Lucene search
K

192384 matches found

CVE
CVE
added 2026/03/12 1:2 a.m.13 views

CVE-2026-3970

CVE-2026-3970 affects Tenda i3 1.0.0.6(2204). The vulnerability is in the function formwrlSSIDget of the file /goform/wifiSSIDget, where manipulation of the argument index can trigger a stack-based buffer overflow . It can be exploited remotely, and a working exploit has been published. The provi...

9CVSS6.4AI score0.00619EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/03/12 12:31 a.m.3 views

EUVD-2026-11476

A vulnerability has been found in Woahai321 ListSync up to 0.6.6. This issue affects the function requests.post of the file list-sync-main/apiserver.py of the component JSON Handler. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The...

6.5CVSS6AI score0.00201EPSS
Exploits0References6
Snyk
Snyk
added 2026/03/12 12:31 a.m.5 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the the Vault Kubernetes Authentication Provider. An attacker can access sensitive files by specifying tokenpath configuration parameter to any file on the Consul server node that later returned as jwt data and sent t...

7.6CVSS5.9AI score0.00475EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/12 12:31 a.m.3 views

EUVD-2026-11438

Use after free in WebMIDI in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score0.00271EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/12 12:31 a.m.3 views

EUVD-2026-11434

Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score0.00271EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/03/12 12:0 a.m.2 views

Security Considerations for Artificial Intelligence Agents

This article, a lightly adapted version of Perplexity's response to NIST/CAISI Request for Information 2025-0035, details our observations and recommendations concerning the security of frontier AI agents. These insights are informed by Perplexity's experience operating general-purpose agentic...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/12 12:0 a.m.8 views

Highly Autonomous Cyber-Capable Agents: Anticipating Capabilities, Tactics, and Strategic Implications

This report introduces the concept of "Highly Autonomous Cyber-Capable Agents" HACCAs, AI systems capable of autonomously conducting multi-stage cyber campaigns at a level comparable to today's top criminal hacking groups or state-affiliated threat actors, and analyzes the security implications o...

5.8AI score
Exploits0
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/12 12:0 a.m.6 views

AdGuard Home: HTTP/2 Cleartext (h2c) Upgrade Authentication Bypass

An unauthenticated remote attacker can bypass all authentication in AdGuardHome by sending an HTTP/1.1 request that requests an upgrade to HTTP/2 cleartext h2c. Once the upgrade is accepted, the resulting HTTP/2 connection is handled by the inner mux, which has no authentication middleware...

9.8CVSS5.9AI score0.00735EPSS
Exploits2References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.3 views

PT-2026-25012

Summary The TinaCMS CLI dev server combines a permissive CORS configuration Access-Control-Allow-Origin: with the path traversal vulnerability previously reported to enable a browser-based drive-by attack. A remote attacker can enumerate the filesystem, write arbitrary files, and delete arbitrary...

9.6CVSS5.9AI score0.00535EPSS
Exploits1References16
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.5 views

PT-2026-24935

A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown function of the file add admin.php. Such manipulation leads to improper authorization. The attack may be launched remotely...

6.5CVSS6.3AI score0.00224EPSS
Exploits0References6
Packet Storm News
Packet Storm News
added 2026/03/12 12:0 a.m.2 views

Automatic Attack Script Generation: A MDA Approach

It is widely recognized that practical exercises are crucial for teaching cybersecurity in higher education. However, their setup is not only expensive, time-consuming, and prone to numerous errors, but also requires technical and programming skills to create attack contexts and scripts. To...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.5 views

PT-2026-24943

SGLangs replay request dump.py contains an insecure pickle.load without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script...

5.9AI score0.00334EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.7 views

PT-2026-25004

Name of the Vulnerable Software and Affected Versions projectsend versions prior to r1946 Description A flaw exists in projectsend up to revision r1945. This impacts an unknown function within the includes/Classes/Auth.php file. Manipulating the ldap email argument can cause an observable...

6.3CVSS5.6AI score0.00289EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.6 views

PT-2026-25002

Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user email parameter. Attackers can send POST requests to index.php with malicious payloads in the user email field to...

8.8CVSS5.9AI score0.0046EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.9 views

PT-2026-24917

A security vulnerability has been detected in projectsend up to r1945. The affected element is an unknown function of the component AJAX Endpoints. The manipulation leads to missing authorization. The attack can be initiated remotely. The identifier of the patch is...

6.5CVSS5.3AI score0.00276EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.4 views

PT-2026-24963

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthly expense overview endpoint with crafted month values using boolean-based blind,...

7.1CVSS5.9AI score0.00323EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/03/12 12:0 a.m.12 views

Agent Privilege Separation in OpenClaw: A Structural Defense against Prompt Injection

Prompt injection remains one of the most practical attack vectors against LLM-integrated applications. We replicate the Microsoft LLMail-Inject benchmark Greshake et al., 2024 against current generation models running inside OpenClaw, an open source multitool agent platform. Our proposed defense...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.3 views

PT-2026-24930

A vulnerability was detected in Tenda W3 1.0.0.32204. This vulnerability affects unknown code of the file /goform/wifiSSIDget of the component POST Parameter Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. It is possible to initiate the attack...

9CVSS6.4AI score0.00619EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2026/03/12 12:0 a.m.2 views

Fedora 44 : libmaxminddb (2026-814fe58971)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-814fe58971 advisory. libmaxminddb 1.13.1 - Re-release for Ubuntu PPA, no code changes. libmaxminddb 1.13.0 - MMDBgetentrydatalist now validates that the claimed array/map size is...

6.1AI score
Exploits0References1
HackRead
HackRead
added 2026/03/11 11:5 p.m.7 views

Iran-Linked Handala Hackers Claim Major Hacks on Stryker and Verifone

Iran-linked Handala hackers claim cyberattacks on Stryker and Verifone. Stryker confirms network disruption while Verifone says no breach evidence found...

5.8AI score
Exploits0
Rows per page
Query Builder