Lucene search
K

258 matches found

Github Security Blog
Github Security Blog
added 2026/06/29 4:10 p.m.21 views

Inside the Advisory Database and what happens when vulnerability volume breaks records

In May 2026, the GitHub Advisory Database published 1,560 reviewed advisories --more than five times our typical monthly output and the highest in its history. And it still wasn't enough to keep up. Over the past few months, the vulnerability ecosystem has shifted in a fundamental way. Input acro...

5.8AI score
Exploits0
Wiz blog
Wiz blog
added 2026/06/12 12:0 p.m.18 views

Navigating the New Federal Logging Mandate | OMB Memorandum M-26-14

The White House Memorandum puts in place an “adaptive framework,” where agencies make risk-based, prioritized logging decisions...

5.2AI score
Exploits0
CVE
CVE
added 2026/06/11 12:34 p.m.60 views

CVE-2026-48998

GuzzleHttp/psr7 (PHP) before version 2.10.2 is affected by improper Host header validation when parsing raw HTTP requests or deriving a server request URI from server variables. An attacker can supply a Host header containing URI delimiters (for example [email protected]) that can be r...

5.3CVSS5.5AI score0.00198EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/11 5:5 a.m.13 views

EUVD-2026-36214

The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly resolve annotations on methods within type hierarchies. This can be an issue if such annotations are used for authorization decisions. When all conditions are met, security annotations can be ignored...

7.5CVSS5.4AI score0.00352EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 7:12 p.m.7 views

GHSA-3QMC-CJ7Q-62HV Litestar: AllowedHostsMiddleware bypasses host validation via client-controlled X-Forwarded-Host header

Summary AllowedHostsMiddleware trusts the X-Forwarded-Host header as a fallback when the Host header is absent. Since X-Forwarded-Host is a client-controllable header, an attacker can bypass the allowed hosts validation by omitting the Host header and supplying an X-Forwarded-Host header set to a...

5.9CVSS5.6AI score0.00024EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.16 views

PT-2026-48543

Summary AllowedHostsMiddleware trusts the X-Forwarded-Host header as a fallback when the Host header is absent. Since X-Forwarded-Host is a client-controllable header, an attacker can bypass the allowed hosts validation by omitting the Host header and supplying an X-Forwarded-Host header set to a...

5.9CVSS5.7AI score0.00024EPSS
Exploits0References4
Spring Security Advisories
Spring Security Advisories
added 2026/06/10 12:0 a.m.8 views

CVE-2026-41856: Spring GraphQL Annotation Detection Vulnerability

The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly resolve annotations on methods within type hierarchies. This can be an issue if such annotations are used for authorization decisions. Spring for GraphQL application are vulnerable when all the...

7.5CVSS5.2AI score0.00352EPSS
Exploits0References1Affected Software1
Packet Storm News
Packet Storm News
added 2026/06/02 12:0 a.m.11 views

Learn from Your Mistakes: Tree-Like Self-Play for Secure Code LLMs

While Large Language Models LLMs excel in code generation, they remain prone to replicating subtle yet critical vulnerabilities endemic to their training data. Current alignment techniques, such as Supervised Fine-Tuning SFT and Reinforcement Learning RL, typically apply coarse-grained optimizati...

5.9AI score
Exploits0
Snyk
Snyk
added 2026/05/27 5:41 p.m.8 views

Incorrect Authorization

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via cached template security decisions in the sandbox implementation. An attacker can bypass sandbox filter, tag, and function restrictions...

6CVSS5.9AI score
Exploits0References2
The Hacker News
The Hacker News
added 2026/05/20 5:6 p.m.19 views

Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development

Microsoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in better testing the security of artificial intelligence AI agents. RAMPART, short for Risk Assessment and Measurement Platform for Agentic Red Teaming, functions as a Pytest-native safety and securi...

5.8AI score
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Golang-1.19

The ParseAddressList function improperly handles comments text within parentheses within display names. Since this contradicts conforming address parsers, it can lead to different trust decisions being made by programs that use different parsers...

7.5CVSS6.8AI score0.01042EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/05/12 10:30 a.m.14 views

Why Agentic AI Is Security's Next Blind Spot

Agentic AI is already running in production environments across many organizations today. It is executing tasks, consuming data, and taking actions — most likely without meaningful involvement from the security team. The industry conversation has largely framed this as a question of policy: allow...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/06 12:0 a.m.10 views

AgentTrust: Runtime Safety Evaluation and Interception for AI Agent Tool Use

Modern AI agents execute real-world side effects through tool calls such as file operations, shell commands, HTTP requests, and database queries. A single unsafe action, including accidental deletion, credential exposure, or data exfiltration, can cause irreversible harm. Existing defenses are...

6.1AI score
Exploits0
CVE
CVE
added 2026/05/01 8:34 p.m.18 views

CVE-2026-39807

The CVE describes a vulnerability in Bandit (Elixir) where the function Elixir.Bandit.Pipeline:determine_scheme/2 returns the client-supplied URI scheme verbatim, ignoring the transport’s secure flag. On plaintext TCP, a client can declare https and Bandit will set conn.scheme = :https even witho...

6.3CVSS5.8AI score0.00454EPSS
Exploits0References4
HackRead
HackRead
added 2026/04/30 2:48 p.m.9 views

Managed vs Self-Managed Cloud Hosting: Choosing the Best Option for Your Business

As more businesses relocate their operations to the cloud, one important decision arises: should you choose managed or…...

5.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.6 views

PT-2026-35774

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description An exec allowlist bypass exists where allow-always persistence fails to unwrap /usr/bin/script and similar wrappers before storing trust decisions. This allows attackers to obtain user approval...

7.3CVSS5.9AI score0.00117EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/04/28 12:0 a.m.7 views

MARD: A Multi-Agent Framework for Robust Android Malware Detection

With the rapid evolution of Android applications, traditional machine learning-based detection models suffer from concept drift. Additionally, they are constrained by shallow features, lacking deep semantic understanding and interpretability of decisions. Although Large Language Models LLMs...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/25 12:0 a.m.8 views

Architecture Matters for Multi-Agent Security

Multi-agent systems MAS, composed of networks of two or more autonomous AI agents, have become increasingly popular in production deployments, yet introduce security risks that do not arise in single-agent settings. Even if individual agents exhibit robust security, architectural decisions...

5.4AI score
Exploits0
OSV
OSV
added 2026/04/07 6:5 p.m.3 views

GHSA-JWVJ-G8PC-CX45 OpenFGA's BatchCheck within-request deduplication produces incorrect authorization decisions via list-value cache-key collision

Description In OpenFGA, under specific conditions, BatchCheck calls with multiple checks sent for the same object, relation, and user combination can result in improper policy enforcement. Am I affected? You are affected if you meet the following preconditions: 1. You execute BatchCheck operation...

5CVSS5.9AI score0.00211EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.5 views

From Incomplete Architecture to Quantified Risk: Multimodal LLM-Driven Security Assessment for Cyber-Physical Systems

Cyber-physical systems often contend with incomplete architectural documentation or outdated information resulting from legacy technologies, knowledge management gaps, and the complexity of integrating diverse subsystems over extended operational lifecycles. This architectural incompleteness...

5.8AI score
Exploits0
Rows per page
Query Builder