Lucene search
K

7862 matches found

CISA KEV Catalog
CISA KEV Catalog
added 2026/03/26 12:0 a.m.23 views

Aquasecurity Trivy Embedded Malicious Code Vulnerability

Aquasecurity Trivy contains an embedded malicious code vulnerability that could allow an attacker to gain access to everything in the CI/CD environment, including all tokens, SSH keys, cloud credentials, database passwords, and any sensitive configuration in memory...

9.4CVSS6.1AI score0.60368EPSS
In wildExploits2
Packet Storm News
Packet Storm News
added 2026/03/25 12:0 a.m.0 views

Toward a Multi-Layer ML-Based Security Framework for Industrial IoT

The Industrial Internet of Things IIoT introduces significant security challenges as resource-constrained devices become increasingly integrated into critical industrial processes. Existing security approaches typically address threats at a single network layer, often relying on expensive hardwar...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.4 views

PT-2026-28080

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.26 n8n versions prior to 2.13.3 n8n versions prior to 2.14.1 Description n8n is a workflow automation platform susceptible to a SQL injection issue in the Data Table Get node. An authenticated user with appropriate...

9.9CVSS5.9AI score0.00423EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2026/03/24 4:36 p.m.5 views

5 Learnings from the First-Ever Gartner Market Guide for Guardian Agents

On February 25, 2026, Gartner published its inaugural Market Guide for Guardian Agents, marking an important milestone for this emerging category. For those unfamiliar with the various Gartner report types, “a Market Guide defines a market and explains what clients can expect it to do in the shor...

6AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 2:26 p.m.5 views

Security Bulletin: Communications Server (CS) for Data Center Deployment and CS for AIX are affected by: IBM Java: Buffer overflow vulnerability in OMR allows denial-of-service

Summary Communications Server CS for Data Center Deployment and CS for AIX install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database used by the TN3270 Server and...

9.8CVSS6.2AI score0.00491EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 2:25 p.m.6 views

Security Bulletin: Communications Server (CS) for Data Center Deployment, CS for Linux, and CS for Linux on System z are affected by: IBM Java: Buffer overflow vulnerability in OMR allows denial-of-service

Summary Communications Server CS for Data Center Deployment, CS for Linux, and CS for Linux on System z install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database...

9.8CVSS6.2AI score0.00491EPSS
Exploits0Affected Software3
Packet Storm News
Packet Storm News
added 2026/03/24 12:0 a.m.5 views

Agent Audit: A Security Analysis System for LLM Agent Applications

What should a developer inspect before deploying an LLM agent: the model, the tool code, the deployment configuration, or all three? In practice, many security failures in agent systems arise not from model weights alone, but from the surrounding software stack: tool functions that pass untrusted...

5.9AI score
Exploits0
CNVD
CNVD
added 2026/03/24 12:0 a.m.2 views

OpenClaw Authentication Strengthening Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authentication hardening vulnerability that is due to an authentication hardening vulnerability in the browser-sourced WebSocket client in a loopback deployment. An attacker can exploit the...

7.5CVSS5.9AI score0.00294EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/23 10:45 p.m.3 views

CVE-2026-33046

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaT...

7.7CVSS5.9AI score0.00782EPSS
Exploits0References7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/23 1:39 p.m.4 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by an Improper Certificate Validation vulnerability in Apache Log4j Core (CVE-2025-68161)

Summary SPSS Collaboration and Deployment Services is affected by an Improper Certificate Validation vulnerability in Apache Log4j Core CVE-2025-68161. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j...

6.3CVSS6.4AI score0.00743EPSS
Exploits1Affected Software1
Packet Storm News
Packet Storm News
added 2026/03/23 12:0 a.m.8 views

CTF As a Service: A Reproducible and Scalable Infrastructure for Cybersecurity Training

Capture The Flag CTF competitions have established themselves as a highly effective pedagogical tool in cybersecurity education, offering students hands-on experience in realistic attack and defense scenarios. However, organizing and hosting these events requires considerable infrastructure effor...

5.8AI score
Exploits0
Huntr
Huntr
added 2026/03/22 4:43 p.m.4 views

Git argument injection in deployment pull steps via unsanitized commit_sha enables RCE on workers

This report is not public...

9.9CVSS7.3AI score0.00566EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2026/03/20 8:27 a.m.4 views

CVE-2026-33071

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, the WebDAV upload endpoint accepts any file extension including .phtml, .php5, .htaccess, and other server-side executable types, bypassing the filename validation enforced by the regular upload path. In...

4.3CVSS6.1AI score0.00621EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/03/20 6:16 a.m.26 views

CVE-2026-33037

WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files docker-compose.yml, env.example ship with the admin password set to "password", which is automatically used to seed the admin account during installation, meaning any instance deployed...

8.1CVSS0.00672EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/20 5:25 a.m.4 views

EUVD-2026-13575

WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files docker-compose.yml, env.example ship with the admin password set to "password", which is automatically used to seed the admin account during installation, meaning any instance deployed...

8.1CVSS6.3AI score0.00672EPSS
Exploits1References2
CVE
CVE
added 2026/03/20 5:25 a.m.22 views

CVE-2026-33037

The CVE concerns WWBN AVideo. In versions ≤25.0, the official Docker deployment files ship with the admin password set to “password,” which is used to seed the admin account during installation unless SYSTEM_ADMIN_PASSWORD is overridden. This creates immediate administrative takeover risk, with f...

8.1CVSS6.3AI score0.00672EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/20 5:25 a.m.3 views

CVE-2026-33037

WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files docker-compose.yml, env.example ship with the admin password set to "password", which is automatically used to seed the admin account during installation, meaning any instance deployed...

8.1CVSS6.3AI score0.00672EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/20 5:25 a.m.8 views

CVE-2026-33037 WWBN AVideo has predictable default admin credentials in official Docker deployment path

WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files docker-compose.yml, env.example ship with the admin password set to "password", which is automatically used to seed the admin account during installation, meaning any instance deployed...

8.1CVSS6.5AI score0.00672EPSS
Exploits1References2
OSV
OSV
added 2026/03/20 5:25 a.m.3 views

CVE-2026-33037 WWBN AVideo has predictable default admin credentials in official Docker deployment path

WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files docker-compose.yml, env.example ship with the admin password set to "password", which is automatically used to seed the admin account during installation, meaning any instance deployed...

8.1CVSS6.3AI score0.00672EPSS
Exploits1References4
Fedora
Fedora
added 2026/03/20 1:3 a.m.7 views

[SECURITY] Fedora 43 Update: bpfman-0.5.4-4.fc43

bpfman operates as an eBPF manager, focusing on simplifying the deployment and administration of eBPF programs...

8.7CVSS5.8AI score0.005EPSS
Exploits0
Rows per page
Query Builder