Lucene search
K

666 matches found

CNNVD
CNNVD
added 2026/02/10 12:0 a.m.7 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 145.0.7632.45 contained a security vulnerability. This vulnerability stemmed from insufficient policy execution within frames, which could lead to UI deception through specially crafted HTM...

6.5CVSS6.7AI score0.00225EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.9 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 145.0.7632.45 contained a security vulnerability, which was caused by improper handling of file inputs. This vulnerability could potentially lead users to execute certain UI gestures, resulting in UI...

6.5CVSS6.7AI score0.0021EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.8 views

PT-2026-6635

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based for Android affected versions not specified Description A flaw in Microsoft Edge for Android allows an attacker to conduct spoofing attacks over a network by misrepresenting critical information in the user...

6.5CVSS5.5AI score0.00595EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.10 views

Microsoft Edge for Android 安全漏洞

Microsoft Edge for Android is a browser in the Android operating system developed by the American company Microsoft. There is a security vulnerability in Microsoft Edge for Android, which stems from improper presentation of key user interface information. This vulnerability may allow unauthorized...

6.5CVSS6AI score0.00595EPSS
Exploits0References1
Wired Threat Level
Wired Threat Level
added 2026/01/29 6:4 p.m.6 views

ICE Pretends It’s a Military Force. Its Tactics Would Get Real Soldiers Killed

WIRED asked an active military officer to break down immigration enforcement actions in Minneapolis and elsewhere...

5.9AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/01/27 7:34 p.m.4 views

CVE-2026-24472 Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control...

5.3CVSS5.9AI score0.00457EPSS
Exploits0References3
CVE
CVE
added 2026/01/27 7:34 p.m.29 views

CVE-2026-24472

CVE-2026-24472 affects Hono (web framework for JavaScript runtimes) through Cache Middleware prior to version 4.11.7, where HTTP cache control handling does not respect headers like Cache-Control: private or no-store, risking private/authenticated responses being cached and exposed. The issue is ...

5.3CVSS5.9AI score0.00457EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/01/27 7:34 p.m.7 views

CVE-2026-24472 Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control...

5.3CVSS5.9AI score0.00457EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/27 7:34 p.m.21 views

CVE-2026-24472 Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control...

5.3CVSS0.00457EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/01/27 7:4 p.m.14 views

Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception

Summary Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control headers such as Cache-Control: private or Cache-Control: no-store, which may result in private or...

5.3CVSS5.9AI score0.00457EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/01/27 7:4 p.m.3 views

GHSA-6WQW-2P9W-4VW4 Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception

Summary Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control headers such as Cache-Control: private or Cache-Control: no-store, which may result in private or...

5.3CVSS6AI score0.00457EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.27 views

PT-2026-4581

The Set Bulk Post Categories plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the bulk category update functionality. This makes it possible for unauthenticated attackers to modify post categorie...

4.3CVSS5.5AI score0.00155EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.5 views

Azure Linux 3.0 Security Update: kernel (CVE-2024-47727)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47727 advisory. - In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix in-kernel MMIO check TDX on...

7.8CVSS6.7AI score0.00247EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/01/13 12:0 a.m.6 views

Baiting AI: Deceptive Adversary against AI-Protected Industrial Infrastructures

This paper explores a new cyber-attack vector targeting Industrial Control Systems ICS, particularly focusing on water treatment facilities. Developing a new multi-agent Deep Reinforcement Learning DRL approach, adversaries craft stealthy, strategically timed, wear-out attacks designed to subtly...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 10:52 a.m.7 views

CVE-2022-42544

In getView of AddAppNetworksFragment.java, there is a possible way to mislead the user about network add requests due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS7AI score0.00148EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:13 a.m.11 views

CVE-2022-0751

Inaccurate display of Snippet files containing special characters in all versions of GitLab CE/EE allows an attacker to create Snippets with misleading content which could trick unsuspecting users into executing arbitrary commands...

8.8CVSS6.6AI score0.01391EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/12/28 12:0 a.m.6 views

Agentic AI for Cyber Resilience: A New Security Paradigm and Its System-Theoretic Foundations

Cybersecurity is being fundamentally reshaped by foundation-model-based artificial intelligence. Large language models now enable autonomous planning, tool orchestration, and strategic adaptation at scale, challenging security architectures built on static rules, perimeter defenses, and...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/24 12:0 a.m.5 views

The Imitation Game: Using Large Language Models As Chatbots to Combat Chat-Based Cybercrimes

Chat-based cybercrime has emerged as a pervasive threat, with attackers leveraging real-time messaging platforms to conduct scams that rely on trust-building, deception, and psychological manipulation. Traditional defense mechanisms, which operate on static rules or shallow content filters,...

6.8AI score
Exploits0
Cvelist
Cvelist
added 2025/12/20 3:20 a.m.23 views

CVE-2025-14164 Quran Gateway <= 1.5 - Cross-Site Request Forgery to Settings Update

The Quran Gateway plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing nonce validation in the qurangatewayoptions function. This makes it possible for unauthenticated attackers to modify the plugin's display settings v...

4.3CVSS0.00126EPSS
Exploits0References3
Schneier on Security
Schneier on Security
added 2025/12/18 4:41 p.m.4 views

Someone Boarded a Plane at Heathrow Without a Ticket or Passport

I'm sure there's a story here: Sources say the man had tailgated his way through to security screening and passed security, meaning he was not detected carrying any banned items. The man deceived the BA check-in agent by posing as a family member who had their passports and boarding passes...

7AI score
Exploits0
Rows per page
Query Builder