Lucene search
K

947 matches found

NVD
NVD
added 2026/05/14 8:17 p.m.16 views

CVE-2026-8597

Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3 with a specially crafted pickle...

7.2CVSS0.0039EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/14 7:37 p.m.9 views

CVE-2026-8597 Missing integrity verification in Triton inference handler in Amazon SageMaker Python SDK

Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3 with a specially crafted pickle...

7.2CVSS6.2AI score0.0039EPSS
Exploits0References4
CVE
CVE
added 2026/05/14 7:37 p.m.18 views

CVE-2026-8597

CVE-2026-8597 : Missing integrity verification in the Triton inference handler of the Amazon SageMaker Python SDK (v2 before 2.257.2; v3 before 3.8.0) may allow a remote authenticated actor with S3 write access to replace model artifacts in S3 with a crafted pickle payload, enabling code executio...

7.2CVSS6.2AI score0.0039EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/05/14 7:13 a.m.15 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: dotnet10.0: aspnetcore-runtime-10.0-10.0.8-1.hum1 aarch64, x8664 aspnetcore-runtime-dbg-10.0-10.0.8-1.hum1 aarch64, x8664 aspnetcore-targeting-pack-10.0-10.0.8-1.hum1 aarch64, x8664...

7.5CVSS5.8AI score0.0243EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.9 views

Amazon SageMaker Python SDK 安全漏洞

Amazon SageMaker Python SDK is a development toolkit provided by Amazon, Inc., for building, training, and deploying machine learning models. Versions of the Amazon SageMaker Python SDK prior to v2.257.2 and v3.8.0 contained security vulnerabilities. These vulnerabilities stemmed from a lack of...

7.2CVSS6AI score0.0039EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.18 views

PT-2026-41118

Name of the Vulnerable Software and Affected Versions Amazon SageMaker Python SDK versions prior to 2.257.2 Amazon SageMaker Python SDK versions prior to 3.8.0 Description Missing integrity verification in the Triton inference handler allows a remote authenticated actor with S3 write access to th...

7.2CVSS6.2AI score0.0039EPSS
Exploits0References10
Packet Storm News
Packet Storm News
added 2026/05/14 12:0 a.m.26 views

Veritas: A Semantically Grounded Agentic Framework for Memory Corruption Vulnerability Detection in Binaries

Detecting memory corruption vulnerabilities in stripped binaries requires recovering object semantics, interprocedural propagation, and feasible triggers from low-level, lossy representations. Recent LLM-based approaches improve code understanding, but reliable detection still requires grounding ...

5.9AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/05/13 8:1 a.m.9 views

jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts

...

4.4CVSS5.8AI score0.00157EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2026/05/12 12:0 a.m.9 views

SkillSafetyBench: Evaluating Agent Safety under Skill-Facing Attack Surfaces

Reusable skills are becoming a common interface for extending large language model agents, packaging procedural guidance with access to files, tools, memory, and execution environments. However, this modularity introduces attack surfaces that are largely missed by existing safety evaluations: eve...

5.9AI score
Exploits0
CVE
CVE
added 2026/05/11 5:24 p.m.22 views

CVE-2026-43895

jq versions 1.8.1 and earlier are affected: embedded NUL bytes in import paths at the jq-language level can be resolved differently during module/data-file lookup, creating a mismatch between the logical import string and the on-disk path opened. This mismatch can enable a local redaction-policy ...

4.4CVSS5.9AI score0.00157EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/05/11 5:24 p.m.47 views

CVE-2026-43895 jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts

jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those paths through C string operations during module and data-file lookup. This creates a mismatch between the logical import string that policy o...

4.4CVSS0.00157EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2026/05/08 12:0 a.m.12 views

On the Security of Research Artifacts

Research artifacts are widely shared to support reproducibility, and artifact evaluation AE has become common at many leading conferences. However, AE mainly checks whether artifacts work as claimed and can be reproduced. It largely overlooks potential security risks. Since these artifacts are...

6AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/07 12:7 a.m.8 views

io.github.andrekurait.trafficcapture:dockerSolution (>=0.1.3 <=0.1.5), io.github.andrekurait.trafficcapture:trafficCaptureProxyServer (>=0.1.3 <=0.1.5) +6 more potentially affected by unknown CVE via org.opensearch.plugin:opensearch-security (=2.11.1.0)

org.opensearch.plugin:opensearch-security MAVEN version =2.11.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.opensearch.plugin:opensearch-security and may be impacted: - io.github.andrekurait.trafficcapture:dockerSolution =0.1.3, =0.1.3, =0.1....

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/07 12:0 a.m.9 views

Beyond the Wrapper: Identifying Artifact Reliance in Static Malware Classifiers Using TRUSTEE

Modern cybersecurity relies heavily on static machine-learning-based malware classifiers. However, transformations such as packing and other non-semantic modifications applied to executable files limit their reliability. Malware classifiers often learn these unnecessary artifacts rather than the...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/04 5:20 p.m.6 views

com.abavilla:fpi-bot-api (>=1.6.0 <=1.6.2), com.abavilla:fpi-bot-api-parent (>=1.6.0 <=1.6.2) +17 more potentially affected by CVE-2026-39852 via io.quarkus:quarkus-keycloak-authorization (>=3.0.0.Alpha1 <=3.20.6)

io.quarkus:quarkus-keycloak-authorization MAVEN version =3.0.0.Alpha1, =1.6.0, =1.6.0, =1.8.0, =1.8.0, =1.6.0, =1.6.0, =1.8.0, =1.8.0, =1.0.25, =1.0.25, =1.5.0, =1.5.0, =1.3.1, =1.3.1, =1.3.4, =1.3.7 and more Source cves: CVE-2026-39852 Source advisory: SNYK:JAVA-IOQUARKUS-16420251...

8.8CVSS5.8AI score0.00432EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/03 12:0 a.m.6 views

Observability for Post-Quantum TLS Readiness: A Multi-Surface Evidence Framework

Post-quantum migration in Transport Layer Security TLS requires evidence-aware measurements that distinguish session negotiation, endpoint capability, certificate-chain evidence, and the provenance of missing observations. This distinction is essential under TLS 1.3 encryption, resumption, mutual...

5.8AI score
Exploits0
NVD
NVD
added 2026/04/27 10:16 p.m.6 views

CVE-2026-7178

A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. This manipulation of the argument ID causes server-side request forgery. It is possible to initiate the attack...

7.5CVSS0.00344EPSS
Exploits1References6
CVE
CVE
added 2026/04/27 10:0 p.m.11 views

CVE-2026-7178

ChatGPTNextWeb NextChat (up to version 2.16.1) contains a vulnerability in the Artifacts Endpoint: the storeUrl function in app/api/artifacts/route.ts can be manipulated via the argument ID to trigger server-side request forgery. This flaw is exploitable remotely over the network; exploitation ap...

7.5CVSS7.1AI score0.00344EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/27 10:0 p.m.3 views

CVE-2026-7178

A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. This manipulation of the argument ID causes server-side request forgery. It is possible to initiate the attack...

7.5CVSS5.1AI score0.00344EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2026/04/27 10:0 p.m.5 views

EUVD-2026-25931

A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. This manipulation of the argument ID causes server-side request forgery. It is possible to initiate the attack...

7.5CVSS7.1AI score0.00344EPSS
Exploits1References6
Rows per page
Query Builder