CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added yesterday•5 views

EUVD-2026-36002

8.4CVSS5.4AI score0.00012EPSS

Exploits0References1

Positive Technologies•added yesterday•7 views

PT-2026-48400

5.4AI score0.00012EPSS

Packet Storm News•added 3 days ago•3 views

State of Agentic AI Security and Governance

An OWASP white paper analyzing the security, governance, and risk management considerations surrounding agentic AI systems, including autonomous decision-making, tool access, prompt injection, data protection, and organizational oversight. This is version 2.01...

5.5AI score

CNNVD•added 2026/05/28 12:0 a.m.•7 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak. This vulnerability allows authenticated users with existing organizational membership to exploit it by accessing user-facing APIs or requesting OpenID Connect...

4.3CVSS5.8AI score0.00025EPSS

Packet Storm News•added 2026/05/22 12:0 a.m.•11 views

Security, Privacy, and Ethical Risks in OpenClaw

This paper systematically investigates the security, privacy, and ethical risks, as well as the traceability challenges of OpenClaw, a locally executable AI agent system for natural language interaction and real-world task completion. While OpenClaw shows strong potential for personal assistance,...

Packet Storm News•added 2026/05/21 12:0 a.m.•5 views

From Preventive to Reactive: How AI Coding Assistants Transform Developers' Security Awareness

AI coding assistants are now central to professional software development, yet their impact on how developers think about and practice security remains poorly understood. While prior work has documented vulnerability rates in AI-generated code, a more fundamental question persists: how do these...

5.9AI score

Packet Storm News•added 2026/05/18 12:0 a.m.•7 views

Bridging the Cybersecurity Gap between Web2 and Web3 - an Incident-Based Analysis of Organizational and Application-Level Security Failures

The rapid adoption of Web3 infrastructures has led to a growing number of security incidents affecting cryptocurrency exchanges, custody services and blockchain-based platforms. While existing research predominantly focuses on vulnerabilities in smart contracts and blockchain protocols, a...

Packet Storm News•added 2026/05/11 12:0 a.m.•7 views

Cybercrime and Prevention: Colonel Blotto in Social Engineering

Cybercriminals increasingly target the human factor rather than continuously advancing technological defense mechanisms. Consequently, institutions that allocate substantial resources to strengthening their cybersecurity infrastructure may remain vulnerable if a deceived employee voluntarily...

Packet Storm News•added 2026/05/08 12:0 a.m.•5 views

SL5 Standard for AI Security

Security Level 5 SL5 is a security posture for AI systems that could plausibly thwart top-priority operations by the world's most cyber-capable institutions: those with extensive resources, state-level infrastructure, and expertise years ahead of the public state of the art. The SL5 terminology...

Snyk•added 2026/05/04 12:1 a.m.•1 views

Malicious Package

Overview @taxmoninor/taxmon is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score

Packet Storm News•added 2026/04/22 12:0 a.m.•5 views

CVEs with a CVSS Score Greater Than or Equal to 9

Critical vulnerabilities with Common Vulnerability Scoring System scores of 9.0 or higher pose severe risks to organisations' information systems. Timely detection and remediation are essential to minimise economic and reputational damage from cyberattacks. This paper provides a thorough analysis...

Snyk•added 2026/04/21 1:17 a.m.•3 views

Malicious Package

Overview apple-cloudkit-internal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS5.7AI score

Trend Micro Simply Security•added 2026/04/21 12:0 a.m.•12 views

Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories

Our research on Void Dokkaebi’s operations uncovered a campaign that turns infected developer repositories into malware delivery channels. By spreading through trusted workflows, organizational codebases, and open-source projects, the threat can scale from a single compromise to a broader supply...

Packet Storm News•added 2026/04/11 12:0 a.m.•2 views

Organizational Security Resource Estimation Via Vulnerability Queueing

We provide an approach that closely estimates an organization's cyber resources directly from vulnerability timestamps, using a non-stationary queueing framework. Traditional attack-surface metrics operate on static snapshots, ignoring the core attack-defense dynamics within information systems,...

Microsoft Secure•added 2026/03/24 5:0 p.m.•5 views

Governing AI agent behavior: Aligning user, developer, role, and organizational intent

AI agents increasingly perform tasks that involve reasoning, acting, and interacting with other systems. Building a trusted agent requires ensuring it operates within the correct boundaries and performs tasks consistent with its intended purpose. In practice, this requires aligning several layers...

5.9AI score