Lucene search
K

27014 matches found

CNNVD
CNNVD
added 2026/03/25 12:0 a.m.4 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from insufficient restrictions on the use of the xen/privcmd driver in non-privileged domains, potentially...

8.2CVSS5.8AI score0.00154EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.7 views

Kiteworks Secure Data Forms 代码问题漏洞

Kiteworks Secure Data Forms is a data interaction tool provided by the American company Kiteworks, which offers capabilities for secure data collection and form submission management. Versions of Kiteworks Secure Data Forms prior to 9.2.1 had code vulnerabilities due to lack of validation, which...

7.2CVSS5.9AI score0.00988EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.9 views

Kiteworks Secure Data Forms 安全漏洞

Kiteworks Secure Data Forms is a data interaction tool provided by the American company Kiteworks. It offers capabilities for secure data collection and form submission management. Versions of Kiteworks Secure Data Forms prior to 9.2.1 contained security vulnerabilities. These vulnerabilities wer...

6.5CVSS5.8AI score0.00317EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.7 views

Cisco多款产品 安全漏洞

Cisco IOS, etc. are products of the American company Cisco. Cisco IOS is an operating system developed for their network devices. Cisco Secure Firewall Adaptive Security Appliance is a enterprise-level firewall software. Cisco IOS XE Software is a network operating system. Several Cisco products...

8.6CVSS5.8AI score0.00354EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.6 views

PT-2026-27789

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software affected versions not specified Description A flaw exists in the Secure Copy Protocol SCP server feature that may allow a local attacker with limited privileges to disrupt service. This is caused by the improper processin...

6.5CVSS5.9AI score0.00093EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.6 views

PT-2026-28067

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, the manager of a form could potentially exploit an Unrestricted Upload of File with Dangerous Type due to a missing validation. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

5.5CVSS5.8AI score0.00988EPSS
Exploits0References2
Trend Micro Simply Security
Trend Micro Simply Security
added 2026/03/25 12:0 a.m.7 views

Your AI Stack Just Handed Over Your Root Keys: Inside the litellm PyPI Breach

Litellm PyPI breach explained: malicious versions steal cloud credentials, SSH keys, and Kubernetes secrets. Learn impact and urgent mitigation steps...

5.9AI score
Exploits0
EUVD
EUVD
added 2026/03/24 9:31 p.m.8 views

EUVD-2026-15025

An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used...

4.8CVSS5.8AI score0.00247EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/24 8:26 p.m.22 views

CVE-2026-4433

An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used...

4.8CVSS0.00247EPSS
Exploits0References1
CVE
CVE
added 2026/03/24 8:26 p.m.8 views

CVE-2026-4433

Tenable OT contains an SSH misconfiguration that can allow exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could enable an attacker to gather system details and potentially aid host compromise. Affected item is the SSH configuration; the vulnerab...

4.8CVSS5.8AI score0.00247EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/24 8:26 p.m.5 views

CVE-2026-4433

An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used...

4.8CVSS5.8AI score0.00247EPSS
Exploits0References2Affected Software1
HackRead
HackRead
added 2026/03/24 7:12 p.m.1 views

Understanding Wiz’s Approach to Securing the AI Supply Chain

As organizations race to deploy AI, securing the rapidly expanding ecosystem of models, data, and dependencies has become a critical priority, much of which can be addressed by Wiz’s CNAPP solution...

5.8AI score
Exploits0
Xen Project
Xen Project
added 2026/03/24 12:0 p.m.10 views

Linux privcmd driver can circumvent kernel lockdown

ISSUE DESCRIPTION The Linux kernel's privcmd driver can be abused to circumvent kernel lockdown secure boot, e.g. by modifying page tables to enable user mode to modify kernel memory. IMPACT An administrator of an unprivileged guest booted in secure mode is able to perform actions on the kernel...

8.2CVSS5.8AI score0.00154EPSS
Exploits0
ICS
ICS
added 2026/03/24 6:0 a.m.11 views

Grassroots DICOM (GDCM)

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to send a specially crafted file, and when parsed, could result in a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...

8.7CVSS5.7AI score0.00358EPSS
Exploits0References13
Packet Storm News
Packet Storm News
added 2026/03/24 12:0 a.m.3 views

Leveraging Large Language Models for Trustworthiness Assessment of Web Applications

The widespread adoption of web applications has made their security a critical concern and has increased the need for systematic ways to assess whether they can be considered trustworthy. However, "trust" assessment remains an open problem as existing techniques primarily focus on detecting known...

5.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/24 12:0 a.m.4 views

SUSE SLES15: docker-stable / docker-stable-bash-completion / etc (SUSE-SU-2026:0972-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0972-1 advisory. - CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption...

9.9CVSS7.1AI score0.16496EPSS
Exploits0References16
NVD
NVD
added 2026/03/23 8:16 p.m.8 views

CVE-2026-32879

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAut...

4.9CVSS0.00289EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/23 7:56 p.m.15 views

New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure

Summary A logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAuthn assertion. Affected versions = v0.10.0 Description The POST /api/verify endpoint supports multiple secure verification...

4.9CVSS5.7AI score0.00289EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/23 7:56 p.m.2 views

GHSA-5353-F8FQ-65VC New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure

Summary A logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAuthn assertion. Affected versions = v0.10.0 Description The POST /api/verify endpoint supports multiple secure verification...

4.9CVSS5.7AI score0.00289EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/23 7:24 p.m.3 views

CVE-2026-32879 New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAut...

4.9CVSS5.8AI score0.00289EPSS
Exploits0References1
Rows per page
Query Builder