Lucene search
K

7860 matches found

Snyk
Snyk
added 2026/05/18 1:26 p.m.6 views

Symlink Attack

Overview apm-cli is a MCP configuration tool Affected versions of this package are vulnerable to Symlink Attack during the integration when symbolic links under certain directories are dereferenced and their target file contents are copied into project deployment directories. An attacker can acce...

7.5CVSS5.5AI score0.00654EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/05/18 12:0 a.m.10 views

Explainable Machine Learning for Phishing Detection on Heterogeneous Datasets with MCP-Enabled Deployment

With the growth in digital transformation and Internet usage, the Social Engineering techniques such as Phishing have become a major concern for the users and the organizations. Phishing attacks involve deceptive techniques to trick users into revealing confidential information that causes...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/17 12:0 a.m.26 views

ADR: An Agentic Detection System for Enterprise Agentic AI Security

We present the Agentic AI Detection and Response ADR system, the first large-scale, production-proven enterprise framework for securing AI agents operating through the Model Context Protocol MCP. We identify three persistent challenges in this domain: 1 limited observability -- existing Endpoint...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/16 12:37 p.m.98 views

Exploit for Server-Side Request Forgery in Apache Axis

Axis1.4 CVE-2019-0227 Remote Command Execution Vulnerability E...

7.5CVSS7.3AI score0.86503EPSS
Exploits7
Cvelist
Cvelist
added 2026/05/15 7:57 p.m.41 views

CVE-2026-44552 Open WebUI: Redis Cache Keys tool_servers and terminal_servers Missing Instance Prefix Enable Cross-Instance Cache Poisoning

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the toolservers and terminalservers keys in utils/tools.py do use a prefix. When two or more Open WebUI instances share a Redis database a supported and documented deployment pattern...

8.7CVSS0.00305EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.12 views

PT-2026-41316

Name of the Vulnerable Software and Affected Versions Microsoft APM versions 0.5.4 through 0.12.4 Description Two primitive integrators in apm-cli use Path.glob and Path.rglob to enumerate package files and Path.read text to read matches, which transparently follows symbolic links. A symlink with...

7.4CVSS5.8AI score0.00654EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

APM – Agent Package Manager 后置链接漏洞

APM – Agent Package Manager is an open-source AI-based dependency management tool developed by Microsoft. In versions 0.5.4 to 0.12.4 of APM, there was a post-link vulnerability. This vulnerability stemmed from calls to functions like Path.glob and Path.rglob, which followed symbolic links. As a...

7.4CVSS5.8AI score0.00654EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/15 12:0 a.m.9 views

On-Device Interpretable Tsetlin Machine-Based Intrusion Detection for Secure IoMT

The rapid evolution of digital health technologies is redefining healthcare services worldwide. The integration of wireless communication and Internet-enabled medical devices within Internet of Medical Things IoMT networks enables continuous, real-time patient monitoring. However, this increased...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/05/14 9:9 p.m.8 views

EUVD-2026-30493

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.6, the client-side and server-side GitHub OIDC flow is bound only to a global audience string, not to the specific registry instance being targeted. On the client side, the publisher...

2.1CVSS5.9AI score0.00219EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 8:40 p.m.34 views

CVE-2026-44679 Tuist: Forgot password flow lacks throttling for reset email delivery

Tuist is a virtual platform team for Swift app devs. Prior to 1.180.10, the forgot password flow allows an unauthenticated attacker to repeatedly trigger password reset emails for a known account without server-side throttling. In self-hosted deployments, this can be abused to send large volumes ...

6.9CVSS0.00288EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 4:20 p.m.47 views

CVE-2026-44514 Kubetail: Cross-Site WebSocket Hijacking allows attacker to read Kubernetes logs from authenticated users

Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web page visited by a user with an active Kubetail session could open a WebSocket to th...

6.5CVSS0.0017EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 4:20 p.m.7 views

CVE-2026-44514

Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web page visited by a user with an active Kubetail session could open a WebSocket to th...

6.5CVSS5.8AI score0.0017EPSS
Exploits0References2Affected Software3
EUVD
EUVD
added 2026/05/14 4:20 p.m.10 views

EUVD-2026-30331

Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web page visited by a user with an active Kubetail session could open a WebSocket to th...

6.5CVSS5.8AI score0.0017EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/14 2:54 p.m.8 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes over the /api/v1/chatflows endpoint. A user can gain unauthorized access to and modify sensitive attributes, such as deployment...

7.6CVSS5.8AI score0.00268EPSS
Exploits1References3
Microsoft Secure
Microsoft Secure
added 2026/05/14 2:20 p.m.10 views

When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps

In this article 1. Background 2. What is an exploitable misconfiguration? 3. Exploitable misconfigurations in popular AI applications 4. Minimizing the risk: Practical deployment guidance 5. How Microsoft Defender for Cloud helps detect exposures in Kubernetes 6. Learn more AI and agentic...

6.6AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/05/14 6:46 a.m.12 views

Important: Red Hat Security Advisory: Assisted Installer RHEL 9 components for Multicluster Engine for Kubernetes 2.6.11

Assisted installer RHEL 9 components for the multicluster engine for Kubernetes 2.6.11 General Availability release, with updates to container images. Assisted Installer RHEL 9 integrates components for the general multicluster engine for Kubernetes 2.6.11 release that simplify the process of...

7.5CVSS6.4AI score0.00651EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.11 views

PT-2026-40977

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description A mass assignment issue exists in the chatflow update endpoint. This occurs when an application takes user-provided data and applies it to an internal object without sufficient filtering, allowing...

8.1CVSS5.5AI score0.00268EPSS
Exploits1References7
Packet Storm News
Packet Storm News
added 2026/05/14 12:0 a.m.52 views

Do Coding Agents Understand Least-Privilege Authorization?

As coding agents gain access to shells, repositories, and user files, least-privilege authorization becomes a prerequisite for safe deployment: an agent should receive enough authority to complete the task, without unnecessary authority that exposes sensitive surfaces.To study whether current...

5.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/05/13 4:35 p.m.12 views

Important: Red Hat Security Advisory: Assisted Installer RHEL 8 components for Multicluster Engine for Kubernetes 2.8.6

Assisted installer RHEL 8 components for the multicluster engine for Kubernetes 2.8.6 General Availability release, with updates to container images. Assisted Installer RHEL 8 integrates components for the general multicluster engine for Kubernetes 2.8.6 release that simplify the process of...

8.7CVSS6.4AI score0.0075EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2026/05/13 12:16 p.m.100 views

agentcore-poc

Blueprint POC - Workflow Generation & Deployment A Proof of C...

5.9AI score
Exploits0
Rows per page
Query Builder