Lucene search
K

796 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/20 11:8 p.m.5 views

CVE-2026-41301

OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability in the Nostr DM ingress path that allows pairing challenges to be issued before event signature validation. An unauthenticated remote attacker can send forged direct messages to create pending pairi...

6.9CVSS5.8AI score0.00253EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.7 views

PT-2026-33868

OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability in the Nostr DM ingress path that allows pairing challenges to be issued before event signature validation. An unauthenticated remote attacker can send forged direct messages to create pending pairi...

6.9CVSS5.8AI score0.00253EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/04/19 12:0 a.m.6 views

SoK: Reshaping Research on Network Intrusion Detection Systems

Network Intrusion Detection Systems NIDS have been studied for decades. Hundreds of papers have, e.g., proposed ways to enhance, harden or bypass NIDS. However, the findings of prior literature are hardly reflected in real-world operational contexts. Such a disconnection is problematic for resear...

5.5AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/16 10:47 p.m.5 views

Paperclip: Unauthenticated Access to Multiple API Endpoints in Authenticated Mode

Summary Several API endpoints in authenticated mode have no authentication at all. They respond to completely unauthenticated requests with sensitive data or allow state-changing operations. No account, no session, no API key needed. Verified against the latest version. Discord: sagi03581 Steps t...

5.9AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/16 10:47 p.m.8 views

GHSA-XFQJ-R5QW-8G4J Paperclip: Unauthenticated Access to Multiple API Endpoints in Authenticated Mode

Summary Several API endpoints in authenticated mode have no authentication at all. They respond to completely unauthenticated requests with sensitive data or allow state-changing operations. No account, no session, no API key needed. Verified against the latest version. Discord: sagi03581 Steps t...

8.3CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2026/04/16 9:28 p.m.3 views

GHSA-QQX8-2XMM-JRV8 ACME Lego: Arbitrary File Write via Path Traversal in Webroot HTTP-01 Provider

Summary The webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A malicious ACME server can supply a crafted challenge token containing ../ sequences, causing lego to write attacker-influenced content to any path writable by the lego...

8.8CVSS6.5AI score0.0034EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/04/15 12:0 a.m.4 views

Understanding Student Experiences with TLS Client Authentication

Mutual TLS mTLS provides strong, certificate-based authentication for both clients and servers, yet its adoption for user-facing websites remains rare. This paper presents a longitudinal study of mTLS usability, tracking 46 senior and graduate computer science students who configured client...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/15 12:0 a.m.6 views

Challenges and Future Directions in Agentic Reverse Engineering Systems

Agentic systems built on large language models LLMs are increasingly being used for complex security tasks, including binary reverse engineering RE. Despite recent growth in popularity and capability, these systems continue to face limitations in realistic settings. Cutting-edge systems still fai...

5.8AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2026/04/11 9:30 a.m.6 views

How the Internet Broke Everyone’s Bullshit Detectors

From AI-generated images to restricted satellite data, the systems used to verify what’s real online are struggling to keep up...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/04/06 5:52 p.m.3 views

EUVD-2026-19289

Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm...

7.5CVSS5.9AI score0.00274EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/06 4:9 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the process that parses WWW-Authenticate challenges from an upstream registry. An attacker can obtain upstream credentials by manipulating the bearer realm URL to redirect authentication requests to a...

8.7CVSS5.9AI score0.00274EPSS
Exploits1References2
NVD
NVD
added 2026/04/06 3:17 p.m.4 views

CVE-2026-33540

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream registry. The realm URL from a bearer challenge is used...

7.5CVSS0.00274EPSS
Exploits1References1
OSV
OSV
added 2026/04/06 3:17 p.m.1 views

DEBIAN-CVE-2026-33540

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream registry. The realm URL from a bearer challenge is used...

7.5CVSS5.3AI score0.00274EPSS
Exploits1References1
OSV
OSV
added 2026/04/06 3:17 p.m.2 views

UBUNTU-CVE-2026-33540

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream registry. The realm URL from a bearer challenge is used...

7.5CVSS5.8AI score0.00274EPSS
Exploits1References3
CVE
CVE
added 2026/04/06 2:55 p.m.33 views

CVE-2026-33540

CVE-2026-33540 affects the Distribution toolkit. In prior releases (before 3.1.0) and in pull-through cache mode, it parses WWW-Authenticate challenges to discover token auth endpoints, taking the realm URL from a bearer challenge without validating it against the upstream host. An attacker-contr...

7.5CVSS5.9AI score0.00274EPSS
Exploits1References1Affected Software1
Malwarebytes
Malwarebytes
added 2026/04/03 2:37 p.m.8 views

Blocking children from social media is a badly executed good idea

While we can probably all agree that there is more than enough proof that social media is bad for the mental health of our children, the methods we are trying to block or ban them seem to do more harm than good. Across the world, lawmakers are tripping over each other to be seen “doing something”...

6AI score
Exploits0
GithubExploit
GithubExploit
added 2026/04/02 7:8 p.m.176 views

zixem_challenges

No d...

5.8AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2026/03/26 10:0 a.m.26 views

Anduril Wants to Own the Future of War Tech. Mishaps, Delays, and Challenges Abound

From drones to missiles to submarines, the $30.5 billion defense startup wants to transform how the tools of war are made. It’s not all going as planned...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/03/16 3:30 p.m.3 views

EUVD-2025-208717

Raytha CMS does not have any brute force protection mechanism implemented. It allows an attacker to send multiple automated logon requests without triggering lockout, throttling, or step-up challenges. This issue was fixed in version 1.4.6...

9.8CVSS5.8AI score0.0038EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/16 11:54 a.m.2 views

CVE-2025-69246 Lack of bruteforce protection in Raytha CMS

Raytha CMS does not have any brute force protection mechanism implemented. It allows an attacker to send multiple automated logon requests without triggering lockout, throttling, or step-up challenges. This issue was fixed in version 1.4.6...

6.9CVSS5.8AI score0.0038EPSS
Exploits0References2
Rows per page
Query Builder