Lucene search
K

621 matches found

Cvelist
Cvelist
added 2026/04/08 9:35 p.m.22 views

CVE-2026-40029 parseusbs < 1.9 Command Injection via Crafted LNK Filename

parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs.py where LNK file paths are passed unsanitized into an os.popen shell command, allowing arbitrary command execution via crafted .lnk filenames containing shell metacharacters. An attacker can craft a .lnk filename wi...

8.5CVSS0.00805EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/08 9:35 p.m.2 views

CVE-2026-40028

Hayabusa versions prior to 3.8.0 contain a cross-site scripting XSS vulnerability in its HTML report output that allows an attacker to execute arbitrary JavaScript when a user scans JSON-exported logs containing malicious content in the Computer field. An attacker can inject JavaScript into the...

5.4CVSS6.1AI score0.002EPSS
Exploits0References4
CVE
CVE
added 2026/04/08 9:35 p.m.21 views

CVE-2026-40029

Technical details (affected product/component/version, root cause, impact, and remediation) are not publicly provided in the supplied documents; monitor for updates.

8.5CVSS6.2AI score0.00805EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.8 views

parseusbs 操作系统命令注入漏洞

Parseusbs is a USB-connected recording and forensic analysis tool developed by Khyrenz Ltd. Versions of Parseusbs prior to 1.9 contained a vulnerability related to operating system command injection. This vulnerability arose from the fact that the volume list path parameters were passed directly ...

8.4CVSS6AI score0.0075EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.6 views

parseusbs 操作系统命令注入漏洞

Parseusbs is a USB connection recording and forensic analysis tool developed by Khyrenz Ltd. Versions of Parseusbs prior to 1.9 contained an operating system command injection vulnerability. This vulnerability stemmed from the LNK file path being passed to the os.popen shell command without prope...

8.5CVSS6AI score0.00805EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.6 views

SoK: Understanding Anti-Forensics Concepts and Research Practices across Forensic Subdomains

Anti-forensics includes a growing set of techniques designed to obstruct forensic analysis. While cybercriminals increasingly rely on these methods, they also help researchers identify and remedy weaknesses in forensic tools, advancing the overall robustness of digital forensics. Despite repeated...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.5 views

Foundations for Agentic AI Investigations from the Forensic Analysis of OpenClaw

Agentic Al systems are increasingly deployed as personal assistants and are likely to become a common object of digital investigations. However, little is known about how their internal state and actions can be reconstructed during forensic analysis. Despite growing popularity, systematic forensi...

6.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/04 12:1 p.m.7 views

Malicious code in gangomodule (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8117683c90fb188f9fc013b3b3006dc5e31269d2511dd7c80eea9ac7b6892d09 During installation, obfuscated code validates the environment against typical sandboxing signs and attempts to download the next stages from remote sources. T...

6AI score
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/04/04 12:0 a.m.3 views

Automating Cloud Security and Forensics through a Secure-By-Design Generative AI Framework

As cloud environments become increasingly complex, cybersecurity and forensic investigations must evolve to meet emerging threats. Large Language Models LLMs have shown promise in automating log analysis and reasoning tasks, yet they remain vulnerable to prompt injection attacks and lack forensic...

5.9AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2026/03/23 10:0 a.m.7 views

Hassan Took a Bike Ride. Now He’s One of the Thousands Missing in Gaza

In a place denied access to basic forensic technology—and where people disappear into Israeli detention—the fate of thousands remains unknown. One of them is an autistic teenager...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/12 12:0 a.m.3 views

Microsoft Windows Active Setup Persistence Module

This Metasploit module leverages the Windows Active Setup mechanism to establish persistence while integrating multiple evasion and stealth techniques designed to reduce forensic visibility and bypass detection mechanisms...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/03/11 2:55 p.m.7 views

Striae has a hash validation utility vulnerability

Summary A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content, allowing tampered confirmation packages to pass integrity checks. Impac...

8.2CVSS5.8AI score0.00118EPSS
Exploits0References4Affected Software1
Packet Storm News
Packet Storm News
added 2026/03/02 12:0 a.m.14 views

TraceGuard: Process-Guided Firewall against Reasoning Backdoors in Large Language Models

The deployment of Large Reasoning Models LRMs in high-stakes decision-making pipelines has introduced a novel and opaque attack surface: reasoning backdoors. In these attacks, the model's intermediate Chain-of-Thought CoT is manipulated to provide a linguistically plausible but logically fallacio...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/27 12:0 a.m.6 views

Empowering Future Cybersecurity Leaders: Advancing Students through FINDS Education for Digital Forensic Excellence

The Forensics Investigations Network in Digital Sciences FINDS Research Center of Excellence CoE, funded by the U.S. Army Research Laboratory, advances Digital Forensic Engineering Education DFEE through an integrated research education framework for AI enabled cybersecurity workforce development...

5.7AI score
Exploits0
GithubExploit
GithubExploit
added 2026/02/24 3:53 a.m.174 views

ElysiumVanguard

🌌 Elysium Vanguard: TITAN v13.0 Hardware-Bridged Kernel E...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/12 12:0 a.m.9 views

Favia: Forensic Agent for Vulnerability-Fix Identification and Analysis

Identifying vulnerability-fixing commits corresponding to disclosed CVEs is essential for secure software maintenance but remains challenging at scale, as large repositories contain millions of commits of which only a small fraction address security issues. Existing automated approaches, includin...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/06 12:0 a.m.5 views

AlertBERT: A Noise-Robust Alert Grouping Framework for Simultaneous Cyber Attacks

Automated detection of cyber attacks is a critical capability to counteract the growing volume and sophistication of cyber attacks. However, the high numbers of security alerts issued by intrusion detection systems lead to alert fatigue among analysts working in security operations centres SOC,...

5.7AI score
Exploits0
OSV
OSV
added 2026/01/29 9:16 a.m.5 views

CVE-2026-23570

A missing validation of a user-controlled value in the TeamViewer DEX Client former 1E Client - Content Distribution Service NomadBranch.exe prior version 26.1 for Windows allows an adjacent network attacker to tamper with log timestamps via crafted UDP Sync command. This could result in forged o...

6.5CVSS5.8AI score0.00696EPSS
Exploits0References1
NVD
NVD
added 2026/01/29 9:16 a.m.18 views

CVE-2026-23570

A missing validation of a user-controlled value in the TeamViewer DEX Client former 1E Client - Content Distribution Service NomadBranch.exe prior version 26.1 for Windows allows an adjacent network attacker to tamper with log timestamps via crafted UDP Sync command. This could result in forged o...

6.5CVSS0.00696EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/29 8:50 a.m.7 views

CVE-2026-23570

A missing validation of a user-controlled value in the TeamViewer DEX Client former 1E Client - Content Distribution Service NomadBranch.exe prior version 26.1 for Windows allows an adjacent network attacker to tamper with log timestamps via crafted UDP Sync command. This could result in forged o...

6.5CVSS5.9AI score0.00696EPSS
Exploits0References2
Rows per page
Query Builder