192001 matches found
PT-2026-45801
NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page modules/Core/pages/profile.php processes wall post submissions and replies before verifying whether the viewer is authorized to access the profile. This allows any user with the profile.post permission to wri...
FlowGuard: Flow Matching for Identity-Independent Detection of Data-Free Model Stealing Attacks on Energy System Intrusion Detection Systems
Artificial Intelligence AI-based Intrusion Detection Systems IDS deployed in energy infrastructure are vulnerable to model theft attacks, which allow adversaries to create evasive traffic offline. Current defences against model extraction rely either on identity-bound query monitoring, which is...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability. This vulnerability stemmed from improper implementations in the Password Manager. Remote attackers could exploit this vulnerability through specially crafte...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a resource management vulnerability. This vulnerability stemmed from the reuse of WebML after its release, which could allow remote attackers to execute arbitrary code within a sandb...
Dräger Infinity Acute Care System和Dräger Standalone Infinity M540 patient monitor 数据伪造问题漏洞
The Dräger Infinity Acute Care System and the Dräger Standalone Infinity M540 patient monitor are both products of the German company Dräger. The Dräger Infinity Acute Care System is an emergency monitoring platform that integrates patient monitoring, clinical workstations, and medical informatio...
PT-2026-45810
Name of the Vulnerable Software and Affected Versions Dräger Infinity M300 versions prior to VG2.3.2 Description A network-based denial of service issue exists that allows network-adjacent attackers to repeatedly trigger device reboots by sending malicious requests over the Infinity Network. This...
PT-2026-45886
Name of the Vulnerable Software and Affected Versions johnhuang316 code-index-mcp versions prior to 2.14.1 Description A weakness exists in the is safe regex pattern function within the search code advanced component. A remote attacker can manipulate the regex argument to cause inefficient regula...
Operationalizing Cyber Attack Prediction: A Gap-Prioritized Framework with Dataset and Model Selection Guidelines
While AI and machine learning for cyber attack prediction have advanced, a critical gap persists between theoretical research and practical operational deployment. Building on Ankalaki et al. 2025, this paper provides a comprehensive analysis of 150+ benchmark datasets and 200+ studies to identif...
From Untrusted Input to Trusted Memory: A Systematic Study of Memory Poisoning Attacks in LLM Agents
Memory is a core component of AI agents, enabling them to accumulate knowledge across interactions and improve performance. However, persistent memory introduces the risk of memory poisoning, where a single adversarial memory write can exert long-term influence over agent behavior. We present a...
Domain-Conditioned Safety in Frontier Computer-Using Agents: A 793-Episode Browser Benchmark, a Coding-Domain Cross-Reference, and a Reproducibility Audit of Recent Red-Teaming
Recent computer-using-agent CUA red-teaming papers report prompt-injection attack success rates ASR of 42-98%, but these headline numbers cluster on retired models and on the most-vulnerable model in each paper's panel. We ask whether those techniques, reproduced as hand-crafted templates, still...
PT-2026-46693
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in SVG allows a remote attacker to perform Universal Cross-Site Scripting UXSS, which is the ability to execute scripts across different origins, by usin...
PT-2026-46521
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient data validation in the Animation component allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page...
PT-2026-46527
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An out of bounds read exists in the Media component. This allows an attacker located on the local network segment to perform an out of bounds memory read by sending malicious network...
PT-2026-46410
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An out-of-bounds read and write issue exists in the ANGLE graphics engine. This flaw allows a remote attacker to potentially perform a sandbox escape and execute code on the operating...
PT-2026-46758
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in TabGroups allows a remote attacker to perform UI spoofing, which is the act of mimicking a legitimate user interface to deceive users, via malicious...
PT-2026-46718
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An out of bounds memory access issue exists in ANGLE, a compatibility layer between OpenGL ES and native graphics APIs. This flaw allows a remote attacker to potentially perform out of...
Amazon Kiro IDE 安全漏洞
Amazon Kiro IDE is an integrated development environment developed based on AI specifications by Amazon, Inc. Versions of Amazon Kiro IDE prior to 0.11 contained a security vulnerability. This vulnerability stemmed from insufficient access control restrictions in the file writing tool, allowing...
WordPress plugin rognone 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-45834
Name of the Vulnerable Software and Affected Versions React Router versions 7.0.0 through 7.14.1 Description When using Framework Mode, a combination of steps could allow unauthorized remote code execution RCE through external requests. This occurs because the vendored turbo-stream v2 can be abus...
SUSE SLES15 Security Update : kernel RT (Live Patch 11 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:2133-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2133-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.37 fixes various security issues The following security issues were fixed: -...