Lucene search
K

2475 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/12 7:20 p.m.5 views

CVE-2026-42355

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archive ASAR parser in NanaZip. When opening a crafted .asar file with deeply nested JSON in the header, both nlohmann::json::parse and the handler's...

3.3CVSS5.8AI score0.00111EPSS
Exploits0References2Affected Software1
Packet Storm News
Packet Storm News
added 2026/05/12 12:0 a.m.8 views

Convolutional-Neural-Networks for Deanonymisation of I2P Traffic

This study investigates the potential for deanonymizing services within the Invisible Internet Project I2P network through passive traffic analysis and machine learning techniques. The primary objective is to identify distinctive patterns in I2P traffic despite the encryption of its payload. To...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.16 views

PT-2026-40359

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPaths recurses into subdirectories without any depth limit or visited-inode tracking. A crafted UFS...

3.3CVSS5.8AI score0.00111EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/11 8:26 p.m.8 views

CVE-2026-43944

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Exploit requires clicking a crafted electerm://... link or...

9.6CVSS6.2AI score0.00363EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 5:16 p.m.8 views

EUVD-2026-29161

jq is a command-line JSON processor. In 1.8.1 and earlier, jvcontains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input structure built programmatically with reduce, since the JSON parser caps at depth 10000, the C stack is exhausted...

6.8CVSS5.8AI score0.00161EPSS
Exploits1References1
OSV
OSV
added 2026/05/11 4:10 p.m.4 views

GHSA-MHWJ-73QX-JQXM @theecryptochad/merge-guard has Prototype Pollution in its deepMerge() function

Summary @theecryptochad/merge-guard versions prior to 1.0.1 are vulnerable to Prototype Pollution via the deepMerge function. An attacker who controls the source object can inject proto keys that mutate Object.prototype, affecting all objects in the Node.js runtime. Details The deepMerge function...

7.5CVSS5.9AI score
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/05/11 12:0 a.m.10 views

Agentic Fuzzing: Opportunities and Challenges

Fuzzers and static analyzers find many bugs but struggle with logic bugs in mature codebases. Triggering such a bug often requires multi-step reasoning that produces no distinctive execution feedback, and variants can appear across implementations too different for a single pattern to match. Rece...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/10 12:0 a.m.8 views

Operationalizing Cybersecurity Governance for Mitigation Planning with Attack-Path Modeling and Reinforcement Learning

We address a fundamental challenge in cybersecurity operations of translating governance frameworks into actionable mitigation decisions under realistic resource constraints. Frameworks such as the NIST Cybersecurity Framework CSF provide widely adopted measures of organizational maturity, but do...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.18 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python3 (SUSE-SU-2026:1715-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1715-1 advisory. - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined...

9.1CVSS6.9AI score0.00621EPSS
Exploits1References31
OSV
OSV
added 2026/05/08 6:46 p.m.6 views

GHSA-MPM8-CX2P-626Q Electerm users can run dangrous code through link or command line

Impact Arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Affected users: electerm installs that accept protocol URLs or CLI options affected versions listed in the original report. Exploit requires clicking a crafted electerm://... link or opening a crafted...

9.6CVSS6.2AI score0.00363EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/08 6:46 p.m.10 views

EUVD-2026-28516

Electerm users can run dangrous code through link or command line...

9.6CVSS5.9AI score0.00363EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/08 6:46 p.m.13 views

Electerm users can run dangrous code through link or command line

Impact Arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Affected users: electerm installs that accept protocol URLs or CLI options affected versions listed in the original report. Exploit requires clicking a crafted electerm://... link or opening a crafted...

9.6CVSS6.2AI score0.00363EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2026/05/08 3:16 p.m.7 views

CVE-2026-43362

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix in-place encryption corruption in SMB2write SMB2write places write payload in iov1..n as part of rqiov. smb3inittransformrq pointer-shares rqiov, so cryptmessage encrypts iov1 in-place, replacing the original...

8.1CVSS0.00217EPSS
Exploits0References5
CVE
CVE
added 2026/05/08 2:21 p.m.21 views

CVE-2026-43362

CVE-2026-43362 affects the Linux kernel SMB client by an in-place encryption flaw in SMB2_write(), where the write payload could be replaced with ciphertext during retries on unstable connections. The root cause is that smb3_init_transform_rq() shares rq_iov, causing crypt_message() to in-place-e...

8.1CVSS5.8AI score0.00217EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/08 2:21 p.m.8 views

CVE-2026-43362

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix in-place encryption corruption in SMB2write SMB2write places write payload in iov1..n as part of rqiov. smb3inittransformrq pointer-shares rqiov, so cryptmessage encrypts iov1 in-place, replacing the original...

5.8AI score0.00217EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/05/08 2:21 p.m.32 views

CVE-2026-43362 smb: client: fix in-place encryption corruption in SMB2_write()

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix in-place encryption corruption in SMB2write SMB2write places write payload in iov1..n as part of rqiov. smb3inittransformrq pointer-shares rqiov, so cryptmessage encrypts iov1 in-place, replacing the original...

8.1CVSS0.00217EPSS
Exploits0References5
NVD
NVD
added 2026/05/08 4:16 a.m.15 views

CVE-2026-43944

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Exploit requires clicking a crafted electerm://... link or...

9.6CVSS0.00363EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/08 3:8 a.m.6 views

CVE-2026-43944

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Exploit requires clicking a crafted electerm://... link or...

9.4CVSS6.3AI score0.00363EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/08 3:8 a.m.8 views

CVE-2026-43944 electerm: dangerous code can be run through links or command line

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Exploit requires clicking a crafted electerm://... link or...

9.4CVSS6.2AI score0.00363EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/08 3:8 a.m.36 views

CVE-2026-43944 electerm: dangerous code can be run through links or command line

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Exploit requires clicking a crafted electerm://... link or...

9.4CVSS0.00363EPSS
Exploits0References5
Rows per page
Query Builder