Lucene search
+L

1145 matches found

Snyk
Snyk
added 2026/05/28 12:0 a.m.8 views

Insufficient Session Expiration

Overview keystone is a package that provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. Affected versions of this package are vulnerable to Insufficient Session Expiration via the federated token rescoping process...

8.1CVSS6AI score0.00249EPSS
Exploits1References2
OSV
OSV
added 2026/05/28 12:0 a.m.3 views

CVE-2026-44394

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handlescopedtoken function in the mapped...

6CVSS6AI score0.00249EPSS
Exploits1References4
NVD
NVD
added 2026/05/27 3:16 p.m.25 views

CVE-2026-6957

Mattermost Plugins versions =1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federated Mattermost server to write files to arbitrary locations within the target server's filestore via...

8CVSS0.00296EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 2:23 p.m.11 views

CVE-2026-6957

Mattermost Plugins versions =1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federated Mattermost server to write files to arbitrary locations within the target server's filestore via...

8CVSS6AI score0.00296EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 2:23 p.m.33 views

CVE-2026-6957

Mattermost Plugin versions ≤ 1.1.5 are affected by a path traversal vulnerability in the export path construction from unsanitized filenames received from federated peers. An attacker — specifically an administrator of a remote federated Mattermost server — can cause files to be written to arbitr...

8CVSS6AI score0.00296EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/27 2:23 p.m.44 views

CVE-2026-6957 Path traversal in Mattermost Legal Hold plugin via unsanitized file name from federated peer allows arbitrary file write.

Mattermost Plugins versions =1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federated Mattermost server to write files to arbitrary locations within the target server's filestore via...

8CVSS0.00296EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 2:23 p.m.16 views

EUVD-2026-32523

Mattermost Plugins versions =1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federated Mattermost server to write files to arbitrary locations within the target server's filestore via...

8CVSS6AI score0.00296EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 2:23 p.m.14 views

CVE-2026-6957 Path traversal in Mattermost Legal Hold plugin via unsanitized file name from federated peer allows arbitrary file write.

Mattermost Plugins versions =1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federated Mattermost server to write files to arbitrary locations within the target server's filestore via...

8CVSS6AI score0.00296EPSS
Exploits0References1
OSV
OSV
added 2026/05/27 2:23 p.m.3 views

CVE-2026-6957 Path traversal in Mattermost Legal Hold plugin via unsanitized file name from federated peer allows arbitrary file write.

Mattermost Plugins versions =1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federated Mattermost server to write files to arbitrary locations within the target server's filestore via...

8CVSS6.1AI score0.00296EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

Mattermost Plugins 安全漏洞

Mattermost Plugins is a plugin provided by the American company Mattermost, offering powerful feature extensions and tight integration with servers and network/desktop applications. Versions of Mattermost Plugins 1.1.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed...

8CVSS6AI score0.00296EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.16 views

PT-2026-44032

Name of the Vulnerable Software and Affected Versions Mattermost Plugins versions prior to 1.1.6 Description Insufficient sanitization of filenames received from federated peers when constructing export destination paths allows a remote administrator of a federated server to perform a path...

8CVSS6AI score0.00296EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/05/27 12:0 a.m.25 views

A Wolf in Sheep'S Clothing: Targeted Routing Hijacking in Federated RAG

Federated Retrieval-Augmented Generation FedRAG is attractive for privacy-sensitive applications because raw data remain local. As a result, routing must rely on client-provided semantic profiles, creating a new opportunity for manipulation. We introduce Routing Hijacking, a routing-stage attack ...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/22 12:0 a.m.29 views

AI Security Research Should Better Incentivize Defense Research

This work examines an imbalance in artificial intelligence AI security research: the field tends to produce more work on attacking AI systems than on defending them. Drawing on related academic papers, we find biased attack-to-defense ratios across subfields, including federated learning, speech...

5.8AI score
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Chromium

The use of “after free” in FedCM within Google Chrome before version 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

8.8CVSS7.3AI score0.01251EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Chromium

Using “after free” in FedCM in Google Chrome before version 120.0.6099.109 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

8.8CVSS7.3AI score0.00639EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Chromium

Before version 104.0.5112.101, using “after free” in FedCM via Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

8.8CVSS7.3AI score0.02465EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS6.7AI score0.00443EPSS
Exploits0References2
Redos
Redos
added 2026/05/20 12:0 a.m.10 views

ROS-20260520-73-0039

A vulnerability in the FedCM component of Google Chrome browser is related to post-release memory usage. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using a specially crafted HTML page...

8.8CVSS6.2AI score0.0042EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/19 12:0 a.m.32 views

XAI FL-IDS: A Federated Learning and SHAP-Based Explainable Framework for Distributed Intrusion Detection Systems

An Intrusion Detection System IDS is vital in cybersecurity, detecting unauthorized activity across networks. With attacks on network layers increasing, stronger IDSs are needed. Yet most IDSs rely on centralized detection, forcing IoT nodes to ship data to a server, adding overhead and offering ...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/18 12:0 a.m.11 views

Federated Naive Bayes with Real Mixture of Gaussians and Institutional Governance Regularization for Network Intrusion Detection

Federated learning for intrusion detection rests on a flawed premise: that every participating institution contributes equally to the shared model. In practice, a financial institution with mature security controls and low vulnerability exposure produces fundamentally different data than a...

5.8AI score
Exploits0
Rows per page
Query Builder