Lucene search
K

1582 matches found

NVD
NVD
added 2026/06/22 2:17 p.m.10 views

CVE-2026-56448

A path traversal vulnerability exists in AIL Framework before the release containing commit 0041456af25da0cdea1c1c4624e46baff2731d8f. An authenticated AIL user can supply crafted object identifiers through the investigation workflow to cause file paths to resolve outside the intended image,...

8.3CVSS0.00292EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 12:54 p.m.27 views

CVE-2026-56448 Authenticated Path Traversal in AIL Framework Investigation Downloads Allows Arbitrary File Read

A path traversal vulnerability exists in AIL Framework before the release containing commit 0041456af25da0cdea1c1c4624e46baff2731d8f. An authenticated AIL user can supply crafted object identifiers through the investigation workflow to cause file paths to resolve outside the intended image,...

8.3CVSS0.00292EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 12:54 p.m.7 views

EUVD-2026-38238

A path traversal vulnerability exists in AIL Framework before the release containing commit 0041456af25da0cdea1c1c4624e46baff2731d8f. An authenticated AIL user can supply crafted object identifiers through the investigation workflow to cause file paths to resolve outside the intended image,...

8.3CVSS6AI score0.00292EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 12:54 p.m.11 views

CVE-2026-56448

CVE-2026-56448 involves a path traversal in the AIL Framework. An authenticated user can craft object identifiers via the investigation workflow, causing path components to be joined with storage paths without ensuring the final path stays in the intended image/favicon/screenshot directories. Thi...

8.3CVSS6AI score0.00292EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 12:54 p.m.5 views

CVE-2026-56448

A path traversal vulnerability exists in AIL Framework before the release containing commit 0041456af25da0cdea1c1c4624e46baff2731d8f. An authenticated AIL user can supply crafted object identifiers through the investigation workflow to cause file paths to resolve outside the intended image,...

8.3CVSS6AI score0.00292EPSS
Exploits0References2
Wired Threat Level
Wired Threat Level
added 2026/06/11 7:41 p.m.8 views

Grok Is Still Hosting Sexualized Deepfakes of Famous Women

A WIRED investigation found dozens of “nudified” deepfake images and videos on Grok's website, including nonconsensual depictions of celebrities and at least one prominent US politician...

5.4AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/06/09 5:35 p.m.27 views

Reconstructing AI activity in investigations

AI systems are now part of everyday work. Investigators need a consistent way to reconstruct what happened within them. Security teams are already investigating activity involving Microsoft 365 Copilot and Azure AI services—from prompt injection attempts to unexpected data access. Those signals a...

5.5AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 4:29 p.m.16 views

Security Bulletin: Investigation Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Investigation Assistant App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel i...

7.5CVSS6.6AI score0.00486EPSS
Exploits1Affected Software1
Circl
Circl
added 2026/05/20 7:7 p.m.8 views

GHSA-C9J4-9M59-847W

creationtimestamp| type| source ---|---|--- 2026-05-20 19:07:38+00:00| seen| https://github.blog/security/investigating-unauthorized-access-to-githubs-internal-repositories/ 2026-05-21 10:45:20+00:00| seen| https://bsky.app/profile/tech-trending.bsky.social/post/3mmeahvo27p2m 2026-05-21...

5.8AI score
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in ca-certificates

Certifi is a curated collection of Root Certificates designed to validate the reliability of SSL certificates and verify the identity of TLS hosts. On December 7, 2022, Certifi removed Root Certificates from “TrustCor” from the root store. These certificates are currently being removed from...

7.5CVSS6.5AI score0.00535EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/14 7:58 p.m.9 views

CVE-2026-42158

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, an adversary with knowledge of an investigation ID, could update the metadata of an investigation of another user. This vulnerability is fixed in 1.2.3...

2.3CVSS5.8AI score0.0017EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/13 3:33 a.m.9 views

SUSE CVE-2026-43469

In the Linux kernel, the following vulnerability has been resolved: xprtrdma: Decrement rereceiving on the early exit paths In the event that rpcrdmapostrecvs fails to create a work request due to memory allocation failure, say or otherwise exits early, we should decrement ep-rereceiving before...

7.5CVSS5.7AI score0.0038EPSS
Exploits0References3
NVD
NVD
added 2026/05/12 11:16 p.m.17 views

CVE-2026-42158

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, an adversary with knowledge of an investigation ID, could update the metadata of an investigation of another user. This vulnerability is fixed in 1.2.3...

2.3CVSS0.0017EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 11:1 p.m.34 views

CVE-2026-42158 Flowsint: Broken Access Control allows modification of investigation metadata from any user

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, an adversary with knowledge of an investigation ID, could update the metadata of an investigation of another user. This vulnerability is fixed in 1.2.3...

2.3CVSS0.0017EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 11:1 p.m.12 views

EUVD-2026-29875

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, an adversary with knowledge of an investigation ID, could update the metadata of an investigation of another user. This vulnerability is fixed in 1.2.3...

2.3CVSS5.8AI score0.0017EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 11:1 p.m.7 views

CVE-2026-42158 Flowsint: Broken Access Control allows modification of investigation metadata from any user

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, an adversary with knowledge of an investigation ID, could update the metadata of an investigation of another user. This vulnerability is fixed in 1.2.3...

2.3CVSS5.8AI score0.0017EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 11:1 p.m.10 views

CVE-2026-42158

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, an adversary with knowledge of an investigation ID, could update the metadata of an investigation of another user. This vulnerability is fixed in 1.2.3...

2.3CVSS5.8AI score0.0017EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/12 11:1 p.m.20 views

CVE-2026-42158

Flowsint prior to 1.2.3 has a broken access control issue that lets an attacker who knows an investigation ID modify metadata of another user’s investigation. Affected product: Flowsint OSINT graph exploration tool. Root cause: unauthorized update of investigation metadata due to inadequate acces...

2.3CVSS5.8AI score0.0017EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 10:58 p.m.9 views

EUVD-2026-29874

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a map node with a malicious label that contains arbitrary HTML. When the map tab is selected and a map node marker is...

5.1CVSS6AI score0.0028EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 10:55 p.m.11 views

EUVD-2026-29883

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Broken Access Control allows reading of sketch logs from any user. This vulnerability is fixed in 1.2.3...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References1
Rows per page
Query Builder