Lucene search
K

982 matches found

CVE
CVE
added 2026/05/29 7:32 p.m.28 views

CVE-2026-44285

FastGPT is affected by an SSRF flaw in the dataset preview API. Before 4.15.0-beta1, an authenticated attacker could bypass isInternalAddress protection and reach internal services by abusing /api/core/dataset/file/getPreviewChunks with the externalFile data import type. The issue is resolved in ...

7.7CVSS5.9AI score0.00263EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/29 12:0 a.m.40 views

Improving IoT Intrusion Detection through SMOTE-Based Oversampling and Extended Multi-Model Evaluation on Side-Channel Power Data

The detection of intrusions in IoT-based networks poses challenges that cannot be overcome using traditional machine learning methods. Perhaps the biggest of them is related to the presence of a class imbalance in the side-channel dataset, where the number of samples in the normal class compared ...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/29 12:0 a.m.67 views

Separating Secrets from Placeholders: A Hybrid CNN-CodeBERT Framework for Three-Class Credential Leakage Detection

Credential leakage in public source code repositories poses a critical security threat, with over 23.8 million secrets exposed in 2024 alone. Existing detection tools suffer from high false-positive rates because rigid pattern matching and binary classification schemes fail to distinguish genuine...

5.7AI score
Exploits0
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

FastGPT 代码问题漏洞

FastGPT is an open-source knowledge base question-answering system based on large language models developed by Labring. Versions of FastGPT prior to 4.15.0-beta1 contained code vulnerabilities. These vulnerabilities were caused by server-side request forgery, allowing authenticated attackers to...

7.7CVSS6AI score0.00263EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.15 views

PT-2026-44979

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.15.0-beta1 Description An authenticated attacker can bypass the global isInternalAddress network protection to make arbitrary HTTP GET requests to internal network services. This occurs due to an incomplete fix in t...

7.7CVSS5.9AI score0.00263EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/05/27 12:0 a.m.24 views

Towards Demystifying and Repairing LLM-In-The-Loop Vulnerabilities

Large Language ModelsLLMs have been actively integrated into modern software systems as critical components. LLM-in-the-loop vulnerabilities, where vulnerabilities are introduced by LLMs and their dependent downstream components, such as frameworks, introduce new risks. Although some benchmark...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/25 12:0 a.m.16 views

Building an Adversarial Malware Dataset by Family and Type: Generation, Evasion, and Poisoning Evaluation

We present a dataset of adversarial malware samples derived from the public RawMal-TF collection of real-world malware binaries. Using a suite of adversarial malware generators, we construct two sets of adversarial PE files: 44,347 family-labelled samples and 33,596 type-labelled samples, achievi...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/22 12:0 a.m.32 views

FALCON-C: Flow-Based Analysis and Labeling for Connected Vehicular Network Cybersecurity

Along with the recent rise in popularity of Electric Vehicles EVs, Electric Vehicle Supply Equipment EVSE has emerged as a new target for cyber attacks. Therefore, ensuring the security and integrity of network communication between EVSE components and vehicular clients is a significant challenge...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/21 12:0 a.m.13 views

Botnet Detection on CTU-13 Using Lightweight Machine Learning Models

Botnets are among the most persistent cyber threats, enabling large-scale attacks such as spam, credential theft, and distributed denial-of-service DDoS. While deep learning approaches have recently been applied to botnet detection, they are computationally intensive and often lack...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/18 12:0 a.m.13 views

Three Heads Are Better Than One: A Multi-Perspective Reasoning Framework for Enhanced Vulnerability Detection

Automated vulnerability detection is crucial for enhancing software security by identifying potential flaws that attackers could exploit, thereby reducing the reliance on labor-intensive manual code audits. Recent advancements have shifted towards leveraging large language models LLMs for...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/18 12:0 a.m.12 views

Explainable Machine Learning for Phishing Detection on Heterogeneous Datasets with MCP-Enabled Deployment

With the growth in digital transformation and Internet usage, the Social Engineering techniques such as Phishing have become a major concern for the users and the organizations. Phishing attacks involve deceptive techniques to trick users into revealing confidential information that causes...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/16 12:0 a.m.12 views

Filter-Then-Verify: A Multiphase GNN and ModernBERT Framework for Social Engineering Detection in Email Networks

Social engineering attacks exploit human trust rather than software vulnerabilities, making them difficult to detect using conventional filters. We propose a two-stage filter-then-verify framework combining inductive Graph Neural Networks GNNs for structural anomaly detection with a co-attention...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/15 1:57 a.m.12 views

CVE-2026-31237

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 through its predict method. When a user provides a dataset file path to the predict method, the framework automatically determines the file format. If the file is a pickle .pkl file, it is loaded using...

9.8CVSS6.3AI score0.006EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/15 12:0 a.m.10 views

On-Device Interpretable Tsetlin Machine-Based Intrusion Detection for Secure IoMT

The rapid evolution of digital health technologies is redefining healthcare services worldwide. The integration of wireless communication and Internet-enabled medical devices within Internet of Medical Things IoMT networks enables continuous, real-time patient monitoring. However, this increased...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/14 4:19 p.m.15 views

GHSA-5H9V-837X-M97R FlowiseAI: Dataset create+update mass-assignment allows cross-workspace dataset takeover

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the Dataset entity - cross-workspace data takeover and IDOR. File: packages/server/src/services/dataset/index.ts Root cause: The Dataset controller/service constructs a new...

8.8CVSS6AI score0.00335EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/05/14 4:19 p.m.10 views

NPM: FlowiseAI: Dataset create+update mass-assignment allows cross-workspace dataset takeover

NPM: FlowiseAI: Dataset create+update mass-assignment allows cross-workspace dataset takeover vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

5.8AI score0.00335EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/05/14 4:19 p.m.22 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through improper handling of the Object.assign process in the dataset service. An attacker can gain unauthorized access to...

7.7CVSS5.8AI score0.00335EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/14 4:19 p.m.11 views

FlowiseAI: Dataset create+update mass-assignment allows cross-workspace dataset takeover

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the Dataset entity - cross-workspace data takeover and IDOR. File: packages/server/src/services/dataset/index.ts Root cause: The Dataset controller/service constructs a new...

8.8CVSS6AI score0.00335EPSS
Exploits0References6Affected Software1
Fedora
Fedora
added 2026/05/14 4:3 a.m.14 views

[SECURITY] Fedora 42 Update: GitPython-3.1.50-1.fc42

GitPython is a python library used to interact with git repositories, high-level like git-porcelain, or low-level like git-plumbing. It provides abstractions of git objects for easy access of repository data, a nd additionally allows you to access the git repository more directly using eith er a...

8.8CVSS5.8AI score0.00719EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2026/05/14 12:0 a.m.22 views

WARD: Adversarially Robust Defense of Web Agents against Prompt Injections

Web agents can autonomously complete online tasks by interacting with websites, but their exposure to open web environments makes them vulnerable to prompt injection attacks embedded in HTML content or visual interfaces. Existing guard models still suffer from limited generalization to unseen...

5.8AI score
Exploits0
Rows per page
Query Builder