Lucene search
+L

27 matches found

OSV
OSV
added 2026/06/18 9:9 p.m.14 views

GHSA-3PRJ-6HQW-CM82 PHP JWT Library: PBES2-HS*+A*KW unwrap accepts an unbounded p2c iteration count, enabling CPU-amplification denial of service

Impact When a JWE uses a password-based key-encryption algorithm PBES2-HS256+A128KW, PBES2-HS384+A192KW, PBES2-HS512+A256KW, PBES2AESKW::unwrapKey reads the p2c PBKDF2 iteration count parameter directly from the attacker-controlled JOSE header and passes it to hashpbkdf2 with no upper bound. The...

8.7CVSS5.6AI score
Exploits0References6
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in openjpeg2

Integer overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service DoS attack. This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files...

5.5CVSS7AI score0.0156EPSS
Exploits1References2
Wordfence Blog
Wordfence Blog
added 2026/05/12 9:19 p.m.12 views

1,000,000 WordPress Sites Affected by Arbitrary File Read and SQL Injection Vulnerabilities in Avada Builder WordPress Plugin

On March 21st, 2026, we received a submission for an Arbitrary File Read and an SQL Injection vulnerability in Avada Builder, a WordPress plugin with an estimated 1,000,000 active installations. The arbitrary file read vulnerability can be used by authenticated attackers, with subscriber-level...

7.5CVSS6.5AI score0.00511EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/03/31 10:12 a.m.1 views

CVE-2026-4400

Insecure Direct Object Reference IDOR vulnerability in 1millionbot Millie chat that allows private conversations of other users being viewed by simply changing the conversation ID. The vulnerability is present in the endpoint 'api.1millionbot.com/api/public/conversations/' and, if exploited, coul...

7CVSS6AI score0.00209EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/31 10:10 a.m.28 views

CVE-2026-4399 Multiple vulnerabilities in 1millionbot Millie chatbot

Prompt injection vulnerability in 1millionbot Millie chatbot that occurs when a user manages to evade chat restrictions using Boolean prompt injection techniques formulating a question in such a way that, upon receiving an affirmative response 'true', the model executes the injected instruction,...

8.7CVSS0.00265EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.10 views

1millionbot Millie chatbot 安全漏洞

1millionbot Millie chatbot is a chatbot system provided by the Spanish company 1millionbot, capable of offering intelligent dialogue and automated customer service capabilities. There is a security vulnerability in 1millionbot Millie chatbot. This vulnerability stems from the API endpoint at...

7CVSS5.8AI score0.00209EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.11 views

1millionbot Millie chatbot 安全漏洞

1millionbot Millie chatbot is a chatbot system provided by the Spanish company 1millionbot, capable of offering intelligent dialogue and automated customer service capabilities. There is a security vulnerability in 1millionbot Millie chatbot, which stems from the possibility for users to use...

8.7CVSS5.8AI score0.00265EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.9 views

PT-2026-25401

Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any rate limiting, attempt counting, or account lockout mechanism. An attacker who has obtained a user's valid credentials via phishing, credential stuffing, or data breach c...

8.8CVSS5.9AI score0.0034EPSS
Exploits1References8
HackRead
HackRead
added 2026/02/27 7:1 p.m.6 views

ShinyHunters Leak 2M Records From Dutch Telecom Odido, Claim 21M Stolen

ShinyHunters hackers leak 2 million records from Dutch telecom Odido after ransom refusal, claiming up to 21 million customer records were stolen in the breach...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/10 12:0 a.m.7 views

True Random Number Generators on IQM Spark

Random number generation is fundamental for many modern applications including cryptography, simulations and machine learning. Traditional pseudo-random numbers may offer statistical unpredictability, but are ultimately deterministic. On the other hand, True Random Number Generation TRNG offers...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2025/11/14 9:4 a.m.17 views

Cosmos: Economic DoS (Griefing) on IBC Relayers via `memo` Callback Gas Exploitation

Summary of Impact This vulnerability allows an attacker to bypass the relayer's simulation defense and force permissionless relayers to execute computationally expensive, but 'successful', transactions via the memo callback feature. This creates an asymmetric economic attack where the relayer's...

6.7AI score
Exploits0
HackRead
HackRead
added 2025/08/27 7:45 p.m.3 views

Scammers Steal $1 Million in Crypto Using Fake Delta and AMC Sites

Cybersecurity firm Netcraft has discovered a new task scam cluster that has stolen over $1 million in crypto.…...

7.3AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2025/08/19 4:14 p.m.10 views

Highly Sensitive Medical Cannabis Patient Data Exposed by Unsecured Database

Nearly a million records, which appear to be linked to a medical-cannabis-card company in Ohio, included Social Security numbers, government IDs, health conditions, and more...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/07/07 12:0 a.m.5 views

Evaluating the Critical Risks of Amazon'S Nova Premier under the Frontier Model Safety Framework

Nova Premier is Amazon's most capable multimodal foundation model and teacher for model distillation. It processes text, images, and video with a one-million-token context window, enabling analysis of large codebases, 400-page documents, and 90-minute videos in a single prompt. We present the fir...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/24 12:0 a.m.6 views

LAMDA: a Longitudinal Android Malware Benchmark for Concept Drift Analysis

Machine learning ML-based malware detection systems often fail to account for the dynamic nature of real-world training and test data distributions. In practice, these distributions evolve due to frequent changes in the Android ecosystem, adversarial development of new malware families, and the...

7.1AI score
Exploits0
NVD
NVD
added 2024/09/10 4:15 p.m.34 views

CVE-2024-45412

Yeti bridges the gap between CTI and DFIR practitioners by providing a Forensics Intelligence platform and pipeline. Remote user-controlled data tags can reach a Unicode normalization with a compatibility form NFKD. Under Windows, such normalization is costly in resources and may lead to denial o...

7.5CVSS0.0078EPSS
Exploits1References3
OSV
OSV
added 2024/09/10 3:19 p.m.26 views

CVE-2024-45412 Yeti affected by a Potential Denial of Service due to the One Milion Unicode characters attack

Yeti bridges the gap between CTI and DFIR practitioners by providing a Forensics Intelligence platform and pipeline. Remote user-controlled data tags can reach a Unicode normalization with a compatibility form NFKD. Under Windows, such normalization is costly in resources and may lead to denial o...

5.3CVSS6.6AI score0.0078EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:43 a.m.4 views

SUSE CVE-2021-29338

Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service DoS. This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files...

3.3CVSS9.4AI score0.0156EPSS
Exploits1References6
OSV
OSV
added 2021/04/14 2:15 p.m.5 views

ALPINE-CVE-2021-29338

Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service DoS. This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files...

5.5CVSS7.1AI score0.0156EPSS
Exploits1References1
OSV
OSV
added 2021/04/14 2:15 p.m.6 views

AZL-44442 CVE-2021-29338 affecting package openjpeg2 2.3.1-12

Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service DoS. This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files...

5.5CVSS6.8AI score0.0156EPSS
Exploits1References1
Rows per page
Query Builder