Lucene search
K

3917 matches found

RedhatCVE
RedhatCVE
added 2026/04/03 5:42 p.m.6 views

CVE-2026-23456

A flaw was found in the Linux kernel's netfilter H.323 connection tracking module. A remote attacker could exploit this vulnerability by sending a specially crafted H.323/RAS H.323 Registration, Admission, and Status packet. The system's processing of these packets could lead to an out-of-bounds...

8.2CVSS5.9AI score0.00452EPSS
Exploits0References4
Amazon
Amazon
added 2026/04/01 12:0 a.m.4 views

Important: amazon-ssm-agent

Issue Overview: cmd/go: bypass of flag sanitization can lead to arbitrary code execution CVE-2025-61731 cmd/go: unexpected code execution when invoking toolchain CVE-2025-68119 Affected Packages: amazon-ssm-agent Issue Correction: Run dnf update amazon-ssm-agent --releasever 2023.10.20260330 or d...

7.8CVSS6.4AI score0.00532EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 3:6 p.m.10 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to CVE-2026-25547 in package @isaacs/brace-expansion

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to CVE-2026-25547 in package @isaacs/brace-expansion. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-25547 DESCRIPTION: @isaacs/brace-expansion is a hybrid CJS/ESM...

9.2CVSS5.8AI score0.00481EPSS
Exploits0Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/03/27 7:43 p.m.3 views

CVE-2026-33654

nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module nanobot/channels/email.py, allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions and subsequently, system tools without...

9.3CVSS6.1AI score0.00489EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/03/27 7:43 p.m.4 views

EUVD-2026-16777

nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module nanobot/channels/email.py, allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions and subsequently, system tools without...

9.3CVSS6.1AI score0.00489EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 5:53 p.m.6 views

Security Bulletin: IBM dataPower Gateway affected by prototype pollution vulnerability in Lodash

Summary The affected package is used in the UI and API Gateway Director components Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which cause...

8.2CVSS5.9AI score0.01535EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.4 views

PT-2026-28507

Name of the Vulnerable Software and Affected Versions nanobot versions prior to 0.1.6 Description An indirect prompt injection exists in the email channel processing module nanobot/channels/email.py. This allows a remote, unauthenticated attacker to execute arbitrary Large Language Model LLM...

9.8CVSS6.6AI score0.00489EPSS
Exploits1References11
Amazon
Amazon
added 2026/03/27 12:0 a.m.9 views

Low: python3.13-pip

Issue Overview: When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical...

2CVSS5.8AI score0.0039EPSS
Exploits1
Amazon
Amazon
added 2026/03/27 12:0 a.m.6 views

Medium: libde265

Issue Overview: strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decodercontext::computeframedroptable. CVE-2025-61147 Affected Packages: libde265 Issue Correction: Run dnf update libde265 --releasever 2023.10.20260325 or dnf update --advisory...

6.2CVSS5.8AI score0.00159EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.10 views

PT-2026-26150

Name of the Vulnerable Software and Affected Versions VMware vCenter Server affected versions not specified Daytona versions prior to 0.184.0 Description Two distinct issues were identified. First, a flaw in the SOAP API of VMware vCenter Server allows unauthenticated attackers to trigger arbitra...

7CVSS6.2AI score0.00249EPSS
Exploits0References6
SUSE Linux
SUSE Linux
added 2026/03/17 5:34 p.m.9 views

Security update for container-suseconnect

This update for container-suseconnect rebuilds it against the current go 1.25 security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product:...

5.8AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/16 3:51 p.m.9 views

Security Bulletin: Multiple security vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU - January 2026 CPU affects IBM OpenPages

Summary IBM® SDK, Java™ Technology Edition is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM SDK, Java Technology Edition Quarterly CPU - January 2026 has been published in multiple security bulletins. These products have addressed the...

5.8AI score
Exploits0Affected Software1
OSV
OSV
added 2026/03/12 2:50 p.m.3 views

GHSA-X442-M7CC-HR92 kora-lib: Unrecognized Instruction Types Create Empty Stubs That Bypass Fee Payer Policy

Summary When inner CPI instructions use instruction types not recognized by Kora's parser including Token-2022 extension instructions like ConfidentialTransfer, TransferFeeExtension::WithdrawWithheldTokens, etc., they are reconstructed as stub instructions with empty accounts and empty data. Thes...

6.9CVSS6AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/12 2:50 p.m.7 views

kora-lib: Unrecognized Instruction Types Create Empty Stubs That Bypass Fee Payer Policy

Summary When inner CPI instructions use instruction types not recognized by Kora's parser including Token-2022 extension instructions like ConfidentialTransfer, TransferFeeExtension::WithdrawWithheldTokens, etc., they are reconstructed as stub instructions with empty accounts and empty data. Thes...

5.9AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/10 5:11 p.m.5 views

CVE-2026-30960 RSSN has Arbitrary Code Execution via Unvalidated JIT Instruction Generation in C-FFI Interface

rssn is a scientific computing library for Rust, combining a high-performance symbolic computation engine with numerical methods support and physics simulations functionalities. The vulnerability exists in the JIT Just-In-Time compilation engine, which is fully exposed via the CFFI Foreign Functi...

9.4CVSS5.9AI score0.0021EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/10 5:11 p.m.1 views

CVE-2026-30960 RSSN has Arbitrary Code Execution via Unvalidated JIT Instruction Generation in C-FFI Interface

rssn is a scientific computing library for Rust, combining a high-performance symbolic computation engine with numerical methods support and physics simulations functionalities. The vulnerability exists in the JIT Just-In-Time compilation engine, which is fully exposed via the CFFI Foreign Functi...

9.4CVSS5.9AI score0.0021EPSS
Exploits0References3
HackRead
HackRead
added 2026/03/10 2:10 p.m.8 views

Study Finds ROME AI Agent Attempted Cryptomining Without Instructions

A recent research paper describing the training of an experimental AI agent has started a discussion after the…...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/03/10 1:19 a.m.9 views

RSSN has Arbitrary Code Execution via Unvalidated JIT Instruction Generation in C-FFI Interface

Impact Vulnerability Type: Improper Control of Generation of Code 'Code Injection' CWE-94 / Improper Check for Unusual or Exceptional Conditions CWE-754 / Improper Input Validation CWE-20 / Use of Low-Level Functionality CWE-695 / Improper Privilege Management CWE-269 / External Control of System...

9.4CVSS5.9AI score0.0021EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/06 2:37 p.m.7 views

CVE-2026-0995

An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME...

3.6CVSS5.7AI score0.00088EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2026/03/05 3:17 p.m.8 views

Security update for python-Authlib

This update for python-Authlib fixes the following issues: CVE-2025-68158: Fixed 1-click account takeover in applications that use the Authlib library bsc1256414 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

6.9CVSS5.9AI score0.00237EPSS
Exploits1References4
Rows per page
Query Builder