Lucene search
K

2644 matches found

Microsoft Secure
Microsoft Secure
added 2026/06/10 4:0 p.m.17 views

Turn specs into evals for any agent with ASSERT

Today, we’re releasing Adaptive Spec-driven Scoring for Evaluation and Regression Testing ASSERT, an open-source framework for turning natural-language behavior specifications into executable evaluations. Every team building an AI system starts with a clear intention for the behaviors they want t...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/10 12:0 a.m.9 views

Bridging the Smart City Cybersecurity Data Gap through AI-Driven Synthetic Dataset Generation

Smart cities rely on interconnected cyber-physical systems that integrate sensors, IoT devices, cloud platforms, and AI-driven services and decision-making. While these systems enhance city services, they also introduce complex cybersecurity challenges due to their large attack surfaces,...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/10 12:0 a.m.12 views

Can Open-Source LLM Agents Replace Static Application Security Testing Tools? an Empirical Assessment

This paper explores the value of agentic AI tools for cybersecurity purposes. We evaluate the efficacy of a general-purpose GenAI Large Language Model- GenAI- based agent when powered by three different Ollama-hosted general-purpose open source models. We assess each agent's performance using...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/10 12:0 a.m.6 views

Categorical Robustness Assessment for Machine Learning Based Network Intrusion Detection Systems

Network Intrusion Detection Systems NIDS heavily utlize Machine Learning ML but ML models can be manipulated via adversarial attacks. These attacks add carefully crafted perturbations to network traffic data that leads to misclassifications. While prior work has demonstrated adversarial...

5.3AI score
Exploits0
Snyk
Snyk
added 2026/06/10 12:0 a.m.7 views

XML External Entity (XXE) Injection

Overview org.springframework.ws:spring-xml is a dependency of org.springframework.ws. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the Jaxp13XPathTemplate class in Jaxp13XPathTemplate.java. When XPath expressions are evaluated against StreamSource and...

8.8CVSS5.7AI score0.00352EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/06/10 12:0 a.m.46 views

📄 IO-Compress 2.219 Eval Injection

An eval injection vulnerability in File::GlobMapper::getFiles allows any attacker who can control the output fileglob argument passed to IO::Compress::Gzip::gzip, IO::Compress::Zip::zip, or any sibling function to execute arbitrary Perl code in the context of the running process. Summary An eval...

7.3CVSS5.9AI score0.00292EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2026/06/09 9:58 p.m.20 views

PhoenixStorybook: Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground

Summary An unsafe HEEx template generation vulnerability allows any unauthenticated user to execute arbitrary code on the server. The phoenixstorybook playground accepts user-controlled attribute values over WebSocket and interpolates them unsanitized into a HEEx template that is subsequently...

9.5CVSS6.8AI score0.00907EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/09 9:58 p.m.7 views

GHSA-55HG-8QXV-QJ4P PhoenixStorybook: Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground

Summary An unsafe HEEx template generation vulnerability allows any unauthenticated user to execute arbitrary code on the server. The phoenixstorybook playground accepts user-controlled attribute values over WebSocket and interpolates them unsanitized into a HEEx template that is subsequently...

9.5CVSS6.8AI score0.00907EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.13 views

CVE-2026-46479

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeover. This issue has been patched in version 3.1.2...

8.8CVSS5.3AI score0.00335EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:16 a.m.14 views

CVE-2026-41849

An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language SpEL. An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting in a Denial of Service DoS. Affected versions: Spring...

7.5CVSS0.00263EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/09 3:51 a.m.7 views

CVE-2026-41852

A vulnerability in Spring Expression Language SpEL evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2....

5.3CVSS5.6AI score0.00164EPSS
Exploits0
CVE
CVE
added 2026/06/09 3:51 a.m.37 views

CVE-2026-41852

The CVE affects Spring Framework via SpEL evaluation allowing arbitrary zero-argument method invocation in restricted/read-only contexts across multiple versions (7.0.0–7.0.7; 6.2.0–6.2.18; 6.1.0–6.1.27; 5.3.0–5.3.48). Root cause is the SpEL evaluation logic, enabling invocation of unintended app...

5.3CVSS5.6AI score0.00164EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/09 3:51 a.m.42 views

CVE-2026-41852 Spring Framework Arbitrary Method Invocation in SpEL Expressions

A vulnerability in Spring Expression Language SpEL evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2....

3.7CVSS0.00164EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 3:51 a.m.42 views

CVE-2026-41851 Spring Framework Denial of Service via Unbounded Cache in SpEL

Applications which accept user-supplied Spring Expression Language SpEL expressions may be vulnerable to a Denial of Service DoS attack if the evaluation of a SpEL expression triggers unbounded cache growth. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0...

5.3CVSS0.0036EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/09 3:51 a.m.9 views

CVE-2026-41849

An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language SpEL. An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting in a Denial of Service DoS. Affected versions: Spring...

7.5CVSS5.5AI score0.00263EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/09 3:51 a.m.8 views

CVE-2026-41849 Spring Framework Denial of Service via Integer Overflow in SpEL Expressions

An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language SpEL. An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting in a Denial of Service DoS. Affected versions: Spring...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:51 a.m.10 views

EUVD-2026-35337

An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language SpEL. An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting in a Denial of Service DoS. Affected versions: Spring...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/06/09 12:0 a.m.5 views

Toward Secure LLM Agents: Threat Surfaces, Attacks, Defenses, and Evaluation

Large language model LLM agents are rapidly moving from conversational interfaces to software components that plan, invoke tools, maintain memory, and act on external environments. This transition changes the nature of security risk. In agentic settings, failures are no longer limited to unsafe...

5.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.12 views

PT-2026-47660

An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language SpEL. An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting in a Denial of Service DoS. Affected versions: Spring...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

Spring Framework 安全漏洞

The Spring Framework is an application development framework developed by Spring in a open-source manner. There are security vulnerabilities in Spring Framework versions 7.0.0 and earlier, 6.2.0 and earlier, 6.1.0 and earlier, and 5.3.0 and earlier. These vulnerabilities stem from the SpEL...

5.3CVSS5.5AI score0.00164EPSS
Exploits0References2
Rows per page
Query Builder