensslencrypt/plugins/steganography/core/utils.py at lines 89-91 uses Python's random module Mersenne Twister for steganographic pixel/sample selection. Affected Code python random.seedseed sequence = random.samplerangemaxvalue, minlength,...

5.9AI score
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/03/31 12:31 p.m.3 views

EUVD-2026-17371

OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachment staging flow that allows attackers to execute arbitrary commands on configured remote hosts. The vulnerability exists because unsanitized remote attachment paths containing shell metacharacters...

9.8CVSS6.4AI score0.01973EPSS
Exploits0References4
CVE
CVE
added 2026/03/31 11:17 a.m.13 views

CVE-2026-32917

OpenClaw prior to 2026.3.13 is affected by a remote command injection vulnerability in the iMessage attachment staging flow. The issue arises because unsanitized remote attachment paths containing shell metacharacters are passed directly to the SCP remote operand without validation, allowing arbi...

9.8CVSS6.4AI score0.01973EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/31 11:17 a.m.1 views

CVE-2026-32917 OpenClaw < 2026.3.13 - Remote Command Injection via Unsanitized iMessage Attachment Paths in SCP

OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachment staging flow that allows attackers to execute arbitrary commands on configured remote hosts. The vulnerability exists because unsanitized remote attachment paths containing shell metacharacters...

9.8CVSS6.4AI score0.01973EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/31 10:4 a.m.3 views

CVE-2025-15618 Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key

Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use. This key is...

5.9AI score0.00328EPSS
Exploits0References2
Wiz blog
Wiz blog
added 2026/03/31 8:26 a.m.5 views

Axios NPM Distribution Compromised in Supply Chain Attack

A compromised axios maintainer account led to malicious npm releases that propagated across environments. Learn how to assess impact, detect compromise, and secure your development workflows...

5.9AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/03/31 8:1 a.m.2 views

Libssh: improper sanitation of paths received from scp servers

...

6.3CVSS5.8AI score0.00408EPSS
Exploits0
Fedora
Fedora
added 2026/03/31 1:9 a.m.5 views

[SECURITY] Fedora 42 Update: nss-3.121.0-1.fc42

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...

5.9AI score
Exploits0
HackRead
HackRead
added 2026/03/31 12:41 a.m.3 views

AI Agents Are Democratizing Finance but Also Redefining Risk

AI agents are transforming finance, enabling automated trading and payments, but introduce new risks around keys, data inputs and secure execution control...

6.1AI score
Exploits0
Fedora
Fedora
added 2026/03/31 12:27 a.m.8 views

[SECURITY] Fedora 44 Update: nss-3.121.0-1.fc44

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...

5.9AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/03/30 5:20 p.m.5 views

Slippers Vulnerable to Cross-Site Scripting (XSS) in `attrs` Template Tag

Summary A Cross-site Scripting XSS vulnerability exists in the % attrs % template tag of the slippers Django package. When a context variable containing untrusted data is passed to % attrs %, the value is interpolated into an HTML attribute string without escaping, allowing an attacker to break o...

6.1CVSS6AI score0.00227EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/03/30 12:32 p.m.3 views

EUVD-2018-21724

WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the username field during Secure WebDAV connection setup. Attackers can input a buffer-overflow payload of 5000 bytes in the username...

6.9CVSS5.9AI score0.00206EPSS
Exploits1References5
CVE
CVE
added 2026/03/30 11:2 a.m.14 views

CVE-2018-25233

Affected software: WebDrive 18.00.5057. Vulnerability: Denial of Service via Secure WebDAV. A local attacker can crash the application by sending an excessively long string in the username field during Secure WebDAV connection setup, with a described 5000-byte buffer-overflow payload in the usern...

6.9CVSS5.9AI score0.00206EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/30 11:2 a.m.7 views

CVE-2018-25233 WebDrive 18.00.5057 Denial of Service via Secure WebDAV

WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the username field during Secure WebDAV connection setup. Attackers can input a buffer-overflow payload of 5000 bytes in the username...

6.9CVSS5.9AI score0.00206EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/30 11:2 a.m.22 views

CVE-2018-25233 WebDrive 18.00.5057 Denial of Service via Secure WebDAV

WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the username field during Secure WebDAV connection setup. Attackers can input a buffer-overflow payload of 5000 bytes in the username...

6.9CVSS0.00206EPSS
Exploits1References4
Rows per page
Query Builder