Lucene search
K

424 matches found

Packet Storm News
Packet Storm News
added 2026/04/30 12:0 a.m.9 views

Attention Is Where You Attack

Safety-aligned large language models rely on RLHF and instruction tuning to refuse harmful requests, yet the internal mechanisms implementing safety behavior remain poorly understood. We introduce the Attention Redistribution Attack ARA, a white-box adversarial attack that identifies...

5.8AI score
Exploits0
OSV
OSV
added 2026/04/29 12:10 a.m.6 views

OSV-2026-649 Container-overflow in OGRGeometryFactory::organizePolygons

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=506932597 Crash type: Container-overflow WRITE 1 Crash state: OGRGeometryFactory::organizePolygons OGRCreateFromShapeBin OpenFileGDB::FileGDBOGRGeometryConverterImpl::CreateCurveGeometry...

5.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.8 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-015458)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015458 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string...

7.5CVSS7.3AI score0.00851EPSS
Exploits1References4
OSV
OSV
added 2026/04/17 7:57 a.m.3 views

SUSE-SU-2026:21211-1 Security update for xwayland

This update for xwayland fixes the following issues: - CVE-2026-33999: XKB Integer Underflow in XkbSetCompatMap bsc1260922. - CVE-2026-34000: XKB Out-of-bounds Read in CheckSetGeom bsc1260923. - CVE-2026-34001: XSYNC Use-after-free in miSyncTriggerFence bsc1260924. - CVE-2026-34002: XKB...

9.1CVSS5.8AI score0.00489EPSS
Exploits0References11
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/16 5:52 p.m.5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-geo-7.17.13.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-geo-7.17.13.jar Vulnerability Details CVEID:CVE-2024-52981 DESCRIPTION: An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection...

7.5CVSS5.8AI score0.00549EPSS
Exploits0Affected Software1
SUSE Linux
SUSE Linux
added 2026/04/14 5:19 p.m.12 views

Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues: CVE-2026-33999: XKB integer underflow in XkbSetCompatMap bsc1260922. CVE-2026-34000: XKB out-of-bounds read in CheckSetGeom bsc1260923. CVE-2026-34001: XSYNC use-after-free in miSyncTriggerFence bsc1260924. CVE-2026-34002: XKB...

7.3CVSS6.1AI score0.00489EPSS
Exploits0References20
OSV
OSV
added 2026/04/14 12:0 a.m.7 views

UBUNTU-CVE-2026-34000

A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the CheckSetGeom and XkbAddGeomKeyAlias functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server,...

9.1CVSS5.7AI score0.00489EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/04/04 12:0 a.m.6 views

Explainable PQC: A Layered Interpretive Framework for Post-Quantum Cryptographic Security Assumptions

This paper studies how post-quantum cryptographic PQC security assumptions can be represented and communicated through a structured, layered framework that is useful for technical interpretation but does not replace formal cryptographic proofs. We propose "Explainable PQC,'' an interdisciplinary...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/26 12:0 a.m.6 views

Shape and Substance: Dual-Layer Side-Channel Attacks on Local Vision-Language Models

On-device Vision-Language Models VLMs promise data privacy via local execution. However, we show that the architectural shift toward Dynamic High-Resolution preprocessing e.g., AnyRes introduces an inherent algorithmic side-channel. Unlike static models, dynamic preprocessing decomposes images in...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/30 12:0 a.m.5 views

Optimal Transport-Guided Adversarial Attacks on Graph Neural Network-Based Bot Detection

The rise of bot accounts on social media poses significant risks to public discourse. To address this threat, modern bot detectors increasingly rely on Graph Neural Networks GNNs. However, the effectiveness of these GNN-based detectors in real-world settings remains poorly understood. In practice...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 7 : xorg-x11-server-1.20.4-18.el7 (AXSA:2022-3654:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3654:02 advisory. xorg-x11-server: X.Org Server ProcXkbSetGeometry out-of-bounds access CVE-2022-2319 xorg-x11-server: out-of-bounds access in ProcXkbSetDeviceInfo...

7.8CVSS7.6AI score0.00573EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.5 views

MiracleLinux 3 : kernel-2.6.18-274.1.AXS3 (AXSA:2011-313:06)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-313:06 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating...

7.8CVSS6.8AI score0.02791EPSS
Exploits10References19
Tenable Nessus
Tenable Nessus
added 2025/12/19 12:0 a.m.2 views

SUSE SLES16: ImageMagick / ImageMagick-config-7-SUSE / etc (SUSE-SU-2025:21211-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:21211-1 advisory. - CVE-2025-62594: unsigned underflow and division-by-zero can lead to OOB pointer arithmetic and process crash bsc1252749. -...

9.8CVSS6.8AI score0.04065EPSS
Exploits6References19
Packet Storm News
Packet Storm News
added 2025/12/16 12:0 a.m.5 views

CIS-BA: Continuous Interaction Space Based Backdoor Attack for Object Detection in the Real-World

Object detection models deployed in real-world applications such as autonomous driving face serious threats from backdoor attacks. Despite their practical effectiveness,existing methods are inherently limited in both capability and robustness due to their dependence on single-trigger-single-objec...

6.7AI score
Exploits0
OSV
OSV
added 2025/12/15 9:56 a.m.5 views

SUSE-SU-2025:21211-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2025-62594: unsigned underflow and division-by-zero can lead to OOB pointer arithmetic and process crash bsc1252749. - CVE-2025-57807: BlobStream Forward-Seek Under-Allocation bsc1249362. - CVE-2025-62171: incomplete fix for integer...

9.8CVSS5.9AI score0.04065EPSS
Exploits6References13
OSV
OSV
added 2025/10/09 2:14 p.m.9 views

CLSA-2025-1760019285 Fix CVE(s): CVE-2025-55212

SECURITY UPDATE: crash triggered by passing a colon to montage -geometry - debian/patches/CVE-2025-55212.patch: Fix invalid height and width checks in ThumbnailImage using MagickSafeReciprocal - CVE-2025-55212...

7.5CVSS7.1AI score0.00851EPSS
Exploits1References1
NVD
NVD
added 2025/10/09 2:15 a.m.6 views

CVE-2025-11166

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in all versions up to, and including, 9.0.46. This is due to the plugin exposing state-changing REST actions through an AJAX bridge without proper CSRF token validation, and having...

5.4CVSS0.00179EPSS
Exploits0References6
CVE
CVE
added 2025/10/09 1:48 a.m.24 views

CVE-2025-11166

WP Go Maps (formerly WP Google Maps) for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) across all versions up to 9.0.46. The root cause is an AJAX bridge that exposes state-changing REST actions without proper CSRF token validation and GET-accessible destructive logic lacking a per...

5.4CVSS5.5AI score0.00179EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/10/09 12:0 a.m.7 views

PT-2025-41330

Name of the Vulnerable Software and Affected Versions WP Go Maps plugin for WordPress versions prior to 9.0.46 Description The WP Go Maps plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. The plugin exposes state-changing REST actions through an AJAX bridge without appropria...

5.4CVSS6.4AI score0.00179EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-7711

Malware in sbrugna...

5.5CVSS6.5AI score0.00433EPSS
Exploits0References11
Rows per page
Query Builder