CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm News•added 2026/01/08 12:0 a.m.•0 views

Cyber Threat Detection and Vulnerability Assessment System Using Generative AI and Large Language Model

Background: Cyber-attacks have evolved rapidly in recent years, many individuals and business owners have been affected by cyber-attacks in various ways. Cyber-attacks include various threats such as ransomware, malware, phishing, and Denial of Service DoS-related attacks. Challenges: Traditional...

6.9AI score

The Hacker News•added 2026/01/07 5:19 p.m.•4 views

Webinar: Learn How AI-Powered Zero Trust Detects Attacks with No Files or Indicators

Security teams are still catching malware. The problem is what they're not catching. More attacks today don't arrive as files. They don't drop binaries. They don't trigger classic alerts. Instead, they run quietly through tools that already exist inside the environment — scripts, remote access,...

Tenable Nessus•added 2026/01/07 12:0 a.m.•1 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000449)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000449 advisory. A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is...

7.5CVSS6.6AI score0.00155EPSS

OSSF Malicious Packages•added 2026/01/04 6:49 p.m.•4 views

Malicious code in aoohttp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9d3438b2d065c0535b5ac80ce789201be4f8095642d0f10a20a7da13d46152f8 Obfuscated code downloads an encrypted binary blob, which is malware finally starting cryptomining. After starting the malware, the Python package uninstall...

OSV•added 2026/01/04 6:49 p.m.•2 views

MAL-2026-38 Malicious code in auohttp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f4b76a407d91e23cb990d6ed08e3c0e81898f2b97d690db76b4e3b547fda5fab Obfuscated code downloads an encrypted binary blob, which is malware finally starting cryptomining. After starting the malware, the Python package uninstall...

OSSF Malicious Packages•added 2026/01/04 6:49 p.m.•6 views

Malicious code in auohttp (PyPI)

OSSF Malicious Packages•added 2026/01/04 6:48 p.m.•5 views

Malicious code in aiohtto (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9338a4f3f167cf0ba279696ac9ae9bae26219391e2a87a805cc8bb92b4cddd6e Obfuscated code downloads an encrypted binary blob, which is malware finally starting cryptomining. After starting the malware, the Python package uninstall...

Packet Storm News•added 2026/01/03 12:0 a.m.•6 views

Comparative Evaluation of VAE, GAN, and SMOTE for Tor Detection in Encrypted Network Traffic

Encrypted network traffic poses significant challenges for intrusion detection due to the lack of payload visibility, limited labeled datasets, and high class imbalance between benign and malicious activities. Traditional data augmentation methods struggle to preserve the complex temporal and...

6.8AI score

Positive Technologies•added 2026/01/01 12:0 a.m.•11 views

PT-2026-5077

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 147.0.1 Thunderbird versions prior to 140.7.1 Description A flaw exists that could allow for CSS-based exfiltration of content from partially encrypted emails when remote content is permitted. This could potential...

9.8CVSS7.4AI score0.19171EPSS

Exploits2References132

UbuntuCve•added 2025/12/30 1:16 p.m.•1 views

CVE-2023-54296

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Get source vCPUs from source VM for SEV-ES intrahost migration Fix a goof where KVM tries to grab source vCPUs from the destination VM when doing intrahost migration. Grabbing the wrong vCPU not only hoses the guest, it...

5.7AI score0.00024EPSS

Exploits0References5

Tenable Nessus•added 2025/12/30 12:0 a.m.•2 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992190)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992190 advisory. In the Linux kernel, the following vulnerability has been resolved: ubifs: Free memory for tmpfile name When opening a ubifs tmpfile on an encrypted directory,...

5.5CVSS5.9AI score0.00016EPSS

CVE•added 2025/12/29 4:18 p.m.•54 views

CVE-2025-53627

Meshtastic firmware (from version 2.5) can fall back to legacy AES-256-CTR if the pki_encrypted flag is missing, undermining PKI end-to-end direct messages. The downgrade path allows adversaries with a shared channel key to inject spoofed DMs that appear PKI-encrypted to end-user apps (Web, iOS/A...

5.3CVSS6.4AI score0.00022EPSS

Exploits1References1Affected Software1

The Hacker News•added 2025/12/25 12:46 p.m.•4 views

LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds

The encrypted vault backups stolen from the 2022 LastPass data breach have enabled bad actors to take advantage of weak master passwords to crack them open and drain cryptocurrency assets as recently as late 2025, according to new findings from TRM Labs. The blockchain intelligence firm said...

6.7AI score

Veracode•added 2025/12/23 10:42 a.m.•7 views

Missing Authorization

Jenkins is vulnerable to Missing Authorization. The vulnerability is due to a missing permission check on viewing encrypted credential data, which allows attackers with only View/Read permissions to access and view encrypted password values in views...

4.3CVSS6.9AI score0.00215EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2025/12/23 10:38 a.m.•3 views

CVE-2025-61738

Under certain circumstances, attacker can capture the network key, read or write encrypted packets on the PowerG network...

2.3CVSS7AI score0.00025EPSS

Exploits0References1

The Hacker News•added 2025/12/22 4:28 p.m.•4 views

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens

Cybersecurity researchers have disclosed details of a new malicious package on the npm repository that works as a fully functional WhatsApp API, but also contains the ability to intercept every message and link the attacker's device to a victim's WhatsApp account. The package, named "lotusbail,"...

6.6AI score