Lucene search
K

1686 matches found

Packet Storm News
Packet Storm News
added 2026/06/02 12:0 a.m.13 views

Windows Telemetry Persistence

This simulation proof of concept code demonstrates conceptual persistence mechanisms registry-like structures and scheduled task representation without performing actual registry modifications, persistence installation, or execution...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/02 12:0 a.m.11 views

Learn from Your Mistakes: Tree-Like Self-Play for Secure Code LLMs

While Large Language Models LLMs excel in code generation, they remain prone to replicating subtle yet critical vulnerabilities endemic to their training data. Current alignment techniques, such as Supervised Fine-Tuning SFT and Reinforcement Learning RL, typically apply coarse-grained optimizati...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/31 4:39 a.m.104 views

TypiCMS-Search-LIKE-Wildcard-Info-Disclosure

TypiCMS Search LIKE Wildcard Information Disclosure A proof-o...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/29 1:33 p.m.15 views

OESA-2026-2476 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

7CVSS5.9AI score0.00552EPSS
Exploits0References2
OSV
OSV
added 2026/05/29 1:33 p.m.15 views

OESA-2026-2475 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

7CVSS5.9AI score0.00552EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/29 10:41 a.m.8 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic in the EntitySearchUtil::addSearchClause function in the autocomplete endpoint. The endpoint constructs SQL query with LIKE expression without escaping the SQL LIKE wildcar...

8.7CVSS5.6AI score
Exploits0References2
Friends Of PHP
Friends Of PHP
added 2026/05/29 8:0 a.m.16 views

symfony/ux-autocomplete Information exposure via unescaped LIKE wildcards in EntitySearchUtil

Description Symfony\UX\Autocomplete\Doctrine\EntitySearchUtil::addSearchClause builds the LIKE expression used by the autocomplete endpoint by wrapping the client-supplied query in %...% without escaping the SQL LIKE wildcards %, , . The value is passed as a bound parameter, so this is not SQL...

5.9AI score
Exploits0Affected Software1
NVD
NVD
added 2026/05/27 9:16 p.m.15 views

CVE-2026-44660

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operatio...

8.7CVSS0.00421EPSS
Exploits1References3
OSV
OSV
added 2026/05/27 9:16 p.m.11 views

UBUNTU-CVE-2026-44660

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operatio...

8.7CVSS5.8AI score0.00421EPSS
Exploits1References5
EUVD
EUVD
added 2026/05/27 8:42 p.m.9 views

EUVD-2026-32663

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operatio...

8.7CVSS5.8AI score0.00421EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/05/27 8:42 p.m.8 views

CVE-2026-44660

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operatio...

8.7CVSS5.8AI score0.00421EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2026/05/27 10:3 a.m.15 views

serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization

A flaw was found in serialize-javascript. An attacker can exploit this vulnerability by providing a specially crafted "array-like" object with an excessively large length property during the serialization process. This action causes the application to enter an intensive loop, leading to 100% CPU...

7.5CVSS5.8AI score0.00472EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/27 9:41 a.m.11 views

serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization

A flaw was found in serialize-javascript. An attacker can exploit this vulnerability by providing a specially crafted "array-like" object with an excessively large length property during the serialization process. This action causes the application to enter an intensive loop, leading to 100% CPU...

7.5CVSS5.8AI score0.00472EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/27 9:4 a.m.10 views

serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization

A flaw was found in serialize-javascript. An attacker can exploit this vulnerability by providing a specially crafted "array-like" object with an excessively large length property during the serialization process. This action causes the application to enter an intensive loop, leading to 100% CPU...

7.5CVSS5.8AI score0.00472EPSS
Exploits0References7
AlmaLinux
AlmaLinux
added 2026/05/27 12:0 a.m.25 views

Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.127 and .NET Runtime...

7.5CVSS5.8AI score0.0243EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 12:50 p.m.12 views

Malicious code in docontrol-mcp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b4326be57466c23f5347d67f1e2adcd9c1b508ffc42b04ebcadfe7c85bd75a97 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/26 7:36 a.m.13 views

python-markdown: denial of service via malformed HTML-like sequences

A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...

8.2CVSS7.2AI score0.00566EPSS
Exploits1References7
OSV
OSV
added 2026/05/26 6:25 a.m.14 views

MAL-2026-4779 Malicious code in ether-bn.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cc5567869e3d616af151887f680ef13bf23f8a19fe5978343254b921c1c7c73 Package name 'ether-bn.js' resembles the widely-used 'bn.js' big-number library, and the README directs users to install yet another name...

6AI score
Exploits0References3
OSV
OSV
added 2026/05/23 6:39 p.m.11 views

MAL-2026-4269 Malicious code in mistral-evals (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f79806b5d197ed3b6beeedfb7092ad6da36d1d186ad57dc12be0b030c63726c9 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 8:32 a.m.14 views

Malicious code in ionic-insta-api-wrapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44363ea3b97b18ea938430059144fd219a58b93d04149e45da97c60322ff4868 This package presents itself as an Instagram API wrapper but silently forwards caller-supplied Instagram credentials and session data to a hardcoded...

5.5AI score
Exploits0References2
Rows per page
Query Builder