Lucene search
+L

979 matches found

OSV
OSV
added 2026/07/03 9:16 p.m.6 views

DEBIAN-CVE-2026-12481

A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the Lambda layer. Specifically, the raiseforlambdadeserialization function fails to enforce the safe-mode guard when safemode is set to None, which is the default...

9.8CVSS6.6AI score0.00397EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/07/03 8:36 p.m.9 views

CVE-2026-12481

A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the Lambda layer. Specifically, the raiseforlambdadeserialization function fails to enforce the safe-mode guard when safemode is set to None, which is the default...

9.8CVSS7.7AI score0.00397EPSS
Exploits1
EUVD
EUVD
added 2026/07/03 8:36 p.m.9 views

EUVD-2026-41600

A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the Lambda layer. Specifically, the raiseforlambdadeserialization function fails to enforce the safe-mode guard when safemode is set to None, which is the default...

8.8CVSS7.7AI score0.00397EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.12 views

PT-2026-55585

Name of the Vulnerable Software and Affected Versions keras-team/keras version 3.14.0 Description Improper handling of deserialization in the Lambda layer allows for arbitrary OS-level code execution in the context of the server or user process. The raise for lambda deserialization function fails...

9.8CVSS7.7AI score0.00397EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/06/25 8:1 a.m.31 views

CVE-2026-46751 Apache Kvrocks: Does not remove the unsafe loadstring function from its Lua sandbox, allowing a user who can run EVAL scripts to load crafted, unvalidated bytecode that crashes the server process, resulting in a remote denial of service.

A vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.2.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue...

5.5CVSS0.00324EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 8:1 a.m.14 views

CVE-2026-46751

CVE-2026-46751 affects Apache Kvrocks (2.2.0–2.15.0). The root cause is that Kvrocks does not remove the unsafe loadstring function from its Lua sandbox, enabling a user who can run EVAL scripts to load crafted, unvalidated bytecode that crashes the server process, resulting in a remote denial of...

5.5CVSS5.8AI score0.00324EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 7:54 p.m.21 views

Malicious code in node-fetch-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78aef0d64a7d761d2987d27aea462083425e5692475cd81332b7a3152c754308 On Windows, scripts/postinstall.js XOR-decodes a hardcoded C2 host node22.lunes.host:3258, authenticates with a 5-minute rolling HMAC-SHA256 token,...

5.8AI score
Exploits0References10
OSV
OSV
added 2026/06/22 7:54 p.m.10 views

MAL-2026-6271 Malicious code in node-fetch-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78aef0d64a7d761d2987d27aea462083425e5692475cd81332b7a3152c754308 On Windows, scripts/postinstall.js XOR-decodes a hardcoded C2 host node22.lunes.host:3258, authenticates with a 5-minute rolling HMAC-SHA256 token,...

5.8AI score
Exploits0References10
OSV
OSV
added 2026/06/15 4:16 a.m.7 views

DEBIAN-CVE-2026-12216

A weakness has been identified in svaarala duktape up to 2.99.99. This issue affects some unknown processing of the file dukapibytecode.c. Executing a manipulation of the argument countinstr can lead to memory corruption. The attack requires local access. The exploit has been made available to th...

4.8CVSS5.2AI score0.00112EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/06/11 12:0 a.m.11 views

Joern 4.0.556

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/08 12:0 a.m.8 views

RECON: An LLM-Enhanced Backward Constraint Analysis Framework

While traditional techniques, such as symbolic execution, provide a principled foundation for precise constraint reasoning in program analysis, they struggle to scale to modern software systems mainly due to path explosion, the need for function modeling, and the loss of semantic intent at...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/05 12:0 a.m.11 views

The Sound of Malware: A Memory Forensics Approach for Android Malware Analysis Via Audio Signals

Android malware analysis is currently facing increasing challenges in achieving robust classification and detecting stealth attacks. Modern threats employ advanced evasion strategies such as code obfuscation, dynamic loading, packing, and even steganographic manipulation of traditional static and...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/04 12:0 a.m.10 views

Joern 4.0.554

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/27 12:0 a.m.17 views

Joern 4.0.548

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/22 9:3 p.m.103 views

Reversing-Toolkit

Reversing Toolkit 🔧 3 reverse engineering & binary exploita...

6AI score
Exploits0
OSV
OSV
added 2026/05/22 1:45 p.m.10 views

MAL-2026-4677 Malicious code in swift-optimizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c54f35da6df5cef65715d49fb7942aff442ee9a0cb486862031e5009277db3a On npm install, [email protected] runs scripts/install-binary.js as a postinstall hook. The script is a hand-rolled JavaScript bytecode VM 123 KB...

5.9AI score
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/22 12:0 a.m.12 views

Joern 4.0.546

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

5.9AI score
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in bcel

Apache Commons BCEL includes several APIs that typically only allow modifying specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to generate arbitrary bytecode. This could lead to abuse in applications that send attacker-controllable data to tho...

9.8CVSS6.9AI score0.02836EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in openjdk-11, bcel

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

7.5CVSS7.6AI score0.33623EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2026/05/19 6:30 p.m.11 views

cpython: CPython: Logging Bypass in Legacy .pyc File Handling

A flaw was found in CPython. This vulnerability allows a local user with low privileges to bypass security auditing mechanisms. The issue occurs because the SourcelessFileLoader component, responsible for handling older Python compiled files .pyc, does not properly trigger system audit events. Th...

5.7CVSS7.2AI score0.00202EPSS
Exploits0References9
Rows per page
Query Builder