Lucene search
K

947 matches found

Packet Storm
Packet Storm
added 2026/06/12 12:0 a.m.51 views

📄 FortiSandbox 4.4.7 Authentication Bypass / Command Injection

This Metasploit auxiliary scanner module is designed to collect system and environment information from vulnerable FortiSandbox instances by leveraging two disclosed vulnerabilities: an authentication bypass and a command injection flaw. The module supports multiple collection modes, including...

9.8CVSS5.9AI score0.48668EPSS
Exploits7
NVD
NVD
added 2026/06/11 9:16 p.m.11 views

CVE-2026-53813

OpenClaw before 2026.4.25 contains a path traversal vulnerability in memory-core artifact loading where workspace state influences local package root resolution. Attackers with access to affected workspaces can load memory-core artifacts from unintended local locations, potentially executing...

7.8CVSS0.00114EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 8:8 p.m.10 views

CVE-2026-53813 OpenClaw < 2026.4.25 - Arbitrary Artifact Loading via Fake Package Root Resolution

OpenClaw before 2026.4.25 contains a path traversal vulnerability in memory-core artifact loading where workspace state influences local package root resolution. Attackers with access to affected workspaces can load memory-core artifacts from unintended local locations, potentially executing...

7.8CVSS5.3AI score0.00114EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.11 views

OpenClaw 代码问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.25 had code vulnerabilities, stemming from path traversal issues during the loading of memory core artifacts. The state of the workspace affected the resolution of local package...

7.8CVSS5.3AI score0.00114EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/10 5:11 p.m.7 views

Use of Incorrectly-Resolved Name or Reference

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference through several model loading paths. An attacker can make the server load a different Hugging Face...

6.5CVSS5.5AI score0.00146EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/10 5:11 p.m.11 views

vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors

Summary vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an...

6.5CVSS5.6AI score0.00146EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/10 5:11 p.m.10 views

GHSA-3WW4-5JV9-J5GM vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors

Summary vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an...

6.5CVSS5.6AI score0.00146EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 9:10 a.m.37 views

CVE-2026-11852

Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relationships between artifacts enforced no permissions checks beyond being able to see the artifacts in...

0.00199EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/10 9:10 a.m.7 views

CVE-2026-11852

Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relationships between artifacts enforced no permissions checks beyond being able to see the artifacts in...

6.5CVSS5.5AI score0.00199EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.10 views

PT-2026-48396

Name of the Vulnerable Software and Affected Versions Debusine affected versions not specified Description Debusine is an integrated solution used to build, distribute, and maintain Debian-based distributions, where managed files are organized into artifacts. The endpoints responsible for creatin...

6.5CVSS5.8AI score0.00199EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48537

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.22.0 Description vLLM is an inference and serving engine for large language models. The software contains a supply-chain integrity issue where revision pinning controls are not consistently applied to all artifacts...

6.5CVSS5.8AI score0.00146EPSS
Exploits0References13
The Hacker News
The Hacker News
added 2026/06/09 9:13 a.m.15 views

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades , this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index PyPI registry, as the Mini Shai-Hulud-style attacks continue to be refined and splintered to target specific ecosystems...

6.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/08 1:12 p.m.13 views

Important: Red Hat Security Advisory: RHTAS 1.4 - GA Release of Model Transparency 1.0.1

The GA release of the RHTAS Model Transparency CLI image. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.4 The RHTAS Model Transparency CLI image can be used to sign and verify AI/ML workloads...

9.8CVSS6.3AI score0.0068EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.12 views

CVE-2026-7178

A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. This manipulation of the argument ID causes server-side request forgery. It is possible to initiate the attack...

7.5CVSS6.8AI score0.00344EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.8 views

CVE-2026-40903

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerability. ArtiPACKED can lead to leakage of the GITHUBTOKEN through workflow artifacts, even though the token is not present in the repository source code. This vulnerability is fixed in 2.0.0-beta.6...

9.1CVSS5.4AI score0.00245EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 8:52 a.m.6 views

BIT-MLFLOW-2026-2651 Missing Authorization Validation in mlflow/mlflow

A vulnerability in MLflow versions =3.10.1.dev0 allows unauthorized access to multipart upload MPU endpoints when the --serve-artifacts mode is enabled. The authorization logic does not enforce resource-level permission checks for /mlflow-artifacts/mpu/ endpoints, enabling attackers to overwrite...

9CVSS6.2AI score0.00345EPSS
Exploits1References6
GithubExploit
GithubExploit
added 2026/06/04 8:54 p.m.71 views

exploit-labs

exploit-labs Companion code for the Windows-security blog at...

5.9AI score
Exploits0
CVE
CVE
added 2026/06/01 6:57 p.m.26 views

CVE-2026-49135

CVE-2026-49135 affects CodexBar up to version 0.31.x (before 0.32.0). The issue is insecure temporary file handling in the notarization workflow, enabling a local attacker with access to the same host to read the App Store Connect API key written to a fixed path, pre-create files or symlinks to r...

7.2CVSS5.8AI score0.00129EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/01 6:57 p.m.9 views

CVE-2026-49135

CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictable file paths in the release notarization workflow. Attackers with access to the same host can read...

7.2CVSS5.8AI score0.00129EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/05/29 12:0 a.m.12 views

MAECO-Lite: Modular Ontology for Dynamic Malware Analysis

Capturing dynamic malware behavior in a practical but still semantically precise manner remains a significant challenge in cyber threat intelligence. While standards such as MAEC and STIX provide widely adopted vocabularies for describing malware artifacts and observations, they represent data wi...

5.9AI score
Exploits0
Rows per page
Query Builder