Lucene search
K

532 matches found

OSV
OSV
added 2026/05/05 10:22 p.m.9 views

GHSA-FXC7-FM93-6Q77 ArcadeDB vulnerable to cross-database authorization bypass and unsecured newly-created databases

Impact Authenticated users and API tokens scoped to a specific database could read, write, and mutate schema on any other database on the same server. Two distinct defects contributed: 1 ServerSecurityUser.getDatabaseUser returned a DB user with an uninitialized fileAccessMap, which...

9CVSS5.8AI score0.00344EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/02 11:16 a.m.5 views

CVE-2026-4060

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. The escsql functi...

7.5CVSS6AI score0.00304EPSS
Exploits1References6
NVD
NVD
added 2026/04/28 7:37 p.m.5 views

CVE-2026-41382

OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord voice ingress that allows attackers to bypass channel and member allowlist restrictions. Attackers can exploit stale-role validation gaps and improper channel name validation to gain unauthorized access to...

5.4CVSS0.00222EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/28 6:9 p.m.36 views

CVE-2026-41382 OpenClaw < 2026.3.31 - Discord Voice Ingress Authorization Bypass via Channel and Role Validation Gaps

OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord voice ingress that allows attackers to bypass channel and member allowlist restrictions. Attackers can exploit stale-role validation gaps and improper channel name validation to gain unauthorized access to...

5.4CVSS0.00222EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/28 6:9 p.m.4 views

CVE-2026-41382 OpenClaw < 2026.3.31 - Discord Voice Ingress Authorization Bypass via Channel and Role Validation Gaps

OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord voice ingress that allows attackers to bypass channel and member allowlist restrictions. Attackers can exploit stale-role validation gaps and improper channel name validation to gain unauthorized access to...

5.4CVSS5.2AI score0.00222EPSS
Exploits0References3
CVE
CVE
added 2026/04/28 6:9 p.m.10 views

CVE-2026-41382

OpenClaw npm package contains an authorization bypass vulnerability in Discord voice ingress prior to version 2026.3.31. The issue stems from channel and member allowlist validation gaps, including stale-role validation and improper channel name validation, enabling access to restricted voice cha...

5.4CVSS5.3AI score0.00222EPSS
Exploits0References3Affected Software1
Packet Storm News
Packet Storm News
added 2026/04/25 12:0 a.m.6 views

From Stateless Queries to Autonomous Actions: A Layered Security Framework for Agentic AI Systems

Agentic AI systems face security challenges that stateless large language models do not. They plan across extended horizons, maintain persistent memory, invoke external tools, and coordinate with peer agents. Existing security analyses organize threats by attack type prompt injection, jailbreakin...

5.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/23 12:3 p.m.10 views

[Webinar] Mythos Reality Check: Beating Automated Exploitation at AI Speed

Imagine a world where hackers don't sleep, don't take breaks, and find weak spots in your systems instantly. Well, that world is already here. Thanks to AI, attackers are now launching automated, large-scale exploits faster than ever before. The time you have to fix a vulnerability before it gets...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.11 views

Flowise 代码注入漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior to Flowise 3.1.0, there was a code injection vulnerability. This vulnerability stemmed from the CSVAgent component, which allowed the provision of custom Pandas CSV reading code. Lack of...

9.4CVSS5.9AI score0.0145EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2026/04/22 12:0 a.m.14 views

CVEs with a CVSS Score Greater Than or Equal to 9

Critical vulnerabilities with Common Vulnerability Scoring System scores of 9.0 or higher pose severe risks to organisations' information systems. Timely detection and remediation are essential to minimise economic and reputational damage from cyberattacks. This paper provides a thorough analysis...

5.8AI score
Exploits0
HackRead
HackRead
added 2026/04/21 2:0 p.m.8 views

The Ungoverned Workforce: Cybersecurity Insiders Finds 92% Lack Visibility Into AI Identities

Washington D.C., USA, 21st April 2026, CyberNewswire...

5.7AI score
Exploits0
GithubExploit
GithubExploit
added 2026/04/21 9:36 a.m.199 views

SQLi

SQL Injection: An Elite Bug Bounty Hunter's Field Manual SQL...

9CVSS7.3AI score0.91877EPSS
Exploits17
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.9 views

Decidim 安全漏洞

Decidim is an open-source participatory democracy framework developed using Ruby on Rails. Versions of Decidim from 0.0.1 to 0.30.5 and 0.31.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of permission checks for the commentable fields in the API, which could...

7.5CVSS5.8AI score0.00287EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/04/20 12:0 a.m.5 views

Owner-Harm: A Missing Threat Model for AI Agent Safety

Existing AI agent safety benchmarks focus on generic criminal harm cybercrime, harassment, weapon synthesis, leaving a systematic blind spot for a distinct and commercially consequential threat category: agents harming their own deployers. Real-world incidents illustrate the gap: Slack AI...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/19 12:0 a.m.7 views

SoK: Reshaping Research on Network Intrusion Detection Systems

Network Intrusion Detection Systems NIDS have been studied for decades. Hundreds of papers have, e.g., proposed ways to enhance, harden or bypass NIDS. However, the findings of prior literature are hardly reflected in real-world operational contexts. Such a disconnection is problematic for resear...

5.5AI score
Exploits0
Fedora
Fedora
added 2026/04/18 12:53 a.m.7 views

[SECURITY] Fedora 43 Update: aqualung-1.2-12.fc43

Aqualung is an advanced music player originally targeted at the GNU/Linux operating system. It plays audio CDs, internet radio streams and pod casts as well as sound files in just about any audio format and has the feature of inserting no gaps between adjacent tracks...

9.1CVSS5.7AI score0.00419EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/18 12:0 a.m.11 views

ChurchCRM 安全漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.2.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of object-level authorization checks in the API endpoints, which could lead to information leaks...

7.1CVSS5.8AI score0.00336EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/16 10:50 p.m.9 views

Meridian: Multiple defense-in-depth gaps (collection/depth caps, telemetry, retry, fan-out)

Summary Meridian v2.1.0 Meridian.Mapping and Meridian.Mediator shipped with nine defense-in-depth gaps reachable through its public APIs. Two are HIGH severity — the advertised DefaultMaxCollectionItems and DefaultMaxDepth safety caps are silently bypassed on the IMapper.Mapsource, destination...

7.5CVSS5.9AI score0.00542EPSS
Exploits1References4Affected Software2
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.3 views

PT-2026-33274

Name of the Vulnerable Software and Affected Versions Livemesh Addons for Elementor versions prior to 9.1 Description The plugin allows unauthorized modification of data and Stored Cross-Site Scripting XSS through plugin settings. This occurs because the AJAX handler lae admin ajax lacks...

6.4CVSS5.4AI score0.00322EPSS
Exploits0References13
Microsoft Secure
Microsoft Secure
added 2026/04/15 4:0 p.m.7 views

Incident response for AI: Same fire, different fuel

In this article 1. The fundamentals still hold 2. Where AI changes the equation 3. Closing the gaps in telemetry, tooling, and response 4. The human dimension 5. Looking ahead When a traditional security incident hits, responders replay what happened. They trace a known code path, find the defect...

5.6AI score
Exploits0
Rows per page
Query Builder