Lucene search
K

1662 matches found

RedHat Linux
RedHat Linux
added 13 hours ago7 views

Important: Red Hat Security Advisory: Red Hat AI Base Images 3.0.2 (tpu)

Red Hat AI Base Images 3.0.2 tpu is now available. Red Hat® AI Base Images...

8CVSS5.8AI score0.00275EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 13 hours ago9 views

Important: Red Hat Security Advisory: Red Hat AI Base Images 3.2.2 (TPU)

Red Hat AI Base Images 3.2.2 TPU is now available. Red Hat® AI Base Images...

8CVSS5.8AI score0.00275EPSS
Exploits0References3
NVD
NVD
added yesterday4 views

CVE-2026-12408

The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all versions up to, and including, 4.9.8 via the /wp-json/slim-seo/meta-tags/ai REST API endpoint. This is due to the endpoint's permissioncallback performin...

4.3CVSS0.00257EPSS
Exploits0References8
CVE
CVE
added yesterday9 views

CVE-2026-12408

The CVE-2026-12408 entry concerns the WordPress plugin Slim SEO (versions up to and including 4.9.8). The vulnerability arises from the REST endpoint /wp-json/slim-seo/meta-tags/ai: the permission_callback only checks a top-level edit_posts capability and does not verify that the requester can re...

4.3CVSS5.9AI score0.00257EPSS
Exploits0References8
EUVD
EUVD
added yesterday4 views

EUVD-2026-40838

Inappropriate implementation in AI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.0017EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2 days ago49 views

282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic Study

Researchers tested 444 AI chatbot apps for iPhone and found that 282 of them, nearly two-thirds, exposed paid AI access through their network traffic. In many cases, the path in was visible just by watching what the app sent: a plaintext API key, a reusable token, or a backend server that accepte...

5.8AI score
Exploits0
Imperva Blog
Imperva Blog
added 2 days ago4 views

AI Agents Are Visiting Your Website. Which Ones Should You Trust?

The internet is changing fast. For years, the main goal of search was simple: to help users find links. A user searched, reviewed results, clicked a website, and consumed the content directly from the source. But AI is changing that model. Increasingly, users ask AI assistants for answers instead...

5.9AI score
Exploits0
NVD
NVD
added 3 days ago12 views

CVE-2026-13437

Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API...

6.5CVSS0.00255EPSS
Exploits0References1
The Hacker News
The Hacker News
added 3 days ago9 views

Apple Patches 30+ iOS, macOS, Safari Flaws, Including AI-Discovered WebKit Bugs

Apple on Monday released security updates for iOS, macOS, and the Safari web browser to address over three dozen flaws, including four vulnerabilities in WebKit that were discovered using artificial intelligence AI tools like Anthropic Claude and OpenAI Codex Security. The WebKit vulnerabilities...

8.8CVSS5.8AI score0.0036EPSS
Exploits0
CVE
CVE
added 3 days ago14 views

CVE-2026-13437

CVE-2026-13437 affects Devolutions PowerShell Universal 2026.2.0. An attacker with AI Agent read access can exploit the AI Agent job API to receive App Tokens serialized in plaintext within API responses, enabling retrieval of reusable authentication tokens with potential higher privilege. The un...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References1Affected Software1
NVD
NVD
added 6 days ago9 views

CVE-2025-32394

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there is a DoS vulnerability in AITextSummarizerBlock. Malicious users can amplify their input. For example, if a malicious user inputs 10K of content, the...

5.3CVSS0.00247EPSS
Exploits0References1
CVE
CVE
added 6 days ago8 views

CVE-2025-32394

Technical details are not publicly available in the provided documents. Monitor for updates.

5.3CVSS5.8AI score0.00247EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-39791

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0...

7.1CVSS5.8AI score0.00217EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/25 6:29 p.m.7 views

Important: Red Hat Security Advisory: Red Hat AI Inference Server Model Optimization Tools 3.3.5 (CUDA)

Red Hat AI Inference Server Model Optimization Tools 3.3.5 CUDA is now available. Red Hat® AI Inference Server Model Optimization Tools...

9.1CVSS6.9AI score0.0068EPSS
Exploits4References19
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.6 views

Malicious code in rstreams-metrics (npm)

The rstreams-metrics npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

6.2AI score
Exploits0References3
OSV
OSV
added 2026/06/24 11:4 p.m.4 views

MAL-2026-6436 Malicious code in solo-nav (npm)

The solo-nav npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

6.3AI score
Exploits0References3
NVD
NVD
added 2026/06/24 8:16 p.m.9 views

CVE-2026-55583

Twenty is an open-source CRM customer relationship management platform. Prior to 2.9.0, Twenty was vulnerable to a cross-workspace insecure direct object reference IDOR in the AI agent monitor's AgentTurnResolver, in packages/twenty-server/src/engine/metadata-modules/ai/ai-agent-monitor/reso...

7.6CVSS0.00191EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 7:2 p.m.5 views

CVE-2026-45792

rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.32.0, RTK Rust Token Killer improperly trusts project-local configuration files. RTK automatically loads .rtk/filters.toml from the working directory with highest priority and without user notification. An...

6.9CVSS5.9AI score0.00085EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/23 4:50 p.m.7 views

Important: Red Hat Security Advisory: satellite/foreman-mcp-server-rhel9 container image available as a Technology Preview

A new satellite/foreman-mcp-server-rhel9 container image is now available as a Technology Preview in the Red Hat container registry. Satellite provides a container image that you can use to run an MCP server locally. The MCP server for Satellite is designed for advanced reporting and data analysi...

8.8CVSS5.8AI score0.00237EPSS
Exploits1References6
Filippo.io
Filippo.io
added 2026/06/23 1:0 p.m.12 views

Vulnerability Reports Are Not Special Anymore

A requirement for staying sane while working in public as an open source maintainer is realizing that every issue, PR, and piece of feedback is a present, not an obligation. You can accept it, ignore it, and use it partially or not at all. Except… For years, as lead of the Go Security team at the...

5.9AI score
Exploits0
Rows per page
Query Builder