Lucene search
+L

321 matches found

Microsoft Secure
Microsoft Secure
added 2026/02/12 5:0 p.m.9 views

Your complete guide to Microsoft experiences at RSAC™ 2026 Conference

The era of AI is reshaping both opportunity and risk faster than any shift security leaders have seen. Every organization is feeling the momentum; and for security teams, the question is no longer if AI will transform their work, but how to stay ahead of what comes next. At Microsoft, we see this...

5.7AI score
Exploits0
Snyk
Snyk
added 2026/02/10 6:55 p.m.5 views

Deserialization of Untrusted Data

Overview azure-ai-language-conversations-authoring is a Microsoft Corporation Azure Ai Language Conversations Authoring Client Library for Python Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the getcontinuationtoken function. An attacker can execute...

9.8CVSS6.1AI score0.02344EPSS
Exploits0References2
OSV
OSV
added 2026/02/10 6:30 p.m.8 views

GHSA-436V-JG82-P533 Azure AI Language Authoring Elevation of Privilege Vulnerability can Lead to RCE

Deserialization of untrusted data in the Azure AI Language Conversations Authoring client library for Python allows an unauthorized attacker to execute code over a network...

9.8CVSS5.8AI score0.02344EPSS
Exploits0References3
NVD
NVD
added 2026/02/06 6:15 a.m.9 views

CVE-2026-0598

A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the authenticated user making the request. As a result, an attacker with valid credentials could acces...

4.2CVSS0.00222EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/06 5:47 a.m.31 views

CVE-2026-0598 Ansible-lightspeed: broken object level authorization leading to cross-user ai conversation context injection in ansible lightspeed api

A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the authenticated user making the request. As a result, an attacker with valid credentials could acces...

4.2CVSS0.00222EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/06 5:47 a.m.6 views

CVE-2026-0598

A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the authenticated user making the request. As a result, an attacker with valid credentials could acces...

4.2CVSS5.3AI score0.00222EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/06 5:47 a.m.6 views

EUVD-2026-5677

A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the authenticated user making the request. As a result, an attacker with valid credentials could acces...

4.2CVSS5.3AI score0.00222EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.11 views

PT-2026-6676

Name of the Vulnerable Software and Affected Versions Ansible Lightspeed affected versions not specified Description The Ansible Lightspeed API conversation endpoints, which manage AI chat interactions, do not adequately confirm if a conversation identifier corresponds to the authenticated user...

4.2CVSS5.4AI score0.00222EPSS
Exploits0References6
OSV
OSV
added 2026/01/28 6:55 p.m.9 views

CVE-2025-68660 Discourse AI Discover's continue conversation allows threat actor to impersonate user

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, an endpoint lets any authenticated user bypass the aidiscoverpersona access controls and gain ongoing DM access to personas that may be wired to staff-only categories, RAG document set...

5.3CVSS5.9AI score0.00216EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/01/21 8:56 a.m.165 views

context_compaction

Google ADK Context Compaction POC A proof of concept demonstr...

5.6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/17 8:34 a.m.5 views

OpenAI to Show Ads in ChatGPT for Logged-In U.S. Adults on Free and Go Plans

OpenAI on Friday said it would start showing ads in ChatGPT to logged-in adult U.S. users in both the free and ChatGPT Go tiers in the coming weeks, as the artificial intelligence AI company expanded access to its low-cost subscription globally. "You need to know that your data and conversations...

6.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/16 6:25 p.m.6 views

CVE-2025-36911

In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote proximal/adjacent information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is not needed for exploitation...

7.1CVSS6.2AI score0.06942EPSS
Exploits14References1
NVD
NVD
added 2026/01/15 6:16 p.m.6 views

CVE-2025-36911

In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote proximal/adjacent information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is not needed for exploitation...

7.1CVSS0.06942EPSS
Exploits14References2
CVE
CVE
added 2026/01/15 5:41 p.m.268 views

CVE-2025-36911

CVE-2025-36911 (WhisperPair) is a vulnerability in Google Fast Pair where devices may accept Key-Based Pairing requests even when not in pairing mode, enabling unauthorized pairing without user interaction. Connected tooling demonstrates practical exploitation: an attacker can obtain a BR/EDR add...

7.1CVSS5.8AI score0.06942EPSS
Exploits14References2Affected Software1
Cvelist
Cvelist
added 2026/01/15 5:41 p.m.27 views

CVE-2025-36911

In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote proximal/adjacent information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is not needed for exploitation...

0.06942EPSS
Exploits14References1
Vulnrichment
Vulnrichment
added 2026/01/15 5:41 p.m.6 views

CVE-2025-36911

In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote proximal/adjacent information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is not needed for exploitation...

5.8AI score0.06942EPSS
Exploits14References1
ATTACKERKB
ATTACKERKB
added 2026/01/15 5:41 p.m.5 views

CVE-2025-36911

In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote proximal/adjacent information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is not needed for exploitation...

7.1CVSS5.8AI score0.06942EPSS
Exploits14References3
EUVD
EUVD
added 2026/01/15 5:41 p.m.4 views

EUVD-2026-2722

In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote proximal/adjacent information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is not needed for exploitation...

7.1CVSS5.7AI score0.06942EPSS
Exploits14References3
The Hacker News
The Hacker News
added 2026/01/08 6:57 a.m.10 views

OpenAI Launches ChatGPT Health with Isolated, Encrypted Health Data Controls

Artificial intelligence AI company OpenAI on Wednesday announced the launch of ChatGPT Health, a dedicated space that allows users to have conversations with the chatbot about their health. To that end, the sandboxed experience offers users the optional ability to securely connect medical records...

6.4AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/06 5:21 p.m.15 views

Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users

Cybersecurity researchers have discovered two new malicious extensions on the Chrome Web Store that are designed to exfiltrate OpenAI ChatGPT and DeepSeek conversations alongside browsing data to servers under the attackers' control. The names of the extensions, which collectively have over 900,0...

6.4AI score
Exploits0
Rows per page
Query Builder