Lucene search
K

4339 matches found

Cvelist
Cvelist
added 2026/02/27 2:1 a.m.25 views

CVE-2026-24498

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in EFM-Networks, Inc. IpTIME T5008, EFM-Networks, Inc. IpTIME AX2004M, EFM-Networks, Inc. IpTIME AX3000Q, EFM-Networks, Inc. IpTIME AX6000M allows Authentication Bypass.This issue affects ipTIME T5008: through 15.26.8; ipTIM...

6CVSS0.0041EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/02/27 12:0 a.m.4 views

Exploring Robust Intrusion Detection: A Benchmark Study of Feature Transferability in IoT Botnet Attack Detection

Cross-domain intrusion detection remains a critical challenge due to significant variability in network traffic characteristics and feature distributions across environments. This study evaluates the transferability of three widely used flow-based feature sets Argus, Zeek and CICFlowMeter across...

6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/26 12:7 p.m.9 views

LLMs Generate Predictable Passwords

LLMs are bad at generating passwords: There are strong noticeable patterns among these 50 passwords that can be seen easily: All of the passwords start with a letter, usually uppercase G, almost always followed by the digit 7. Character choices are highly uneven ­ for example, L , 9, m, 2, $ and...

5.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.8 views

PT-2026-22151

Name of the Vulnerable Software and Affected Versions Flair versions 0.4.1 through latest Description The deserialization of untrusted data in the LanguageModel class can lead to arbitrary code execution when loading a malicious model. Recommendations Versions prior to 0.4.1 are not affected. At...

8.4CVSS6.5AI score0.00154EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.5 views

PT-2026-22213

Name of the Vulnerable Software and Affected Versions Manyfold versions prior to 0.133.1 Description Manyfold is a self-hosted web application for managing 3d models. A flaw exists in the get model method within the ModelFilesController lines 158-160 where models are loaded using Model.find...

5.3CVSS5.9AI score0.00265EPSS
Exploits1References6
Packet Storm News
Packet Storm News
added 2026/02/26 12:0 a.m.13 views

Reverse CAPTCHA: Evaluating LLM Susceptibility to Invisible Unicode Instruction Injection

We introduce Reverse CAPTCHA, an evaluation framework that tests whether large language models follow invisible Unicode-encoded instructions embedded in otherwise normal-looking text. Unlike traditional CAPTCHAs that distinguish humans from machines, our benchmark exploits a capability gap: model...

5.8AI score
Exploits0
Apple
Apple
added 2026/02/26 12:0 a.m.14 views

Apple Security Update: visionOS 26.3.1

Apple recommends to install security update visionOS 26.3.1 on devices Apple Vision Pro all models...

5.4AI score
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/25 11:16 p.m.3 views

CVE-2026-27933 Manyfold vulnerable to session hijack via cookie leakage in proxy caches

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Versions prior to 0.133.0 are vulnerable to session hijack via cookie leakage in proxy caches. Version 0.133.0 fixes the issue...

6.8CVSS5.4AI score0.00262EPSS
Exploits1References2
EUVD
EUVD
added 2026/02/25 11:16 p.m.7 views

EUVD-2026-8776

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Versions prior to 0.133.0 are vulnerable to session hijack via cookie leakage in proxy caches. Version 0.133.0 fixes the issue...

6.8CVSS5.4AI score0.00262EPSS
Exploits1References2
EUVD
EUVD
added 2026/02/25 6:31 p.m.6 views

EUVD-2026-8698

Due to an improperly configured firewall rule, the router will accept any connection on the WAN port with the source port 5222, exposing all services which are normally only accessible through the local network. This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200...

7.5CVSS5.4AI score0.00245EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/02/25 12:0 a.m.4 views

APFuzz: Towards Automatic Greybox Protocol Fuzzing

Greybox protocol fuzzing is a random testing approach for stateful protocol implementations, where the input is protocol messages generated from mutations of seeds, and the search in the input space is driven by the feedback on coverage of both code and state. State model and message model are th...

6.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.5 views

PT-2026-22040

Name of the Vulnerable Software and Affected Versions Manyfold versions prior to 0.133.0 Description Manyfold is a self-hosted web application used for managing 3D models, with a focus on 3D printing. Prior to version 0.133.0, a logged-in user could achieve Remote Code Execution RCE when model...

8.8CVSS6AI score0.0037EPSS
Exploits1References10
Metasploit
Metasploit
added 2026/02/24 6:57 p.m.407 views

GrandStream GXP1600 Unauthenticated Remote Code Execution

An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution RCE with root privileges on a target device. The vulnerability affects all six...

9.8CVSS8.2AI score0.40014EPSS
Exploits2
HackRead
HackRead
added 2026/02/24 5:13 p.m.6 views

Anthropic Claims Chinese AI Firms ‘Distilled’ Claude to Train Their Models

Anthropic claims Chinese AI firms distilled Claude to train rival AI models, raising concerns about model extraction, security risks, and AI distillation abuse...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/24 12:0 a.m.11 views

AdapTools: Adaptive Tool-Based Indirect Prompt Injection Attacks on Agentic LLMs

The integration of external data services e.g., Model Context Protocol, MCP has made large language model-based agents increasingly powerful for complex task execution. However, this advancement introduces critical security vulnerabilities, particularly indirect prompt injection IPI attacks...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/24 12:0 a.m.6 views

Analysis of LLMs against Prompt Injection and Jailbreak Attacks

Large Language Models LLMs are widely deployed in real-world systems. Given their broader applicability, prompt engineering has become an efficient tool for resource-scarce organizations to adopt LLMs for their own purposes. At the same time, LLMs are vulnerable to prompt-based attacks. Thus,...

6AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/24 12:0 a.m.226 views

📄 GrandStream GXP1600 Unauthenticated Remote Code Execution

An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution RCE with root privileges on a target device. The vulnerability affects all six...

9.8CVSS7AI score0.40014EPSS
Exploits2
Packet Storm News
Packet Storm News
added 2026/02/23 12:0 a.m.2 views

SafePickle: Robust and Generic ML Detection of Malicious Pickle-Based ML Models

Model repositories such as Hugging Face increasingly distribute machine learning artifacts serialized with Python's pickle format, exposing users to remote code execution RCE risks during model loading. Recent defenses, such as PickleBall, rely on per-library policy synthesis that requires comple...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/23 12:0 a.m.1 views

CIBER: A Comprehensive Benchmark for Security Evaluation of Code Interpreter Agents

LLM-based code interpreter agents are increasingly deployed in critical workflows, yet their robustness against risks introduced by their code execution capabilities remains underexplored. Existing benchmarks are limited to static datasets or simulated environments, failing to capture the securit...

6.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/23 12:0 a.m.4 views

An Explainable Memory Forensics Approach for Malware Analysis

Memory forensics is an effective methodology for analyzing living-off-the-land malware, including threats that employ evasion, obfuscation, anti-analysis, and steganographic techniques. By capturing volatile system state, memory analysis enables the recovery of transient artifacts such as decrypt...

6AI score
Exploits0
Rows per page
Query Builder