CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/27 2:16 p.m.•7 views

CVE-2026-35087

Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command. This issue was fixed in versions below: - NCP: version 1.24.0250 - IPx series: version 6.61.0040 - CCT-1668: version...

9.3CVSS0.00662EPSS

CVE•added 2026/05/27 12:42 p.m.•11 views

CVE-2026-35090

CVE-2026-35090 describes an authentication bypass in Slican telephone exchanges, allowing an unauthenticated attacker to remotely manage the control panel by dialing a specific caller ID. The issue enables bypass of admin authentication and full access to the service protocol and configuration pa...

9.3CVSS5.9AI score0.00625EPSS

Cvelist•added 2026/05/27 12:42 p.m.•34 views

CVE-2026-35087 Authentication Bypass in Slican telephone exchanges

9.3CVSS0.00662EPSS

Vulnrichment•added 2026/05/27 12:42 p.m.•6 views

CVE-2026-35087 Authentication Bypass in Slican telephone exchanges

9.3CVSS5.8AI score0.00662EPSS

Talos Blog•added 2026/05/27 10:0 a.m.•7 views

Introducing EvidenceForge: Synthetic security logs that don’t look (as) fake

Security teams need high-quality, labeled datasets to train threat hunters and incident responders, validate detection logic, and develop robust analytic models. EvidenceForge helps teams overcome the limitations of anonymized or stale public datasets, while avoiding the cost and complexity of...

5.6AI score

Positive Technologies•added 2026/05/27 12:0 a.m.•6 views

PT-2026-43701

9.3CVSS5.9AI score0.00625EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•8 views

PT-2026-43700

In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can deduce the secure key and obtain admin credentials. This issue was fixed in versions below: - IPx...

8.7CVSS5.8AI score0.00589EPSS

Packet Storm News•added 2026/05/27 12:0 a.m.•13 views

MIRAGE: Context-Aware Prompt Injection against Mobile GUI Agents Via User-Generated Content

Mobile graphical user interface GUI agents driven by vision-language models VLMs perceive the screen as rendered pixels and choose actions from what they see, so they cannot reliably separate trusted interface elements from user-generated content. We present MIRAGE Mobile Injection of Realistic...

Packet Storm News•added 2026/05/27 12:0 a.m.•20 views

Relevance As a Vulnerability: How Web Retrieval Degrades Safety Alignment in LLM Agents

AI agents augment large language models with external tools such as web retrieval, enabling grounded and up-to-date responses. However, incorporating external content into the generation pipeline can weaken the safety alignment mechanisms that govern model outputs. Prior work shows that enabling...

Packet Storm News•added 2026/05/27 12:0 a.m.•8 views

S3C2 Summit 2025-07: Government Secure Supply Chain Summit

Software supply chains, while providing immense economic and software development value, are only as strong as their weakest link. Over the past several years, there has been an exponential increase in cyberattacks specifically targeting vulnerable links in critical software supply chains. The...

Packet Storm News•added 2026/05/27 12:0 a.m.•25 views

SAMD: A Tool for Identifying False Data Injection Scenarios in AI/ML-Enabled Medical Devices

The growing integration of artificial intelligence AI and machine learning ML in medical systems requires effective measures to address emerging security risks. One such risk is that of adversaries introducing false data through vulnerable system components during inference, causing misdiagnosis...

Packet Storm News•added 2026/05/26 12:0 a.m.•9 views

BAIT: Boundary-Guided Disclosure Escalation Via Self-Conditioned Reasoning

In this work, we propose BAIT Boundary-Aware Iterative Trap, a three-step jailbreak framework that approaches malicious goals through internal disclosure. BAIT first asks the model to identify the protection boundary, then requires it to refine that boundary, and finally requests a detailed...

Packet Storm News•added 2026/05/26 12:0 a.m.•8 views

Disentangling Adversarial Prompts: A Semantic-Graph Defense for Robust LLM Security

Large Language Models LLMs are increasingly vulnerable to adversarial prompts that exploit semantic ambiguities to bypass safety mechanisms, resulting in harmful or inappropriate outputs. Such attacks, including jailbreaking and prompt injection, pose significant risks to the integrity and...

CNNVD•added 2026/05/26 12:0 a.m.•6 views

MaxKB 代码问题漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.8.1 contained code vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability in the OSS file service URL retrieval...

6.3CVSS5.9AI score0.0022EPSS

Packet Storm News•added 2026/05/25 12:0 a.m.•8 views

Security of OpenClaw Agents: Fundamentals, Attacks, and Countermeasures

The rapid evolution of large language model LLM-driven autonomous agents has given rise to OpenClaw, a new class of open-source agent frameworks that operate as continuously running, skill-augmented systems with persistent memory, multi-channel interaction, and high degrees of autonomy. Such...

5.9AI score

Packet Storm News•added 2026/05/25 12:0 a.m.•8 views

Intelligent Detection and Mitigation of Carpet-Bombing DDoS Attacks in SDN Using Retrieval-Augmented Generation and Large Language Models

Software-Defined Networking SDN provides flexible and programmable network management; however, its centralized control architecture remains highly vulnerable to Distributed Denial-of-Service DDoS attacks, particularly Carpet-Bombing DDoS attacks that distribute malicious traffic across multiple...

GithubExploit•added 2026/05/24 11:38 a.m.•88 views

PwnGPT-Automation

PwnGPT Caputre the flag with Large Language Models. Constructe...

6AI score

Packet Storm News•added 2026/05/24 12:0 a.m.•10 views

APT-Agent: Automated Penetration Testing Using Large Language Models

Penetration testing is essential to securing modern web infrastructures, yet traditional manual methods struggle to keep pace with their scale and complexity. Large Language Models LLMs offer new opportunities for automating these tasks, but existing approaches face two persistent challenges:...

Packet Storm News•added 2026/05/23 12:0 a.m.•9 views

AI-Driven Adaptive Adversaries and the Erosion of Cryptographic Trust in Public Key Systems

This paper examines the erosion of Public Key Cryptography PKC security under adaptive adversarial optimisation driven by artificial intelligence. The problem addressed is the growing mismatch between algorithm-centric cryptographic security models and operational attack realities, where...