Lucene search
K

1567 matches found

OSV
OSV
added 2026/05/27 12:23 p.m.7 views

EEF-CVE-2026-42789 Non-CA certificate accepted as intermediate issuer in public_key path validation

Summary Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public\key pubkey\cert module allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/public\key/src/pubkey\cert.erl, pubkey\cert:validate\extensions/7...

7CVSS7.2AI score0.00322EPSS
Exploits0References5
CVE
CVE
added 2026/05/27 12:23 p.m.65 views

CVE-2026-42789

The CVE-2026-42789 entry documents a vulnerability in Erlang OTP public_key (pubkey_cert module): a certificate with basicConstraints cA:false and no keyUsage can be misused as an intermediate issuer during pkix_path_validation, enabling chain forgery. Two flaws in pubkey_cert:validate_extensions...

8CVSS5.9AI score0.00322EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2026/05/27 12:17 p.m.31 views

CVE-2026-45942

Summary of CVE-2026-45942 : A race condition in the Linux kernel ext4 bitmap handling enables inconsistent bitmap reporting due to concurrent page migration and bitmap modification in the load_buddy path. The root cause is that the fast load_buddy path only increments the folio refcount and can o...

7.8CVSS5.7AI score0.00099EPSS
Exploits0References5Affected Software1
Malwarebytes
Malwarebytes
added 2026/05/27 9:56 a.m.13 views

Company bragged phone mics could listen to conversations. They couldn’t.

A media company and two of its marketing partners have been fined for selling a service which, they said, listened in to people's conversations through their phones. Actually they did nothing of the sort. Most people have worried at some point that their phone has been listening to them through t...

5.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.14 views

PT-2026-43712

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 26.2.5.20 Erlang OTP versions 27.x prior to 27.3.4.12 Erlang OTP versions 28.x prior to 28.5.0.1 Erlang OTP versions 29.x prior to 29.0.1 public key versions 0.22 through 1.15.1.6 public key versions 1.17.x pri...

8CVSS5.9AI score0.00322EPSS
Exploits0References40
Packet Storm News
Packet Storm News
added 2026/05/27 12:0 a.m.30 views

SAMD: A Tool for Identifying False Data Injection Scenarios in AI/ML-Enabled Medical Devices

The growing integration of artificial intelligence AI and machine learning ML in medical systems requires effective measures to address emerging security risks. One such risk is that of adversaries introducing false data through vulnerable system components during inference, causing misdiagnosis...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.17 views

PT-2026-43809

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the ext4 file system between page migration and bitmap modification during mixed huge-page workloads. The issue occurs because the fast path of the load buddy...

7.8CVSS5.5AI score0.00126EPSS
Exploits0References144
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, stemming from a memory leak in the weightedinterleaveautostore function. This vulnerability may cause state object...

5.8AI score0.00126EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2026/05/25 11:30 a.m.24 views

The Alert Firehose Finally Meets Its Match

Ask a cybersecurity pro about Network Detection and Response NDR and you might still hear "Noisy," "Too much data." But ask the teams running NDR that includes agentic AI capabilities and you'll hear they're actually using it to catch threats earlier, triage faster, and chase fewer false positive...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/25 12:0 a.m.13 views

On Reliability of Efficient Membership Inference Vulnerability Evaluation

Membership inference attacks MIAs are popular methods for empirically assessing the leakage of sensitive information in the training data through models or statistics learned from the data. The MIA vulnerability is often evaluated through false positive rate FPR and true positive rate TPR of a...

5.8AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/22 2:20 a.m.15 views

SUSE CVE-2026-29518

Rsync versions before 3.4.3 contain a time-of-check to time-of-use TOCTOU race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path ca...

7CVSS5.9AI score0.00152EPSS
Exploits0References17
Packet Storm News
Packet Storm News
added 2026/05/22 12:0 a.m.16 views

Are Frontier LLMs Ready for Cybersecurity? Evidence for Vertical Foundation Models from Dual-Mode Vulnerability Benchmarks

We evaluate whether frontier LLMs are ready for cybersecurity through a dual-mode benchmark: white-box function-level vulnerability detection VulnLLM-R, across C/Java/Python and black-box web application security testing five production-style applications with 118 ground-truth vulnerabilities...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/21 8:28 p.m.11 views

SpiceDB: Caveat structures with nested lists can result in improper cache reuse

Impact Users are impacted if: - They have a caveat structure with a nested list, e.g.: zed caveat shapex list x == "a", "b" - Their system exercises that caveat with either CheckBulkPermission or else LookupResources running with the --experimental-lookup-resources-version flag set to lr3, implyi...

2.3CVSS5.8AI score0.00276EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/21 7:33 p.m.13 views

GHSA-9XQ9-36W5-Q796 lmdeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out

📋 Reframing 2026-05-02: implicit unsafe remote-code path, not "supply-chain" The accurate description of this vulnerability is: "getmodelarch and related helpers hardcode trustremotecode=True with no opt-out, creating an implicit unsafe remote-code load path on every model fetch." What this repor...

7.8CVSS6.5AI score0.00148EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/20 4:3 p.m.10 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the daemon file handling. An attacker can create or overwrite arbitrary files by replacing parent directory components with symbolic links during the window between validation and use...

7.8CVSS5.9AI score0.00152EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/20 2:53 p.m.8 views

Authorization Bypass Through User-Controlled Key

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the cross-session email verification process. An attacker...

8.1CVSS5.4AI score0.00312EPSS
Exploits0References2
OSV
OSV
added 2026/05/20 1:16 p.m.10 views

ALPINE-CVE-2026-29518

Rsync versions before 3.4.3 contain a time-of-check to time-of-use TOCTOU race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path ca...

7CVSS5.9AI score0.00152EPSS
Exploits0References1
NVD
NVD
added 2026/05/20 1:16 p.m.19 views

CVE-2026-29518

Rsync versions before 3.4.3 contain a time-of-check to time-of-use TOCTOU race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path ca...

7.8CVSS0.00152EPSS
Exploits0References11
CVE
CVE
added 2026/05/20 12:48 p.m.35 views

CVE-2026-29518

Rsync

7.8CVSS5.9AI score0.00152EPSS
Exploits0References11Affected Software1
Cvelist
Cvelist
added 2026/05/20 12:48 p.m.48 views

CVE-2026-29518 Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File Write

Rsync versions before 3.4.3 contain a time-of-check to time-of-use TOCTOU race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path ca...

7.3CVSS0.00152EPSS
Exploits0References4
Rows per page
Query Builder