Lucene search
K

192400 matches found

Packet Storm News
Packet Storm News
added 2026/03/11 12:0 a.m.37 views

The Attack and Defense Landscape of Agentic AI: A Comprehensive Survey

AI agents that combine large language models with non-AI system components are rapidly emerging in real-world applications, offering unprecedented automation and flexibility. However, this unprecedented flexibility introduces complex security challenges fundamentally different from those in...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.7 views

PT-2026-24824

Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note th...

3.7CVSS5.9AI score0.00162EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/03/11 12:0 a.m.2 views

D-SLAMSpoof: An Environment-Agnostic LiDAR Spoofing Attack Using Dynamic Point Cloud Injection

In this work, we introduce Dynamic SLAMSpoof D-SLAMSpoof, a novel attack that compromises LiDAR SLAM even in feature-rich environments. The attack leverages LiDAR spoofing, which injects spurious measurements into LiDAR scans through external laser interference. By designing both spatial injectio...

5.8AI score
Exploits0
Redos
Redos
added 2026/03/11 12:0 a.m.6 views

ROS-20260311-73-0004

Vulnerability in mongodb-org related to a flaw in the use of assert. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

7.1CVSS5.8AI score0.0024EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.7 views

PT-2026-24668

🚨 CVE-2026-3944 A vulnerability was determined in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /att add.php. This manipulation of the argument Name causes sql injection. The attack may be initiated remotely. The exploit has been publicly...

9.8CVSS7AI score0.00434EPSS
Exploits1References9
Cvelist
Cvelist
added 2026/03/11 12:0 a.m.26 views

CVE-2025-67298

An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile...

0.00218EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.6 views

PT-2026-24795

Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, a vulnerability in the Shopware app registration flow that could, under specific conditions, allow attackers to take over the communication channel between a shop and an app. The legacy app registration flow used HMAC‑based...

8.9CVSS5.8AI score0.00267EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/11 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-26127

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network. CVE-2026-26127 Note that Nessus relies on the presence of the package...

7.5CVSS6.8AI score0.02049EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.6 views

PT-2026-24808

xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests 46, 47, 48 injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and never merged into the main...

9.3CVSS6AI score0.00496EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/11 12:0 a.m.25 views

CVE-2025-67037

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. Injected commands are executed with root privileges...

0.00384EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.5 views

Parse Server SQL注入漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 9.6.0-alpha.2 and 8.6.28 have a SQL injection vulnerability. This vulnerability arises when attackers combine dot notation field...

9.8CVSS5.9AI score0.00408EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.5 views

PT-2026-24680

Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in the handling of proprietary .EGP gradebook files. By modifying specific fields at precise offsets within an otherwise valid .EGP file, an attacker can trigger an out-of-bounds memory read during parsing. This results in an unhandled...

3.3CVSS5.8AI score0.00178EPSS
Exploits0References6
CVE
CVE
added 2026/03/11 12:0 a.m.17 views

CVE-2026-30741

OpenClaw Agent Platform up to v2026.2.6 is affected by a remote code execution (RCE) via a Request-Side prompt injection attack. The root cause is a lack of integrity validation for upstream API requests, which can cause high‑severity command execution in downstream components (e.g., MCP tools) w...

9.8CVSS6.5AI score0.00803EPSS
Exploits2References3Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2026/03/11 12:0 a.m.11 views

VulnCheck KEV: CVE-2025-62593

Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense us...

9.4CVSS5.7AI score0.00338EPSS
In wildExploits0References2
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.7 views

PT-2026-24809

Name of the Vulnerable Software and Affected Versions Himmelblau versions prior to 3.1.0 Himmelblau versions prior to 2.3.8 Description Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. The himmelblaud-tasks daemon, running as root, writes Kerberos cache files under...

8.8CVSS6AI score0.00693EPSS
Exploits4References30
Snyk
Snyk
added 2026/03/10 11:57 p.m.9 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the FileTypeParser class. This is triggered when the ASF WMV/WMA parser receives input including an ASF sub-header with a size value of 0. An attacker can interrupt service with a 55-byte payload. Remediation Upgrade...

6.9CVSS5.8AI score0.00325EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/10 11:44 p.m.3 views

Symlink Attack

Overview org.webjars.npm:tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Symlink Attack via tar.x extraction, which allows an attacker to overwrite arbitrary files outside the intended extraction directory with a drive-relative symlink target - like...

8.2CVSS6.3AI score0.00253EPSS
Exploits4References2
Snyk
Snyk
added 2026/03/10 11:44 p.m.1 views

Symlink Attack

Overview tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Symlink Attack via tar.x extraction, which allows an attacker to overwrite arbitrary files outside the intended extraction directory with a drive-relative symlink target - like...

8.2CVSS6.3AI score0.00253EPSS
Exploits4References2
NVD
NVD
added 2026/03/10 11:16 p.m.4 views

CVE-2025-22850

Time-of-check time-of-use race condition in the UEFI PdaSmm module for some IntelR reference platforms may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...

5.6CVSS0.00083EPSS
Exploits0References1
CVE
CVE
added 2026/03/10 10:49 p.m.9 views

CVE-2025-22444

CVE-2025-22444 affects the UEFI PdaSmm module on certain Intel reference platforms. The flaw is described as Exposure of resource to wrong sphere, enabling information disclosure. A system software adversary with privileged user access and a high-complexity, local attack could potentially cause d...

5.6CVSS5.7AI score0.00103EPSS
Exploits0References1
Rows per page
Query Builder