Lucene search
K

2489 matches found

Snyk
Snyk
added 2026/05/31 9:0 p.m.8 views

Malicious Package

Overview Sicoob-Cooperativa.Sicoob.Poupanca is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/29 10:17 p.m.20 views

stigmem-node's unsigned plugin override could be enabled without a second explicit acknowledgment

Impact A single configuration flag could disable plugin signature enforcement. If an operator unintentionally carried that setting into an environment where plugin paths are writable by less-trusted users, unsigned plugin code could be loaded. Patches Patched in 0.9.0a2. Disabling plugin signatur...

5.9AI score
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.16 views

arcane 操作系统命令注入漏洞

Arcane is an open-source Docker management software developed by Arcane. Versions of Arcane 1.18.1 and earlier contain a vulnerability related to operating system command injection. This vulnerability stems from the path cleaner in the GET /environments/id/volumes/volumeName/browse endpoint not...

6.3CVSS6.1AI score0.0021EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Portainer 安全漏洞

Portainer is a lightweight user management interface developed by Portainer for managing Docker environments and Docker hosts. Versions of Portainer Community Edition from 2.33.0 to 2.33.8 contained security vulnerabilities. These vulnerabilities stemmed from the kubeClientMiddleware middleware...

8.1CVSS5.8AI score0.00335EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2026/05/28 12:0 a.m.21 views

Protecting On-Device AI Inference: A Systematic Review of Attacks and Defence Mechanisms

The need for secure and private Artificial Intelligence AI and Machine Learning ML on edge and mobile devices has increased the necessity of protecting the architecture of these systems from threats to both security and privacy. With an ever-increasing number of pre-trained AI models being used o...

5.8AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/27 5:22 p.m.8 views

CVE-2026-44346 BentoML: Dockerfile command injection via envs[*].name in bentofile.yaml

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs.name produces unquoted RUN directives in the BentoML-generated Dockerfile. When the victim runs bentom...

8.8CVSS5.9AI score0.00321EPSS
Exploits1References1
OSV
OSV
added 2026/05/27 2:17 p.m.7 views

DEBIAN-CVE-2026-47104

libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parseiadarray in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer...

5.5CVSS5.9AI score0.0013EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 2:17 p.m.18 views

CVE-2026-47104

libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parseiadarray in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer...

5.5CVSS0.0013EPSS
Exploits0References5
OSV
OSV
added 2026/05/27 2:17 p.m.7 views

UBUNTU-CVE-2026-47104

libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parseiadarray in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer...

5.5CVSS5.9AI score0.0013EPSS
Exploits0References6
CVE
CVE
added 2026/05/27 1:20 p.m.34 views

CVE-2026-47104

CVE-2026-47104 affects libusb before 1.0.30. The vulnerability is a one-byte out-of-bounds read in parse_iad_array() in descriptor.c, allowing a denial of service when a malformed USB descriptor is supplied with bLength equal to size minus one, causing the bounds check to use the original buffer ...

5.5CVSS5.9AI score0.0013EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 1:20 p.m.10 views

CVE-2026-47104

libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parseiadarray in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer...

5.1CVSS5.9AI score0.0013EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/05/23 3:14 a.m.84 views

Exploit for CVE-2025-46822

CVE-2025-46822 ⚠️ Security Research & Legal Disclaimer...

8.7CVSS7.2AI score0.03847EPSS
Exploits14
Chainguard
Chainguard
added 2026/05/23 1:18 a.m.8 views

GHSA-8Q93-326V-3M7G vulnerabilities

Vulnerabilities for packages: synapse...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/23 12:0 a.m.15 views

CyberMaskQA: A Privacy-Aware Benchmark for Evaluating Large Language Models in Cybersecurity Question Answering

Large language models LLMs are increasingly applied to cybersecurity question answering QA for critical tasks such as incident response and vulnerability analysis. However, real-world operational contexts, including system logs and network configurations, inherently contain sensitive identifiers,...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/22 12:0 a.m.16 views

Security, Privacy, and Ethical Risks in OpenClaw

This paper systematically investigates the security, privacy, and ethical risks, as well as the traceability challenges of OpenClaw, a locally executable AI agent system for natural language interaction and real-world task completion. While OpenClaw shows strong potential for personal assistance,...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/05/20 1:9 p.m.12 views

EUVD-2026-31103

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...

7.5CVSS5.7AI score0.01047EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux, Linux 5.15

A flaw was discovered in cifs-utils. When attempting to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may result in the disclosure of sensitive data from the host’s Kerberos...

5.9CVSS7.3AI score0.00149EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.12 views

Veritas InfoScale CmdServer 访问控制错误漏洞

Veritas InfoScale CmdServer is a command execution and remote management service component provided by Veritas Corporation in the US, designed for InfoScale cluster environments. Versions of Veritas InfoScale CmdServer prior to 7.4.2 contained an access control vulnerability, which was caused by...

8.8CVSS6AI score0.00375EPSS
Exploits0References1
OSV
OSV
added 2026/05/19 6:13 p.m.16 views

MAL-2026-4729 Malicious code in whiteboard-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae14bab8e5a11636f7a395fccf88119f5294c3639c8f71b6b2e3f199282bb584 On npm install, scripts/postinstall.js fetches a companion-- binary from github.com/palmthree-studio/whiteboard-agent/releases/download/nightly/... —...

5.9AI score
Exploits0References2
The Hacker News
The Hacker News
added 2026/05/19 11:30 a.m.15 views

The New Phishing Click: How OAuth Consent Bypasses MFA

In February 2026, a phishing-as-a-service PhaaS platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogi...

5.9AI score
Exploits0
Rows per page
Query Builder