Lucene search
K

2488 matches found

Fedora
Fedora
added 2026/05/18 12:44 a.m.19 views

[SECURITY] Fedora 44 Update: apptainer-1.5.0-1.fc44

Apptainer provides functionality to make portable containers that can be used across host environments...

7.5CVSS6.4AI score0.0075EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.14 views

PT-2026-41733

Name of the Vulnerable Software and Affected Versions mlflow versions prior to 3.11.0 Description The get or create nfs tmp dir function in mlflow/utils/file utils.py creates temporary directories with world-writable permissions 0o777, and the create model downloading tmp dir function in...

7.8CVSS7.6AI score0.00193EPSS
Exploits1References11
GithubExploit
GithubExploit
added 2026/05/16 3:5 a.m.111 views

Exploit for CVE-2026-45091

CVE-2026-45091 ⚠️ Security Research & Legal Disclaimer...

9.1CVSS5.7AI score0.00326EPSS
Exploits1
Snyk
Snyk
added 2026/05/14 2:22 p.m.12 views

Malicious Package

Overview knot-date-utils-rb is a malicious package. This package is part of a malicious cluster of Ruby gems published by the threat actor knot-theory. Designed to impersonate legitimate utilities, it executes a payload upon installation that harvests environment variables, SSH keys, AWS...

9.8CVSS5.8AI score
Exploits0References2
Chainguard
Chainguard
added 2026/05/14 1:18 a.m.9 views

GHSA-7G25-3CHF-PPWR vulnerabilities

Vulnerabilities for packages: linux-aws, linux-vmware...

5.9AI score
Exploits0
Snyk
Snyk
added 2026/05/13 3:57 p.m.8 views

Malicious Package

Overview github.com/BufferZoneCorp/go-envconfig is a malicious package. This package contains malicious code designed to compromise developer systems and CI environments, specifically targeting GitHub Actions. The threat actor, operating under the GitHub account BufferZoneCorp, published a cluste...

9.8CVSS6AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/12 4:16 p.m.10 views

CVE-2026-31221

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

8.8CVSS6.3AI score0.00385EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2026/05/12 6:55 a.m.14 views

OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation

OpenAI has launched Daybreak , a new cybersecurity initiative that brings together frontier artificial intelligence AI model capabilities and Codex Security to help organizations identify and patch vulnerabilities before attackers find a way in using the same issues. "Daybreak combines the...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/12 12:0 a.m.10 views

SkillSafetyBench: Evaluating Agent Safety under Skill-Facing Attack Surfaces

Reusable skills are becoming a common interface for extending large language model agents, packaging procedural guidance with access to files, tools, memory, and execution environments. However, this modularity introduces attack surfaces that are largely missed by existing safety evaluations: eve...

5.9AI score
Exploits0
Amd
Amd
added 2026/05/12 12:0 a.m.18 views

AMD Server Software and Embedded Chipset Driver Vulnerabilities Identified in Windows® Environments

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2026-0432| Incorrect default permissions in the installation directory for the AMD chipset driver could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.|...

8.5CVSS6.3AI score0.00123EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/05/10 8:1 a.m.12 views

PgBouncer buffer overflow in SCRAM

...

9.8CVSS5.8AI score0.00372EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/10 12:0 a.m.9 views

Security Risks in Tool-Enabled AI Agents: A Systematic Analysis of Privileged Execution Environments

Tool-enabled AI agents are increasingly deployed in cloud-hosted environments and offered as services, where they perform side-effecting operations through privileged tools within execution environments. While such agents enable powerful automation, the security implications of hosting autonomous...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/08 6:41 a.m.109 views

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CopyFail – CVE-2026-31431 Examples of PoCs and payloads for...

7.8CVSS7.3AI score0.96267EPSS
Exploits228
Qualys Blog
Qualys Blog
added 2026/05/06 4:0 p.m.9 views

Before the Breach, There Was a Test Environment

Key Takeaways Most security failures do not begin where they are discovered. By the time risk becomes visible in production, the decisions that created it are often already sitting in test environments. “Temporary” test infrastructure often becomes permanent, creating persistent misconfigurations...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/06 12:0 a.m.23 views

DecodingTrust-Agent Platform (DTap): A Controllable and Interactive Red-Teaming Platform for AI Agents

AI agents are increasingly deployed across diverse domains to automate complex workflows through long-horizon and high-stakes action executions. Due to their high capability and flexibility, such agents raise significant security and safety concerns. A growing number of real-world incidents have...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/06 12:0 a.m.10 views

Beyond Collection: Measuring the Detection Efficacy of Modern Security Logging Standards

Effective security logging is crucial for the timely and accurate detection of cyber threats; however, the relative effectiveness of various industry-standard logging frameworks remains understudied. This paper addresses this critical gap by presenting the first systematic evaluation of modern...

6.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.24 views

PT-2026-38297

Name of the Vulnerable Software and Affected Versions Scramble versions 0.13.2 through 0.13.21 Description When documentation endpoints are publicly accessible and validation rules reference user-controlled input, request supplied data may be evaluated during documentation generation. This can le...

9.4CVSS6.5AI score0.0586EPSS
Exploits3References9
RedHat Linux
RedHat Linux
added 2026/05/05 6:18 p.m.9 views

Important: Red Hat Security Advisory: multicluster engine for Kubernetes v2.11.0 General Availability

The multicluster engine for Kubernetes 2.11 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. The multicluster engine for Kubernetes v2.11 images The multicluster engine for Kubernetes provides the foundational components that a...

9.8CVSS7.3AI score0.00978EPSS
Exploits1References2
Wiz blog
Wiz blog
added 2026/05/04 2:0 p.m.11 views

Practical Package Security: The Unofficial Guide

Get actionable best practices to shrink your attack surface, protect execution environments, control package ingestion, and catch compromises early...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/01 6:18 a.m.93 views

cve-deep-dive

Report Bug · Request Feature Table of Contents a...

7.8CVSS5.4AI score0.96267EPSS
Exploits228
Rows per page
Query Builder