CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm News•added 2026/05/22 12:0 a.m.•5 views

AI Security Research Should Better Incentivize Defense Research

This work examines an imbalance in artificial intelligence AI security research: the field tends to produce more work on attacking AI systems than on defending them. Drawing on related academic papers, we find biased attack-to-defense ratios across subfields, including federated learning, speech...

5.8AI score

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: codecs: wcd-mbhc-v2: fixed resource leaks during component removal The MBHC resources must be released in case of component probe failures and removals; therefore, they cannot be tied to the lifetime of the component...

5.8AI score0.00028EPSS

Exploits0References1

Packet Storm News•added 2026/05/11 12:0 a.m.•14 views

Under the Hood of SKILL.Md: Semantic Supply-Chain Attacks on AI Agent Skill Registry

Autonomous AI agents increasingly extend their capabilities through Agent Skills: modular filesystem packages whose SKILL.md files describe when and how agents should use them. While this design enables scalable, on-demand capability expansion, it also introduces a semantic supply-chain risk in...

5.7AI score

The Hacker News•added 2026/04/16 10:30 a.m.•5 views

Hidden Passenger? How Taboola Routes Logged-In Banking Sessions to Temu

A bank approved a Taboola pixel. That pixel quietly redirected logged-in users to a Temu tracking endpoint. This occurred without the bank’s knowledge, without user consent, and without a single security control registering a violation. Read the full technical breakdown in the Security Intelligen...

6AI score

OSV•added 2026/03/25 5:5 a.m.•1 views

MAL-2026-2170 Malicious code in fairness-bias (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c76439565a70fd014098388baf5dd9a679f90be992102ba689fc0b7d6d3db352 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score

Exploits0References1

OSSF Malicious Packages•added 2026/03/25 5:5 a.m.•4 views

Malicious code in fairness-bias (PyPI)

6AI score

Exploits0References1

OSV•added 2026/03/23 6:30 a.m.•3 views

GHSA-5JX8-Q4CP-RHH6 jsrsasign: Incomplete Comparison Allows DSA Private Key Recovery via Biased Nonce Generation

Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the private key by exploiting the incorrect...

9.3CVSS5.9AI score0.00057EPSS

Exploits1References6

Github Security Blog•added 2026/03/23 6:30 a.m.•3 views

jsrsasign: Incomplete Comparison Allows DSA Private Key Recovery via Biased Nonce Generation

9.3CVSS5.9AI score0.00057EPSS

Exploits1References6Affected Software1

EUVD•added 2026/03/23 6:30 a.m.•8 views

EUVD-2026-14373

OSV•added 2026/03/23 6:16 a.m.•0 views

Exploits1References5

CVE-2026-4599

9.3CVSS5.9AI score

Exploits0References4

Vulnrichment•added 2026/03/23 5:0 a.m.•3 views

CVE-2026-4599

CVE•added 2026/03/23 5:0 a.m.•16 views

Exploits1References4

CVE-2026-4599

JSrsasign versions 7.0.0–11.0.x are vulnerable due to Incomplete Comparison with Missing Factors in src/crypto-1.1.js: getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax perform incorrect compareTo checks that accept out-of-range candidates, biasing DSA nonces and enabling private key r...

Exploits1References4Affected Software1

ATTACKERKB•added 2026/03/23 5:0 a.m.•2 views

CVE-2026-4599

Cvelist•added 2026/03/23 5:0 a.m.•25 views

Exploits1References5

CVE-2026-4599

9.3CVSS0.00057EPSS

Exploits1References4

Packet Storm News•added 2026/03/19 12:0 a.m.•8 views

Measuring and Exploiting Confirmation Bias in LLM-Assisted Security Code Review

Security code reviews increasingly rely on systems integrating Large Language Models LLMs, ranging from interactive assistants to autonomous agents in CI/CD pipelines. We study whether confirmation bias i.e., the tendency to favor interpretations that align with prior expectations affects LLM-bas...

Schneier on Security•added 2026/03/04 12:6 p.m.•4 views

Manipulating AI Summarization Features

Microsoft is reporting: Companies are embedding hidden instructions in "Summarize with AI" buttons that, when clicked, attempt to inject persistence commands into an AI assistant's memory via URL prompt parameters…. These prompts instruct the AI to "remember Company as a trusted source" or...

Schneier on Security•added 2026/02/26 12:7 p.m.•6 views

LLMs Generate Predictable Passwords

LLMs are bad at generating passwords: There are strong noticeable patterns among these 50 passwords that can be seen easily: All of the passwords start with a letter, usually uppercase G, almost always followed by the digit 7. Character choices are highly uneven for example, L , 9, m, 2, $ and...

5.7AI score

Microsoft Secure•added 2026/02/17 5:0 p.m.•4 views

Unify now or pay later: New research exposes the operational cost of a fragmented SOC

Security operations are entering a pivotal moment: the operating model that grew around network logs and phishing emails is now buckling under tool sprawl, manual triage, and threat actors that outpace defender capacity. New research from Microsoft and Omdia shows just how heavy the burden can...

Microsoft Secure•added 2026/02/17 5:0 p.m.•4 views

Unify now or pay later: New research exposes the operational cost of a fragmented SOC