14 matches found
Updating the taxonomy of failure modes in agentic AI systems: What a year of red teaming taught us
In this article 1. Why the Taxonomy Needed Updating 2. Seven new failure modes 3. Operational findings: What red teaming showed 4. New mitigations 5. What to do this quarter When the Microsoft AI Red Team published the Taxonomy of Failure Modes in Agentic AI Systems in April 2025, the goal was a...
CVE-2026-8738
A security vulnerability has been detected in Sanluan PublicCMS 5.202506.d. Impacted is the function TradeOrderController.pay/TradePaymentController.pay/AccountGatewayComponent.pay of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeOrderController.java of the...
EUVD-2005-2828
Malware in sbrugna...
SUSE CVE-2025-9636
pgAdmin = 9.7 is affected by a Cross-Origin Opener Policy COOP vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation...
PT-2025-36007
Name of the Vulnerable Software and Affected Versions pgAdmin versions prior to 9.7 Description pgAdmin is susceptible to a Cross-Origin Opener Policy COOP issue. This allows manipulation of the OAuth flow, potentially resulting in unauthorized account access, account takeover, data breaches, and...
CVE-2023-24040
dtprintinfo in Common Desktop Environment 1.6 has a bug in the parser of lpstat an invoked external command during listing of the names of available printers. This allows low-privileged local users to inject arbitrary printer names via the $HOME/.printers file. This injection allows those users t...
CVE-2023-24040
dtprintinfo in Common Desktop Environment 1.6 has a bug in the parser of lpstat an invoked external command during listing of the names of available printers. This allows low-privileged local users to inject arbitrary printer names via the $HOME/.printers file. This injection allows those users t...
The vulnerability of the eDocLib platform for storing and processing corporate data lies in the insufficient verification of input data. This allows a malicious actor to alter the execution sequence of programs and gain access to system reference materials without having the necessary access rights.
The vulnerability of the eDocLib platform for storing and processing corporate data is related to insufficient validation of input data. Users who do not have permission to access certain system reference guides including the access management reference guide may gain access to these guides throu...
CVE-2019-10050
A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct type field and the right number for shim, an attacker can manipulate the control...
CVE-2019-10050
A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct type field and the right number for shim, an attacker can manipulate the control...
Buffer overflow
A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct type field and the right number for shim, an attacker can manipulate the control...
CVE-2019-10050
A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct type field and the right number for shim, an attacker can manipulate the control...
Philips e-Alert Input Validation Vulnerability
Philips e-Alert is an electronic alert solution for MRI systems from Philips in the Netherlands, which is used to monitor and alert on MRI system performance. An input validation vulnerability exists in Philips e-Alert R2.1 and prior versions. An attacker could use this vulnerability to arbitrari...
Apple iOS Safari WebKit Security Bypass Vulnerability
Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A security vulnerability exists in WebKit in Apple Safari used in Apple iOS, which can be exploited by attackers to perform man-in-the-middle attacks and obtain sensitive information through sniffing the...