Lucene search
K

19524 matches found

Packet Storm News
Packet Storm News
added 2026/05/10 12:0 a.m.8 views

Operationalizing Cybersecurity Governance for Mitigation Planning with Attack-Path Modeling and Reinforcement Learning

We address a fundamental challenge in cybersecurity operations of translating governance frameworks into actionable mitigation decisions under realistic resource constraints. Frameworks such as the NIST Cybersecurity Framework CSF provide widely adopted measures of organizational maturity, but do...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/10 12:0 a.m.9 views

Security Risks in Tool-Enabled AI Agents: A Systematic Analysis of Privileged Execution Environments

Tool-enabled AI agents are increasingly deployed in cloud-hosted environments and offered as services, where they perform side-effecting operations through privileged tools within execution environments. While such agents enable powerful automation, the security implications of hosting autonomous...

5.9AI score
Exploits0
Mageia
Mageia
added 2026/05/09 4:24 p.m.13 views

Updated thunderbird packages fix security vulnerabilities

Use-after-free in the DOM: Core & HTML component. CVE-2026-6746 Use-after-free in the WebRTC component. CVE-2026-6747 Uninitialized memory in the Audio/Video: Web Codecs component. CVE-2026-6748 Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. CVE-2026-6749...

9.8CVSS5.8AI score0.00586EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/09 2:39 a.m.7 views

SUSE CVE-2026-43280

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Add bounds check on patindex to prevent OOB kernel read in madvise When user provides a bogus patindex value through the madvise IOCTL, the xepatindexgetcohmode function performs an array access without validating bounds...

7.1CVSS5.7AI score0.00118EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/05/08 2:50 p.m.110 views

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

markdown 🧬 ROSN-LR5 – Kernel LPE PoC & Mitigation Toolkit...

7.8CVSS6AI score0.96775EPSS
Exploits228
RedhatCVE
RedhatCVE
added 2026/05/08 12:14 p.m.10 views

CVE-2026-43003

A flaw was found in OpenStack ironic-python-agent IPA. The Ironic Python Agent sometimes executes the grub-install command from within a chroot environment of a deployed partition image. This allows an attacker, by providing a malicious image, to achieve arbitrary code execution within the system...

8.5CVSS6.1AI score0.00837EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/08 12:0 p.m.12 views

CVE-2026-40912

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This authentication bypass vulnerability allows an unauthenticated attacker to access protected content. The flaw occurs when the StripPrefixRegex middleware is used with authentication mechanisms such as ForwardAuth, BasicAuth...

8.6CVSS5.7AI score0.00767EPSS
Exploits1References7
Akamai Blog
Akamai Blog
added 2026/05/08 12:0 p.m.13 views

CVE-2026-34354: Guardicore Local Privilege Escalation Vulnerability

Read the technical details of a security vulnerability CVE-2026-34354 in Akamai Guardicore Platform Agent for Windows — and get clear guidance on mitigation...

7.4CVSS5.8AI score0.00325EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/08 11:10 a.m.10 views

CVE-2026-43864

A flaw was found in mutt. This vulnerability, a null pointer dereference in the showsigsummary function, could allow an attacker to cause a denial of service. This occurs when processing specially crafted input related to signature summaries. Mitigation Mitigation for this issue is either not...

4.7CVSS5.6AI score0.00096EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/08 11:7 a.m.13 views

CVE-2026-37540

A flaw was found in OpenAMP. An integer overflow vulnerability exists in the ELF loader's firmware image parsing, specifically within elfloader.c. This flaw occurs when multiplying two attacker-controlled 16-bit values from the ELF header without proper overflow checking. On 32-bit embedded...

9.8CVSS6AI score0.00253EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/08 11:1 a.m.9 views

CVE-2026-6915

A flaw was found in MongoDB. An authenticated user could exploit an authorization flaw in the user management command. This allows them to make limited changes to authentication-related data associated with another user account. Such modifications could affect how authentication is performed for...

6.3CVSS5.6AI score0.00167EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/08 8:42 a.m.33 views

CVE-2026-43284

A flaw was found in the Linux kernel's xfrm-ESP and RxRPC subsystems. Unsafe in-place cryptographic processing of shared socket buffer fragments allows a low-privileged local attacker to corrupt page-cache contents of readable files, including sensitive system files, and gain root privileges. The...

8.8CVSS6.1AI score0.93235EPSS
Exploits31References4
GithubExploit
GithubExploit
added 2026/05/08 7:24 a.m.107 views

Exploit for Write-what-where Condition in Linux Linux_Kernel

Dirty Frag mitigation script This script: 1. Block...

7.8CVSS6AI score0.93235EPSS
Exploits31
SUSE CVE
SUSE CVE
added 2026/05/08 2:19 a.m.10 views

SUSE CVE-2026-43261

In the Linux kernel, the following vulnerability has been resolved: arm64: Add support for TSV110 Spectre-BHB mitigation The TSV110 processor is vulnerable to the Spectre-BHB Branch History Buffer attack, which can be exploited to leak information through branch prediction side channels. This...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2026/05/07 9:5 p.m.15 views

Webauthn has a User Verification Downgrade via Default-Open ClientOverridePolicy

Summary In version 5.3.0 of the Symfony bundle, Webauthn\Bundle\Policy\ClientOverridePolicy defaulted to allowing all client overrides, including userVerification. A client could send "userVerification": "discouraged" in the assertion or attestation options request to override a server-configured...

5.9AI score
Exploits0References2Affected Software1
GithubExploit
GithubExploit
added 2026/05/07 8:32 p.m.93 views

Exploit for CVE-2026-38360

CVE-2026-38360: Path Traversal in dash-uploader !CVEhttps...

6AI score0.05982EPSS
Exploits5
OSV
OSV
added 2026/05/07 8:42 a.m.7 views

BIT-KEYDB-2026-23631 redis-server Lua use-after-free may allow remote code execution

Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...

8.8CVSS6.1AI score0.01782EPSS
Exploits0References3
OSV
OSV
added 2026/05/07 7:1 a.m.4 views

SUSE-SU-2026:1741-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues Updated to Mozilla Thunderbird 140.10.1: MFSA 2026-34 bsc1262230: - CVE-2026-6746: Use-after-free in the DOM: Core & HTML component. - CVE-2026-6747: Use-after-free in the WebRTC component. - CVE-2026-6748: Uninitialized memory in the...

9.8CVSS6AI score0.04938EPSS
Exploits1References32
RedHat Linux
RedHat Linux
added 2026/05/07 4:51 a.m.18 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS6.7AI score0.00308EPSS
Exploits0References7
Snyk
Snyk
added 2026/05/06 9:59 p.m.8 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the GET /api/v1/stable/dags/tasks endpoint via improper tenant checks in the listTasksByDAGIds function. An attacker can access sensitive task metadata belonging to other tenants by...

6.5CVSS5.8AI score0.00181EPSS
Exploits0References2
Rows per page
Query Builder