Lucene search
K

341 matches found

Packet Storm News
Packet Storm News
added 2026/06/12 12:0 a.m.5 views

FreeType Experimental TrueType Glyph Construction

This Python code outlines an experimental framework for constructing synthetic TrueType font structures intended for studying parser behavior, glyph-processing logic, and edge-case handling within font-rendering pipelines...

5.3AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:46 p.m.7 views

CVE-2026-46289

In the Linux kernel, the following vulnerability has been resolved: lib/scatterlist: fix length calculations in extractkvectosg Patch series "Fix bugs in extractitertosg", v3. Fix bugs in the kvec and user variants of extractitertosg. This series is growing due to useful remarks made by...

5.4AI score0.00457EPSS
Exploits0References6Affected Software1
Packet Storm News
Packet Storm News
added 2026/06/08 12:0 a.m.8 views

Exploiting Logic Asymmetry in Modern Web Application Firewalls

This research whitepaper demonstrates that even the most modern WAFs remain vulnerable to attacks exploiting logic asymmetry in HTTP protocol processing. Real-world testing on a Weaver Ecology OA system achieved a 100% bypass rate 40/40 test cases, confirming the critical severity of this...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.7 views

CVE-2025-15625

Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases...

9.8CVSS6.1AI score0.0042EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/06/05 12:0 a.m.6 views

Empirical Evaluation of Large Language Models for Migration of Code Fragments to Post-Quantum Cryptography

The transition to post-quantum cryptography PQC requires not only replacing vulnerable cryptographic primitives, but also refactoring the surrounding software logic. While existing PQC migration frameworks provide organizational guidance, practical code-level remediation remains largely manual an...

5.6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.11 views

PT-2026-44362

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A runtime power management PM reference count leak exists in the ov5647 I2C driver. Specifically, three control cases—AUTOGAIN, EXPOSURE AUTO, and ANALOGUE GAIN—return directly without...

9.8CVSS5.9AI score0.005EPSS
Exploits1References286
Packet Storm News
Packet Storm News
added 2026/05/20 12:0 a.m.8 views

Backchaining Loss of Control Mitigations from Mission-Specific Benchmarks in National Security

Affordances and permissions are promising and timely safety levers for mitigating Loss of Control LoC threats in high-stakes deployment contexts, such as national security. Deployers in defense and intelligence could rely on several approaches to identify which affordances and permissions should ...

5.8AI score
Exploits0
NVD
NVD
added 2026/05/14 5:16 p.m.13 views

CVE-2026-42555

Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32.0, com.ritense.valtimo:case from 13.0.0 to before 13.23.0, and com.ritense.valtimo:contract from 13.4.0 to before 13.23.0 evaluate Spring Expression Language SpEL expressions...

9.1CVSS0.00576EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/13 12:0 a.m.9 views

Red-Teaming Agent Execution Contexts: Open-World Security Evaluation on OpenClaw

Agentic language-model systems increasingly rely on mutable execution contexts, including files, memory, tools, skills, and auxiliary artifacts, creating security risks beyond explicit user prompts. This paper presents DeepTrap, an automated framework for discovering contextual vulnerabilities in...

6AI score
Exploits0
EUVD
EUVD
added 2026/05/12 3:31 p.m.10 views

EUVD-2026-29484

CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in rare circumstances, enabling unauthorized authentication using known credentials...

8.2CVSS5.8AI score0.00291EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/05/12 12:0 a.m.8 views

SkillSafetyBench: Evaluating Agent Safety under Skill-Facing Attack Surfaces

Reusable skills are becoming a common interface for extending large language model agents, packaging procedural guidance with access to files, tools, memory, and execution environments. However, this modularity introduces attack surfaces that are largely missed by existing safety evaluations: eve...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/11 12:0 a.m.7 views

LITMUS: Benchmarking Behavioral Jailbreaks of LLM Agents in Real OS Environments

The rapid proliferation of LLM-based autonomous agents in real operating system environments introduces a new category of safety risk beyond content safety: behavior jailbreak, where an adversary induces an agent to execute dangerous OS-level operations with irreversible consequences. Existing...

5.9AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/22 9:25 p.m.7 views

justhtml has sanitization bypass in custom policies and programmatic DOM

Summary justhtml 1.17.0 fixes multiple security issues in sanitization, serialization, and programmatic DOM handling. Most of these issues affected advanced or custom configurations rather than the default safe path. Affected versions - justhtml , MathML , SVG / , and MathML text integration poin...

5.8AI score
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.9 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012999)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012999 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid potential out-of-bounds in btrfsencodefh The function btrfsencodefh does not properl...

5.6AI score0.00171EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.7 views

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011139)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011139 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid potential out-of-bounds in btrfsencodefh The function btrfsencodefh does not properl...

5.6AI score0.00171EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2026/04/20 11:30 a.m.5 views

Why Most AI Deployments Stall After the Demo

The fastest way to fall in love with an AI tool is to watch the demo. Everything moves quickly. Prompts land cleanly. The system produces impressive outputs in seconds. It feels like the beginning of a new era for your team. But most AI initiatives don't fail because of bad technology. They stall...

5.7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/10 7:20 p.m.7 views

justhtml includes multiple security fixes

Summary justhtml 1.15.0 includes multiple security fixes affecting URL sanitization helpers, HTML serialization, Markdown passthrough, and several custom sanitization-policy edge cases. These issues have different impact levels and do not all affect the default configuration in the same way...

5.9AI score
Exploits0References4Affected Software1
Packet Storm News
Packet Storm News
added 2026/04/09 12:0 a.m.15 views

ACIArena: Toward Unified Evaluation for Agent Cascading Injection

Collaboration and information sharing empower Multi-Agent Systems MAS but also introduce a critical security risk known as Agent Cascading Injection ACI. In such attacks, a compromised agent exploits inter-agent trust to propagate malicious instructions, causing cascading failures across the...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/04/08 9:0 p.m.1 views

Improper Authentication

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Improper Authentication in processOCSPRequest, which is part of the the CLIENTCERT authentication process. In some "edge cases", an attacker can trigger a...

8.3CVSS5.8AI score0.00469EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/04/03 12:0 a.m.4 views

A Systematic Security Evaluation of OpenClaw and Its Variants

Tool-augmented AI agents substantially extend the practical capabilities of large language models, but they also introduce security risks that cannot be identified through model-only evaluation. In this paper, we present a systematic security assessment of six representative OpenClaw-series agent...

6AI score
Exploits0
Rows per page
Query Builder