27 matches found
GHSA-3PRJ-6HQW-CM82 PHP JWT Library: PBES2-HS*+A*KW unwrap accepts an unbounded p2c iteration count, enabling CPU-amplification denial of service
Impact When a JWE uses a password-based key-encryption algorithm PBES2-HS256+A128KW, PBES2-HS384+A192KW, PBES2-HS512+A256KW, PBES2AESKW::unwrapKey reads the p2c PBKDF2 iteration count parameter directly from the attacker-controlled JOSE header and passes it to hashpbkdf2 with no upper bound. The...
Astra Linux – Vulnerability in openjpeg2
Integer overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service DoS attack. This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files...
1,000,000 WordPress Sites Affected by Arbitrary File Read and SQL Injection Vulnerabilities in Avada Builder WordPress Plugin
On March 21st, 2026, we received a submission for an Arbitrary File Read and an SQL Injection vulnerability in Avada Builder, a WordPress plugin with an estimated 1,000,000 active installations. The arbitrary file read vulnerability can be used by authenticated attackers, with subscriber-level...
CVE-2026-4400
Insecure Direct Object Reference IDOR vulnerability in 1millionbot Millie chat that allows private conversations of other users being viewed by simply changing the conversation ID. The vulnerability is present in the endpoint 'api.1millionbot.com/api/public/conversations/' and, if exploited, coul...
CVE-2026-4399 Multiple vulnerabilities in 1millionbot Millie chatbot
Prompt injection vulnerability in 1millionbot Millie chatbot that occurs when a user manages to evade chat restrictions using Boolean prompt injection techniques formulating a question in such a way that, upon receiving an affirmative response 'true', the model executes the injected instruction,...
1millionbot Millie chatbot 安全漏洞
1millionbot Millie chatbot is a chatbot system provided by the Spanish company 1millionbot, capable of offering intelligent dialogue and automated customer service capabilities. There is a security vulnerability in 1millionbot Millie chatbot. This vulnerability stems from the API endpoint at...
1millionbot Millie chatbot 安全漏洞
1millionbot Millie chatbot is a chatbot system provided by the Spanish company 1millionbot, capable of offering intelligent dialogue and automated customer service capabilities. There is a security vulnerability in 1millionbot Millie chatbot, which stems from the possibility for users to use...
PT-2026-25401
Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any rate limiting, attempt counting, or account lockout mechanism. An attacker who has obtained a user's valid credentials via phishing, credential stuffing, or data breach c...
ShinyHunters Leak 2M Records From Dutch Telecom Odido, Claim 21M Stolen
ShinyHunters hackers leak 2 million records from Dutch telecom Odido after ransom refusal, claiming up to 21 million customer records were stolen in the breach...
True Random Number Generators on IQM Spark
Random number generation is fundamental for many modern applications including cryptography, simulations and machine learning. Traditional pseudo-random numbers may offer statistical unpredictability, but are ultimately deterministic. On the other hand, True Random Number Generation TRNG offers...
Cosmos: Economic DoS (Griefing) on IBC Relayers via `memo` Callback Gas Exploitation
Summary of Impact This vulnerability allows an attacker to bypass the relayer's simulation defense and force permissionless relayers to execute computationally expensive, but 'successful', transactions via the memo callback feature. This creates an asymmetric economic attack where the relayer's...
Scammers Steal $1 Million in Crypto Using Fake Delta and AMC Sites
Cybersecurity firm Netcraft has discovered a new task scam cluster that has stolen over $1 million in crypto.…...
Highly Sensitive Medical Cannabis Patient Data Exposed by Unsecured Database
Nearly a million records, which appear to be linked to a medical-cannabis-card company in Ohio, included Social Security numbers, government IDs, health conditions, and more...
Evaluating the Critical Risks of Amazon'S Nova Premier under the Frontier Model Safety Framework
Nova Premier is Amazon's most capable multimodal foundation model and teacher for model distillation. It processes text, images, and video with a one-million-token context window, enabling analysis of large codebases, 400-page documents, and 90-minute videos in a single prompt. We present the fir...
LAMDA: a Longitudinal Android Malware Benchmark for Concept Drift Analysis
Machine learning ML-based malware detection systems often fail to account for the dynamic nature of real-world training and test data distributions. In practice, these distributions evolve due to frequent changes in the Android ecosystem, adversarial development of new malware families, and the...
CVE-2024-45412
Yeti bridges the gap between CTI and DFIR practitioners by providing a Forensics Intelligence platform and pipeline. Remote user-controlled data tags can reach a Unicode normalization with a compatibility form NFKD. Under Windows, such normalization is costly in resources and may lead to denial o...
CVE-2024-45412 Yeti affected by a Potential Denial of Service due to the One Milion Unicode characters attack
Yeti bridges the gap between CTI and DFIR practitioners by providing a Forensics Intelligence platform and pipeline. Remote user-controlled data tags can reach a Unicode normalization with a compatibility form NFKD. Under Windows, such normalization is costly in resources and may lead to denial o...
SUSE CVE-2021-29338
Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service DoS. This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files...
ALPINE-CVE-2021-29338
Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service DoS. This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files...
AZL-44442 CVE-2021-29338 affecting package openjpeg2 2.3.1-12
Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service DoS. This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files...