Lucene search
K

266 matches found

Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.4 views

PT-2026-31793

URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL woul...

7CVSS5.9AI score0.00165EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/04/06 12:0 a.m.15 views

A Multi-Agent Framework for Automated Exploit Generation with Constraint-Guided Comprehension and Reflection

Open-source libraries are widely used in modern software development, introducing significant security vulnerabilities. While static analysis tools can identify potential vulnerabilities at scale, they often generate overwhelming reports with high false positive rates. Automated Exploit Generatio...

6.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/18 5:7 p.m.8 views

Malicious code in chai-as-constrained (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea5f87c9fffb9b32d6390a3922c9a8bfc616a693910c9a8d7599cfa8ef11c9e9 The package chai-as-constrained was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
Snyk
Snyk
added 2026/03/18 5:7 p.m.2 views

Malicious Package

Overview chai-as-constrained is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/03/18 5:7 p.m.3 views

MAL-2026-1576 Malicious code in chai-as-constrained (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea5f87c9fffb9b32d6390a3922c9a8bfc616a693910c9a8d7599cfa8ef11c9e9 The package chai-as-constrained was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
NVD
NVD
added 2026/03/11 8:16 p.m.13 views

CVE-2026-27703

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In 2026.01 and earlier, the default handler for the wellknowncore resource coapwellknowncoredefaulthandler writes user-provided option data and...

9.8CVSS0.00483EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/11 7:38 p.m.6 views

EUVD-2026-11305

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In 2026.01 and earlier, the default handler for the wellknowncore resource coapwellknowncoredefaulthandler writes user-provided option data and...

7.5CVSS6.2AI score0.00483EPSS
Exploits1References1
CVE
CVE
added 2026/03/11 7:38 p.m.15 views

CVE-2026-27703

RIOT OS contains a vulnerability in the default handler for the well_known_core resource (coap_well_known_core_default_handler). In 2026.01 and earlier, it writes user-provided option data and other data into a fixed-size buffer without validating the destination size, enabling an out-of-bounds w...

9.8CVSS6.2AI score0.00483EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.8 views

PT-2026-24801

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In 2026.01 and earlier, the default handler for the well known core resource coap well known core default handler writes user-provided option...

7.5CVSS6.2AI score0.00483EPSS
Exploits1References3
Packet Storm News
Packet Storm News
added 2026/03/06 12:0 a.m.0 views

Alkaid: Resilience to Edit Errors in Provably Secure Steganography Via Distance-Constrained Encoding

While provably secure steganography provides strong concealment by ensuring stego carriers are indistinguishable from natural samples, such systems remain vulnerable to real-world edit errors e.g., insertions, deletions, substitutions because their decoding depends on perfect synchronization and...

5.8AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2026/02/26 8:54 p.m.3 views

This AI Agent Is Designed to Not Go Rogue

The new open source project IronCurtain uses a unique method to secure and constrain AI assistant agents before they flip your digital life upside down...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/20 12:0 a.m.4 views

Influence of Autoencoder Latent Space on Classifying IoT CoAP Attacks

The Internet of Things IoT presents a unique cybersecurity challenge due to its vast network of interconnected, resource-constrained devices. These vulnerabilities not only threaten data integrity but also the overall functionality of IoT systems. This study addresses these challenges by explorin...

6AI score
Exploits0
OSV
OSV
added 2026/02/13 2:16 p.m.4 views

CVE-2025-14349

Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36...

8.8CVSS5.8AI score0.00361EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.5 views

PT-2026-7849

Name of the Vulnerable Software and Affected Versions NTN Information Processing Services Computer Software Hardware Industry and Trade Ltd. Co. Smart Panel versions prior to 20251215 Description The software contains an unrestricted file upload issue that allows access to functionality not...

9.8CVSS5.4AI score0.00385EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/01/27 9:8 p.m.4 views

CVE-2026-24738

gmrtd is a Go library for reading Machine Readable Travel Documents MRTDs. Prior to version 0.17.2, ReadFile accepts TLVs with lengths that can range up to 4GB, which can cause unconstrained resource consumption in both memory and cpu cycles. ReadFile can consume an extended TLV with lengths well...

5.9CVSS5.8AI score0.00265EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/01/22 5:16 p.m.4 views

CVE-2025-68009

Missing Authorization vulnerability in Codeless Slider Templates slider-templates allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Slider Templates: from n/a through = 1.0.3...

6.5CVSS0.00354EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/12/16 12:0 a.m.4 views

Cloud Security Leveraging AI: A Fusion-Based AISOC for Malware and Log Behaviour Detection

Cloud Security Operations Center SOC enable cloud governance, risk and compliance by providing insights visibility and control. Cloud SOC triages high-volume, heterogeneous telemetry from elastic, short-lived resources while staying within tight budgets. In this research, we implement an...

6.8AI score
Exploits0
NVD
NVD
added 2025/12/10 10:16 p.m.3 views

CVE-2025-65291

Aqara Hub devices including Hub M2 4.3.60027, Hub M3 4.3.60025, Camera Hub G3 4.1.90027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-the-middle attacks on device control and monitoring...

7.4CVSS0.00157EPSS
Exploits1References1
OSV
OSV
added 2025/12/10 10:16 p.m.4 views

CVE-2025-65291

Aqara Hub devices including Hub M2 4.3.60027, Hub M3 4.3.60025, Camera Hub G3 4.1.90027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-the-middle attacks on device control and monitoring...

7.4CVSS5.8AI score0.00157EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/12/10 12:0 a.m.20 views

CVE-2025-65291

Aqara Hub devices including Hub M2 4.3.60027, Hub M3 4.3.60025, Camera Hub G3 4.1.90027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-the-middle attacks on device control and monitoring...

0.00157EPSS
Exploits1References1
Rows per page
Query Builder