Lucene search
K

705 matches found

The Hacker News
The Hacker News
added 2026/05/13 11:52 a.m.18 views

[Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud

TL;DR: Stop chasing thousands of "toast" alerts. Join experts from Wiz to learn how hackers connect tiny flaws to build a "Lethal Chain" to your data—and how to break it. Register for the Strategic Briefing Here. Most security tools work like a smoke alarm that goes off every time you burn a piec...

6AI score
Exploits0
NVD
NVD
added 2026/05/13 4:17 a.m.15 views

CVE-2025-61971

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest integrity...

5.9CVSS0.00116EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.10 views

PT-2026-40785

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists where any user with Editor permissions can delete any snapshot, regardless of whether they have the necessary read or write access to those...

7.4CVSS5.8AI score0.00434EPSS
Exploits0References59
Snyk
Snyk
added 2026/05/12 9:0 p.m.14 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the idna.encode function when processing very large domain name inputs that exploit the validcontexto function before length validation. This is triggered by arbitrarily large inputs th...

7.5CVSS6.6AI score0.01386EPSS
Exploits1References2
CVE
CVE
added 2026/05/12 2:20 a.m.19 views

CVE-2026-34263

SAP Commerce Cloud is affected by CVE-2026-34263 due to a Spring Security misconfiguration that allows an unauthenticated user to upload malicious configuration and inject code, enabling arbitrary server-side code execution. The entry states high impact to Confidentiality, Integrity, and Availabi...

9.6CVSS6AI score0.0061EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/05/12 12:0 a.m.8 views

Behavioral Integrity Verification for AI Agent Skills

Agent skills extend LLM agents with privileged third-party capabilities such as filesystem access, credentials, network calls, and shell execution. Existing safety work catches malicious prompts and risky runtime actions, but the skill artifact itself goes unverified. We formalize this as the...

5.9AI score
Exploits0
OSV
OSV
added 2026/05/11 7:2 p.m.5 views

MINI-2RQ6-FPRH-HM8P

Bulletin has no description...

5.9CVSS5.7AI score0.0017EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/11 6:9 a.m.17 views

CVE-2026-42880

A flaw was found in Argo CD, a GitOps continuous delivery tool for Kubernetes. A missing authorization and data-masking gap in the ServerSideDiff endpoint allows an attacker with read-only access to extract sensitive Kubernetes Secret data. This information disclosure occurs by leveraging the...

9.6CVSS5.6AI score0.00505EPSS
Exploits2References4
OSV
OSV
added 2026/05/11 5:49 a.m.5 views

MINI-6MXV-28X9-257P

Bulletin has no description...

5.9CVSS5.7AI score0.0017EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/10 12:0 a.m.16 views

The Authorization-Execution Gap Is a Major Safety and Security Problem in Open-World Agents

This position paper argues that the Authorization-Execution Gap AEG is a major safety and security problem in open-world agents. The AEG is the divergence between what a principal intends to authorize and what an open-world agent ultimately executes. Because such agents act autonomously across...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/05/09 3:30 a.m.11 views

EUVD-2026-28897

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.18.0, four GET endpoints under /api/templates in Arcane's Huma backend are registered without any Security requirement, allowing any unauthenticated network client to list and read the full...

8.7CVSS5.8AI score0.00309EPSS
Exploits0References2
CVE
CVE
added 2026/05/09 3:30 a.m.56 views

CVE-2026-42461

Arcane (Huma backend) has an unauthenticated information disclosure vulnerability prior to version 1.18.0. Four GET endpoints under /api/templates* (list, all, specific, and content) were registered without any Security requirement, enabling unauthenticated network clients to read full Compose YA...

8.7CVSS5.8AI score0.00309EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/09 12:0 a.m.13 views

HCL BigFix WebUI 安全漏洞

HCL BigFix WebUI is a web-based administration page from HCL India. A security vulnerability exists in HCL BigFix WebUI, which stems from an authorization gap that could result in an authenticated user without appropriate privileges accessing an unauthorized page to view sensitive environmental...

5.3CVSS5.8AI score0.0018EPSS
Exploits0References1
OSV
OSV
added 2026/05/08 5:8 p.m.5 views

GHSA-QWFW-GGXW-577C ex_webrtc client-role handshake is missing DTLS peer fingerprint validation

Summary Missing DTLS peer certificate fingerprint validation in the DTLS client active role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in standard deployments, but enables a full man-in-the-middle attack when chained with...

8.7CVSS6AI score0.00255EPSS
Exploits0References8
Packet Storm News
Packet Storm News
added 2026/05/08 12:0 a.m.7 views

Can I Check What I Designed? Mapping Security Design DSLs to Code Analyzers

When assessing the potential impact of code-level vulnerabilities, e.g., discovered by automated analyzers, it is essential to consider them in the context of the system's security design. However, this is a challenging task due to the abstraction gap between security design, often specified usin...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/08 12:0 a.m.8 views

An Automated Framework for Cybersecurity Policy Compliance Assessment against Security Control Standards

Organizational cybersecurity policies are often examined to determine whether they adequately comply standard security controls. This task is difficult because control statements are abstract, whereas policy documents describe governance practices in varied natural language. As a result,...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/07 10:20 p.m.9 views

CVE-2026-42880

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext...

9.6CVSS5.7AI score0.00505EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2026/05/07 8:55 p.m.4 views

GHSA-438Q-JX8F-CCCV Zebra Vulnerable to Allocation Amplification in Inbound Network Deserializers

CVE-2026-44500: Allocation Amplification in Inbound Network Deserializers Summary Several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter protocol or consensus limits were enforced. An unauthenticated or...

5.3CVSS5.8AI score0.00362EPSS
Exploits1References4
Packet Storm News
Packet Storm News
added 2026/05/07 12:0 a.m.8 views

Cryptographic and Information-Theoretic Security Capacities for General Arbitrarily Varying Wiretap Channels

We compare the strong secrecy capacities of Arbitrarily Varying Wiretap Channels AVWCs and General Arbitrary Varying Wiretap Channels GAVWCs with their capacities under semantic secrecy constraint and other equivalent cryptographic secrecy constraints. It turns out that the average error and stro...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/05 8:29 p.m.22 views

ssrfcheck Vulnerable to Server-Side Request Forgery (SSRF) and Incomplete List of Disallowed Inputs

Summary ssrfcheck v1.3.0 latest fails to block Server-Side Request Forgery attacks when the target private IP address is encoded as an IPv4-mapped IPv6 address e.g. http://::ffff:127.0.0.1/. The WHATWG URL parser built into Node.js silently normalizes the IPv4 notation inside the brackets to...

8.2CVSS5.8AI score0.00226EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder