Lucene search
+L

135 matches found

packetstormnews
packetstormnews
added 2025/12/29 12:0 a.m.9 views

Securing the AI Supply Chain: What Can We Learn from Developer-Reported Security Issues and Solutions of AI Projects?

The rapid growth of Artificial Intelligence AI models and applications has led to an increasingly complex security landscape. Developers of AI projects must contend not only with traditional software supply chain issues but also with novel, AI-specific security threats. However, little is known...

6.9AI score
Exploits0
packetstormnews
packetstormnews
added 2025/12/02 12:0 a.m.8 views

S3C2 SICP Summit 2025-06: Vulnerability Response Summit

Recent years have shown increased cyber attacks targeting less secure elements in the software supply chain and causing significant damage to businesses and organizations. The US and EU governments and industry are equally interested in enhancing software security, including supply chain and...

6.7AI score
Exploits0
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-1859

Malware in sbrugna...

9.1CVSS9.3AI score0.01353EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.11 views

EUVD-2025-20284

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00264EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-17342

Malicious code in bioql PyPI...

9.8CVSS7.7AI score0.40416EPSS
Exploits1References2
ossf
ossf
added 2025/08/14 6:52 p.m.2 views

Malicious code in dasnoo-discussions-list (npm)

The package dasnoo-discussions-list was found to contain malicious code...

7AI score
Exploits0
osv
osv
added 2025/08/14 6:52 p.m.1 views

MAL-2025-17981 Malicious code in dasnoo-discussions-list (npm)

The package dasnoo-discussions-list was found to contain malicious code...

7.2AI score
Exploits0
redhatcve
redhatcve
added 2025/07/09 6:16 p.m.14 views

CVE-2025-53532

giscus is a commenting system powered by GitHub Discussions. A bug in giscus' discussions creation API allowed an unauthorized user to create discussions on any repository where giscus is installed. This affects the server-side part of giscus, which is provided via http://giscus.app or your own...

5.3CVSS6.2AI score0.00264EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/07/07 5:6 p.m.6 views

CVE-2025-53532 giscus allows unauthorized discussion creation

giscus is a commenting system powered by GitHub Discussions. A bug in giscus' discussions creation API allowed an unauthorized user to create discussions on any repository where giscus is installed. This affects the server-side part of giscus, which is provided via http://giscus.app or your own...

5.3CVSS6.3AI score0.00264EPSS
Exploits0References3
osv
osv
added 2025/07/07 5:6 p.m.7 views

CVE-2025-53532 giscus allows unauthorized discussion creation

giscus is a commenting system powered by GitHub Discussions. A bug in giscus' discussions creation API allowed an unauthorized user to create discussions on any repository where giscus is installed. This affects the server-side part of giscus, which is provided via http://giscus.app or your own...

5.3CVSS6.7AI score0.00264EPSS
Exploits0References5
cvelist
cvelist
added 2025/07/07 5:6 p.m.14 views

CVE-2025-53532 giscus allows unauthorized discussion creation

giscus is a commenting system powered by GitHub Discussions. A bug in giscus' discussions creation API allowed an unauthorized user to create discussions on any repository where giscus is installed. This affects the server-side part of giscus, which is provided via http://giscus.app or your own...

5.3CVSS0.00264EPSS
Exploits0References3
cnnvd
cnnvd
added 2025/07/07 12:0 a.m.6 views

giscus 授权问题漏洞

giscus is an open source commenting system from giscus. An authorization issue vulnerability exists in giscus that originates from an unauthorized user being able to create a discussion on a repository where giscus is installed, potentially leading to unauthorized actions...

5.3CVSS6.5AI score0.00264EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2025/07/07 12:0 a.m.6 views

PT-2025-28222 · Giscus · Giscus

Name of the Vulnerable Software and Affected Versions: giscus affected versions not specified Description: A bug in giscus' discussions creation API allowed an unauthorized user to create discussions on any repository where giscus is installed. This affects the server-side part of giscus, which i...

5.3CVSS6AI score0.00264EPSS
Exploits0References7
schneier
schneier
added 2025/07/02 11:2 a.m.8 views

Ubuntu Disables Spectre/Meltdown Protections

A whole class of speculative execution attacks against CPUs were published in 2018. They seemed pretty catastrophic at the time. But the fixes were as well. Speculative execution was a way to speed up CPUs, and removing those enhancements resulted in significant performance drops. Now, people are...

7.3AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/21 12:0 a.m.8 views

Understanding Content Moderation Policies and User Experiences in Generative AI Products

While recent research has focused on developing safeguards for generative AI GAI model-level content safety, little is known about how content moderation to prevent malicious content performs for end-users in real-world GAI products. To bridge this gap, we investigated content moderation policies...

6.9AI score
Exploits0
redhatcve
redhatcve
added 2025/05/22 8:13 p.m.5 views

CVE-2021-39904

An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows a Merge Request creator to resolve discussions and apply suggestion...

4.3CVSS5.9AI score0.00815EPSS
Exploits1References1
packetstormnews
packetstormnews
added 2025/04/26 12:0 a.m.13 views

The Dark Side of the Web: Towards Understanding Various Data Sources in Cyber Threat Intelligence

Cyber threats have become increasingly prevalent and sophisticated. Prior work has extracted actionable cyber threat intelligence CTI, such as indicators of compromise, tactics, techniques, and procedures TTPs, or threat feeds from various sources: open source data e.g., social networks, internal...

6.6AI score
Exploits0
cvelist
cvelist
added 2025/04/21 3:13 p.m.28 views

CVE-2024-12863 Stored XSS in Discussions functionality

Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system...

5.6CVSS0.00343EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/04/21 12:0 a.m.5 views

OpenText Content Management CE 跨站脚本漏洞

OpenText Content Management CE is an enterprise content management solution from OpenText Canada. A cross-site scripting vulnerability exists in OpenText Content Management CE versions 20.2 through 25.1, which stems from stored cross-site scripting in the Discussions feature that could lead to co...

5.6CVSS6.4AI score0.00343EPSS
Exploits0References1
circl
circl
added 2025/04/16 1:7 a.m.12 views

CVE-2025-3620

creationtimestamp| type| source ---|---|--- 2025-04-16 01:07:07+00:00| seen| https://infosec.exchange/users/vuldb/statuses/114344960148459261 2025-04-16 07:11:09+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3lmvzyo7xik2r 2025-04-16 09:06:20+00:00| seen|...

8.8CVSS7.6AI score0.00261EPSS
Exploits0References11
Rows per page
Query Builder