Lucene search
K

2489 matches found

GithubExploit
GithubExploit
added 2026/05/01 6:18 a.m.94 views

cve-deep-dive

Report Bug · Request Feature Table of Contents a...

7.8CVSS5.4AI score0.96267EPSS
Exploits228
Packet Storm News
Packet Storm News
added 2026/05/01 12:0 a.m.8 views

KingsGuard: Enclave Data Protection under Real-World TEE Vulnerabilities

Trusted Execution Environments TEEs have emerged as a cornerstone for securing sensitive computations by providing isolated enclaves protected from untrusted software. However, their security guarantees are undermined by vulnerabilities in both the enclave code and the underlying hardware design,...

5.9AI score
Exploits0
Amazon
Amazon
added 2026/04/30 12:0 a.m.13 views

Medium: cifs-utils

Issue Overview: A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentia...

5.9CVSS6.7AI score0.00149EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.6 views

Amazon Linux 2023 : cifs-utils, cifs-utils-devel, cifs-utils-info (ALAS2023-2026-1597)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1597 advisory. A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. Thi...

5.9CVSS5.8AI score0.00149EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/28 1:54 p.m.6 views

EUVD-2026-26053

GNU nano creates the user’s /.local directory with overly permissive permissions when the directory does not exist yet. On first use of features requiring Cross-Desktop Group XDG data storage, nano explicitly requests directory mode 0777, making the directory world‑writable in environments where...

2.1CVSS5.3AI score
Exploits0References3
EUVD
EUVD
added 2026/04/28 7:31 a.m.9 views

EUVD-2026-26012

In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

6.1CVSS5.2AI score0.00105EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2026/04/27 12:0 a.m.8 views

ONNX model cache defaults to world-writable predictable /tmp directory

In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Only applications that use TransformersEmbeddingModel and have the cache enabled, using the default location, are affected...

6.1CVSS5.9AI score0.00105EPSS
Exploits0References1Affected Software1
Packet Storm News
Packet Storm News
added 2026/04/24 12:0 a.m.7 views

The Security Cost of Intelligence: AI Capability, Cyber Risk, and Deployment Paradox

Firms are deploying more capable AI systems, but organizational controls often have not kept pace. These systems can generate greater productivity gains, but high-value uses require broader authority exposure -- data access, workflow integration, and delegated authority -- when governance control...

5.4AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:8 p.m.5 views

CVE-2026-35367

The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file 0644. In multi-user environments, this allows any user on the...

3.3CVSS5.8AI score0.00114EPSS
Exploits1References2
Wolfi
Wolfi
added 2026/04/22 7:48 a.m.11 views

GHSA-HX6P-XPX3-JVVV vulnerabilities

Vulnerabilities for packages: zed, wizer, wasmcloud, yara-x...

5.9AI score
Exploits0
Debian CVE
Debian CVE
added 2026/04/22 7:34 a.m.6 views

CVE-2026-6842

A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions 0777 instead of 0700 for the /.local directory. This allows the attacker to inject a malicious .desktop launcher, which could lead to unintended actions or...

2.5CVSS5.3AI score0.00085EPSS
Exploits0
Snyk
Snyk
added 2026/04/21 10:0 p.m.6 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that target Kubernetes environments by install a full LLM proxy service on the victim's machine, allowing the attacker to route LLM traffic through the compromised server. Remediation Avoid using kube-node-health...

9.8CVSS5.5AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/04/21 9:16 p.m.4 views

CVE-2026-35248

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle...

5CVSS7.2AI score0.00096EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/21 9:16 p.m.6 views

CVE-2026-35250

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle V...

2.3CVSS7.2AI score0.0011EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/04/21 9:16 p.m.6 views

CVE-2026-35251

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle...

7.5CVSS7.2AI score0.00107EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 5:16 p.m.9 views

CVE-2026-40566

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Server-Side Request Forgery SSRF vulnerability in the IMAP/SMTP connection test functionality of FreeScout's MailboxesController. Three AJAX actions fetchtest line 731, sendtest line 682, and imapfolder...

4.1CVSS0.00291EPSS
Exploits0References3
Wiz blog
Wiz blog
added 2026/04/21 12:0 p.m.7 views

Mapping Your API Ecosystem: Wiz Expands API Discovery with Apigee

See your full Apigee architecture on the Wiz Security Graph, from API gateways and environments to every endpoint and its authorization scheme...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/21 12:0 a.m.9 views

Do Agents Dream of Root Shells? Partial-Credit Evaluation of LLM Agents in Capture the Flag Challenges

Large Language Model LLM agents are increasingly proposed for autonomous cybersecurity tasks, but their capabilities in realistic offensive settings remain poorly understood. We present DeepRed, an open-source benchmark for evaluating LLM-based agents on realistic Capture The Flag CTF challenges ...

6AI score
Exploits0
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

Home Assistant 代码注入漏洞

Home Assistant is an open-source family automation management system developed by Home Assistant. This system is primarily used to control household automation devices. Versions of Home Assistant prior to 1.0.0 had a code injection vulnerability. This vulnerability stemmed from the use of unlimit...

5.6CVSS5.9AI score0.00103EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/04/21 12:0 a.m.51 views

API Security Based on Automatic OpenAPI Mapping

This paper presents Map Reduce Graph MRG, a novel unsupervised method for modeling and securing HTTP REST APIs. MRG learns API structure from real-world traffic without prior knowledge or labels, automatically generating OpenAPI-compliant documentation by reconstructing routes, methods, and...

5.7AI score
Exploits0
Rows per page
Query Builder