Lucene search
K

19 matches found

Packet Storm News
Packet Storm News
added 2026/05/30 12:0 a.m.29 views

Benchmarking Security Risk Detection and Verification in Open Agentic Skill Ecosystems

Open agent platforms allow community contributors to publish reusable skills that agents can invoke at runtime. This extensibility also creates a supply-chain risk: malicious contributors can hide harmful behavior inside skills that appear benign under superficial inspection. However, existing...

5.9AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/27 6:31 p.m.11 views

CVE-2026-47161 RELATE Vulnerable to Remote Code Execution (RCE) via Insecure Celery Pickle Deserialization

RELATE is a web-based courseware package. Prior to commit d66ba5659b459bf1ba56b7109b5f9ecf197cbefb, RELATE LMS configures its Celery workers to accept and deserialize untrusted 'pickle' data. An attacker who can reach the message broker can execute arbitrary commands on the host server. Combined...

8.7CVSS6.5AI score0.00489EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.12 views

EUVD-2019-5152

Malware in sbrugna...

8.8CVSS8.5AI score0.0184EPSS
Exploits0References14
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-5869

Malicious code in bioql PyPI...

6.8CVSS6.3AI score0.03398EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-1337

Malicious code in bioql PyPI...

10CVSS8.8AI score0.01082EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/07/21 12:0 a.m.4 views

EulerOS 2.0 SP12 : python-jinja2 (EulerOS-SA-2025-1838)

According to the versions of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filte...

8.8CVSS7.8AI score0.00476EPSS
Exploits0References2
NVD
NVD
added 2025/07/17 2:15 p.m.8 views

CVE-2025-53927

MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed because MaxKB only restricts the execution permissions of files in a specific directory. Therefore, an attacker can use the shutil.copy2 method in Python to copy the command they...

6.3CVSS0.00226EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/06/11 12:54 a.m.74 views

CVE-2025-5959

Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

0.10666EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:46 a.m.6 views

CVE-2023-41319

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows custom integrations to be uploaded as a ZIP file. This ZIP file must contain YAML...

8.8CVSS7.4AI score0.00837EPSS
Exploits0References1
NVD
NVD
added 2025/04/09 6:15 p.m.30 views

CVE-2025-3114

Code Execution via Malicious Files: Attackers can create specially crafted files with embedded code that may execute without adequate security validation, potentially leading to system compromise. Sandbox Bypass Vulnerability: A flaw in the TERR security mechanism allows attackers to bypass sandb...

9.4CVSS0.00543EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/04 3:39 p.m.29 views

CVE-2025-31722

In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM...

8.8CVSS7.9AI score0.01171EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/04/02 2:59 p.m.18 views

CVE-2025-31722

In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM...

7.8AI score0.01171EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:26 a.m.4 views

CVE-2024-47560

RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. If this vulnerability is exploited, unintended processes may be executed in the sandbox environment. Even if malware is executed in the sandbox environment, it does not compromise the client's local...

7.8CVSS6.5AI score0.00173EPSS
Exploits0
OSV
OSV
added 2024/05/06 12:56 p.m.5 views

SUSE-SU-2024:1536-1 Security update for flatpak

This update for flatpak fixes the following issues: - CVE-2024-32462: Fixed arbitrary code execution outside sandbox via malicious app due to insufficient 'command' argument sanitization bsc1223110...

8.4CVSS8.8AI score0.00512EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2023/12/21 12:0 a.m.40 views

Fedora 39 : firefox / nss (2023-9de52d46bd)

The remote Fedora 39 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-9de52d46bd advisory. Update NSS to 3.95 Update Firefox to 121.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...

8.8CVSS7.4AI score0.20472EPSS
Exploits1References19
Vulnrichment
Vulnrichment
added 2022/09/06 12:0 a.m.4 views

CVE-2022-36067 vm2 vulnerable to Sandbox Escape before v3.9.11

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. In versions prior to version 3.9.11, a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of...

10CVSS10AI score0.47868EPSS
Exploits2References6
Cvelist
Cvelist
added 2019/10/15 2:53 p.m.39 views

CVE-2019-10760

safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code...

9.9AI score0.02852EPSS
Exploits0References1
OSV
OSV
added 2017/08/25 11:53 a.m.12 views

SUSE-SU-2017:2263-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - Version update to 8.0-4.10 bsc1053431 CVE-2017-10111, CVE-2017-10110, CVE-2017-10107, CVE-2017-10101, CVE-2017-10096, CVE-2017-10090, CVE-2017-10089, CVE-2017-10087, CVE-2017-10102, CVE-2017-10116, CVE-2017-10074, CVE-2017-10078,...

9.6CVSS9.8AI score0.03524EPSS
Exploits0References23
OpenVAS
OpenVAS
added 2013/07/05 12:0 a.m.51 views

CentOS Update for java CESA-2013:1014 centos5

Check for the Version of java OpenVAS Vulnerability Test CentOS Update for java CESA-2013:1014 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

10CVSS0.5AI score0.98704EPSS
Exploits23References2
Rows per page
Query Builder