Lucene search
+L

571 matches found

OSV
OSV
added 2026/03/27 4:39 p.m.5 views

MAL-2026-2268 Malicious code in gemini-ai-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 db2be37ea455b54b825242a3f66310fdf3f70e50b1dc1a234fa3ebb534afa857 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

6AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/03/26 6:29 p.m.10 views

@activepieces/piece-google-gemini (=0.1.6), @activepieces/piece-google-vertexai (=0.1.2) +9 more potentially affected by CVE-2026-33750 via brace-expansion (>=2.0.0 <=2.0.2)

brace-expansion NPM version =2.0.0, =0.2.1, =1.16.0, =1.0.1, =0.0.20, =15.0.0 - fluid-webdriver =1.1.2 - nx-cargo =1.0.0-alpha.2 Source cves: CVE-2026-33750 Source advisory: OSV:GHSA-F886-M6HF-6M8V...

7.5CVSS6.2AI score0.0043EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/26 6:29 p.m.9 views

@activepieces/piece-google-gemini (=0.1.6), @activepieces/piece-google-vertexai (=0.1.2) +9 more potentially affected by CVE-2026-33750 via brace-expansion (>=2.0.0 <=2.0.2)

brace-expansion NPM version =2.0.0, =0.2.1, =1.16.0, =1.0.1, =0.0.20, =15.0.0 - fluid-webdriver =1.1.2 - nx-cargo =1.0.0-alpha.2 Source cves: CVE-2026-33750 Source advisory: SNYK:JS-BRACEEXPANSION-15789759...

7.5CVSS6.2AI score0.0043EPSS
Exploits0
EUVD
EUVD
added 2026/03/25 12:30 p.m.8 views

EUVD-2026-15251

In the Linux kernel, the following vulnerability has been resolved: tracing: Add NULL pointer check to triggerdatafree If triggerdataalloc fails and returns NULL, eventhisttriggerparse jumps to the outfree error path. While kfree safely handles a NULL pointer, triggerdatafree does not. This cause...

5.7AI score0.00123EPSS
Exploits0References7
EUVD
EUVD
added 2026/03/23 8:30 p.m.7 views

EUVD-2026-14518

New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check...

6.5CVSS5.8AI score0.00274EPSS
Exploits1References2
NVD
NVD
added 2026/03/23 8:16 p.m.8 views

CVE-2026-30886

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.11.4-alpha.2, an Insecure Direct Object Reference IDOR vulnerability in the video proxy endpoint GET /v1/videos/:taskid/content allows any authenticated user to access video...

6.5CVSS0.00274EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/23 7:18 p.m.14 views

CVE-2026-30886 New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.11.4-alpha.2, an Insecure Direct Object Reference IDOR vulnerability in the video proxy endpoint GET /v1/videos/:taskid/content allows any authenticated user to access video...

6.5CVSS5.8AI score0.00274EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2026/03/16 12:0 a.m.3 views

The Impact of AI-Assisted Development on Software Security: A Study of Gemini and Developer Experience

The ongoing shortage of skilled developers, particularly in security-critical software development, has led organizations to increasingly adopt AI-powered development tools to boost productivity and reduce reliance on limited human expertise. These tools, often based on large language models, aim...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.10 views

CVE-2026-2589

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 12.8.3 via the automated Settings Backup stored in a publicly accessible file. This makes it possible for unauthenticated attackers to...

5.3CVSS5.8AI score0.00239EPSS
Exploits0References1
NVD
NVD
added 2026/03/06 12:16 a.m.9 views

CVE-2026-2589

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 12.8.3 via the automated Settings Backup stored in a publicly accessible file. This makes it possible for unauthenticated attackers to...

5.3CVSS0.00239EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/05 11:21 p.m.6 views

CVE-2026-2589 Greenshift – animation and page builder blocks <= 12.8.3 - Unauthenticated Sensitive Information Exposure via Settings Backup

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 12.8.3 via the automated Settings Backup stored in a publicly accessible file. This makes it possible for unauthenticated attackers to...

5.3CVSS5.8AI score0.00239EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/05 11:21 p.m.34 views

CVE-2026-2589 Greenshift – animation and page builder blocks <= 12.8.3 - Unauthenticated Sensitive Information Exposure via Settings Backup

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 12.8.3 via the automated Settings Backup stored in a publicly accessible file. This makes it possible for unauthenticated attackers to...

5.3CVSS0.00239EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/05 11:21 p.m.9 views

CVE-2026-2589

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 12.8.3 via the automated Settings Backup stored in a publicly accessible file. This makes it possible for unauthenticated attackers to...

5.3CVSS5.9AI score0.00239EPSS
Exploits0References3
CVE
CVE
added 2026/03/05 11:21 p.m.27 views

CVE-2026-2589

The Greenshift WordPress plugin (animation and page builder blocks) is vulnerable to Sensitive Information Exposure in all versions up to 12.8.3 via an automated Settings Backup stored in a publicly accessible file. This allows unauthenticated attackers to extract configured API keys (OpenAI, Cla...

5.3CVSS5.9AI score0.00239EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.16 views

PT-2026-23575

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 12.8.3 via the automated Settings Backup stored in a publicly accessible file. This makes it possible for unauthenticated attackers to...

5.3CVSS5.9AI score0.00239EPSS
Exploits0References3
Malwarebytes
Malwarebytes
added 2026/03/03 12:10 p.m.12 views

Chrome flaw let extensions hijack Gemini’s camera, mic, and file access

Chrome’s Gemini “Live in Chrome” panel Gemini’s embedded, agent-style assistant mode within Chrome had a high‑severity vulnerability tracked as CVE‑2026‑0628. The flaw let a low‑privilege extension inject code into the Gemini side panel and inherit its powerful capabilities, including local file...

8.8CVSS6AI score0.06545EPSS
Exploits2
The Hacker News
The Hacker News
added 2026/03/02 5:8 p.m.12 views

New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel

Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system. The vulnerability, tracked as CVE-2026-0628 CVSS score: 8.8, has been described as a case of...

8.8CVSS6.3AI score0.06545EPSS
Exploits2
Malwarebytes
Malwarebytes
added 2026/03/02 8:1 a.m.26 views

A week in security (February 23 &#8211; March 1)

Last week on Malwarebytes Labs: Public Google API keys can be used to expose Gemini AI data Inside a fake Google security check that becomes a browser RAT Fake Zoom and Google Meet scams install Teramind: A technical deep dive How to understand and avoid Advanced Persistent Threats The Conduent...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/28 9:56 a.m.18 views

Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement

New research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to sensitive Gemini endpoints and access private data. The findings come from Truffle Security, which discovered nearly 3,000 Google API keys...

6.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/02/27 12:33 p.m.8 views

Public Google API keys can be used to expose Gemini AI data

Google Maps/Cloud API Application Programming Interface keys that used to be safe to publish can now, in many cases, be used as real Gemini AI credentials. This means that any key sitting in public JavaScript or application code may now let attackers connect to Gemini through its API, access data...

5.9AI score
Exploits0
Rows per page
Query Builder