Lucene search
K

257 matches found

RedhatCVE
RedhatCVE
added 2026/06/10 3:0 p.m.7 views

CVE-2025-10263

A flaw was found in the Linux kernel on ARM processors. A race condition in Translation Lookaside Buffer Invalidation TLBI operations during memory permission changes allows a local attacker to write to memory resources owned by higher privilege levels. This could allow an unprivileged local...

9.1CVSS5.4AI score0.00463EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/09 9:23 a.m.16 views

CVE-2025-10263

Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level...

5.4AI score0.00463EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/06/05 12:0 a.m.7 views

Empirical Evaluation of Large Language Models for Migration of Code Fragments to Post-Quantum Cryptography

The transition to post-quantum cryptography PQC requires not only replacing vulnerable cryptographic primitives, but also refactoring the surrounding software logic. While existing PQC migration frameworks provide organizational guidance, practical code-level remediation remains largely manual an...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/31 12:0 a.m.14 views

Defenses and Enablers for Skill Injection Attacks on Terminal Based Agents

Large language model LLM agents increasingly rely on reusable skills i.e. documents describing task-specific procedures. However, this introduces a new attack surface for agents to manage. We study two complementary directions for this threat. First, we evaluate guardian-based defenses: an...

5.7AI score
Exploits0
CVE
CVE
added 2026/05/28 3:9 p.m.127 views

CVE-2026-48526

PyJWT (Python) prior to 2.13.0 did not validate the use of JSON Web Keys in HMAC verification, allowing an attacker to use the issuer public key as the HMAC secret during token verification. This could enable forging tokens when mixing RS/EC/JWK and HS algorithms. The issue is fixed in PyJWT 2.13...

7.4CVSS5.8AI score0.00394EPSS
Exploits1References15Affected Software1
Packet Storm News
Packet Storm News
added 2026/05/21 12:0 a.m.10 views

Blind Spots in the Guard: How Domain-Camouflaged Injection Attacks Evade Detection in Multi-Agent LLM Systems

Injection detectors deployed to protect LLM agents are calibrated on static, template-based payloads that announce themselves as override directives. We identify a systematic blind spot: when payloads are generated to mimic the domain vocabulary and authority structures of the target document, wh...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/08 11:37 a.m.7 views

CLSA-2026-1778170790 quagga: Fix of CVE-2018-5381

CVE-2018-5381: bgpd capability parser can enter an infinite loop on invalid OPEN messages whose Multi-Protocol capability has an unrecognized AFI/SAFI, causing a denial of service...

7.5CVSS6.9AI score0.30665EPSS
Exploits0References1
CloudLinux
CloudLinux
added 2026/05/08 11:37 a.m.15 views

quagga: Fix of CVE-2018-5381

CVE-2018-5381: bgpd capability parser can enter an infinite loop on invalid OPEN messages whose Multi-Protocol capability has an unrecognized AFI/SAFI, causing a denial of service...

7.5CVSS6.9AI score0.30665EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/04 12:0 a.m.6 views

A Validated Prompt Bank for Malicious Code Generation: Separating Executable Weapons from Security Knowledge in 1,554 Consensus-Labeled Prompts

Existing benchmarks of language-model refusal on malicious-coding tasks routinely conflate requests for executable malicious software with requests for harmful security knowledge. This conflation matters because the two request types plausibly trigger distinct refusal pathways in safety-aligned...

5.8AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/04/23 8:4 a.m.9 views

af_key: validate families in pfkey_send_migrate()

...

7CVSS5.2AI score0.00123EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/23 12:0 a.m.3 views

AutoRISE: Agent-Driven Strategy Evolution for Red-Teaming Large Language Models

Automated red-teaming methods for large language models typically optimize attack prompts within a fixed, human-designed strategy, leaving the attack strategy itself unchanged. We instead optimize the strategy. We propose AutoRISE, a method that searches over executable attack programs rather tha...

5.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/22 8:4 p.m.6 views

CVE-2026-31515

A flaw was found in the Linux kernel. The pfkeysendmigrate function, which manages security associations, does not properly validate address families. This oversight can lead to an overfill of the socket buffer skb, a data structure used for network packets, when processing certain requests. A...

5.5CVSS5.9AI score0.00123EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/22 3:31 p.m.7 views

EUVD-2026-24899

In the Linux kernel, the following vulnerability has been resolved: afkey: validate families in pfkeysendmigrate syzbot was able to trigger a crash in skbput 1 Issue is that pfkeysendmigrate does not check old/new families, and that setipsecrequest @family argument was truncated, thus possibly...

5.6AI score0.00123EPSS
Exploits0References9
Qualys Blog
Qualys Blog
added 2026/04/22 2:34 p.m.6 views

Oracle Critical Patch Update, April 2026 Security Update Review

Oracle released its second quarterly edition of this year’s Critical Patch Update. The update received patches for 481 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families,...

9.8CVSS7.5AI score0.99977EPSS
Exploits57
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.5 views

PT-2026-34420

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the pfkey send migrate function where it fails to validate old and new families. This can lead to the family argument in set ipsecrequest being truncated, potentially...

5.5CVSS6.1AI score0.00123EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/07 5:36 p.m.18 views

CVE-2026-39331 ChurchCRM has an API Authorization Bypass Allows Authenticated User to Deactivate, Modify, and Spam Arbitrary Families

ChurchCRM is an open-source church management system. Prior to 7.1.0, an authenticated API user can modify any family record's state without proper authorization by simply changing the familyId parameter in requests, regardless of whether they possess the required EditRecords privilege...

8.1CVSS0.00214EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/07 5:36 p.m.2 views

CVE-2026-39331 ChurchCRM has an API Authorization Bypass Allows Authenticated User to Deactivate, Modify, and Spam Arbitrary Families

ChurchCRM is an open-source church management system. Prior to 7.1.0, an authenticated API user can modify any family record's state without proper authorization by simply changing the familyId parameter in requests, regardless of whether they possess the required EditRecords privilege...

8.1CVSS6AI score0.00214EPSS
Exploits0References1
CVE
CVE
added 2026/04/07 5:36 p.m.35 views

CVE-2026-39331

ChurchCRM prior to 7.1.0 has an API authorization bypass: an authenticated API user can modify any family’s state by altering the {familyId} in requests to /family/{familyId}/verify, /family/{familyId}/verify/url, /family/{familyId}/verify/now, /family/{familyId}/activate/{status}, and /family/{f...

8.1CVSS6AI score0.00214EPSS
Exploits0References1Affected Software1
Packet Storm News
Packet Storm News
added 2026/03/31 12:0 a.m.1 views

When Labels Are Scarce: A Systematic Mapping of Label-Efficient Code Vulnerability Detection

Machine-learning-based code vulnerability detection CVD has progressed rapidly, from deep program representations to pretrained code models and LLM-centered pipelines. Yet dependable vulnerability labeling remains expensive, noisy, and uneven across projects, languages, and CWE types, motivating...

6AI score
Exploits0
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.8 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

7.5CVSS5.8AI score0.00764EPSS
Exploits0References8
Rows per page
Query Builder