Lucene search
K

1051 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:19 p.m.4 views

CVE-2025-52645

HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour...

5.3CVSS5.8AI score0.00084EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/25 5:6 a.m.8 views

Malicious code in facebookresearch (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b2532cd269873dbda78f99b9e22ab736c64c48ba32fa5c27deaf173fdbf33397 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
OSV
OSV
added 2026/03/24 5:32 p.m.7 views

CLSA-2026-1774373385 Update of lkrg-kmod

Split RPM specs according to Fedora kmod packaging guidelines, one spec for kmod, one for userspace - Import modsign macros if requested by the module build - Make lkrg into a meta package which pulls lkrg-kmod and the systemd unit definition - Add lkrgtest module for testing and demonstrating...

5.8AI score
Exploits0References1
Debian CVE
Debian CVE
added 2026/03/18 6:13 p.m.2 views

CVE-2026-3479

DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.getdata has the same security model as open. The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.getdata did...

4.6AI score0.00238EPSS
Exploits0
EUVD
EUVD
added 2026/03/16 3:30 p.m.3 views

EUVD-2025-208739

HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour...

1.9CVSS5.8AI score0.00084EPSS
Exploits0References2
NVD
NVD
added 2026/03/16 3:16 p.m.5 views

CVE-2025-52645

HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour...

5.3CVSS0.00084EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/16 2:39 p.m.22 views

CVE-2025-52645 HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification.

HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour...

1.9CVSS0.00084EPSS
Exploits0References1
CVE
CVE
added 2026/03/16 2:39 p.m.11 views

CVE-2025-52645

CVE-2025-52645 — HCL AION : The vulnerability concerns model packaging and distribution that may lack sufficient authenticity verification, allowing unverified or modified model artifacts and potential integrity concerns or unintended behavior. Affected product: HCL AION (AI lifecycle management ...

5.3CVSS5.8AI score0.00084EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 7:53 p.m.7 views

.NET Elevation of Privilege Vulnerability

Microsoft Security Advisory CVE-2026-26131 – .NET Elevation of Privilege Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 10.0. This advisory also provides guidance on what developers can do to update their...

7.8CVSS5.8AI score0.00359EPSS
Exploits0References4Affected Software6
Packet Storm News
Packet Storm News
added 2026/03/11 12:0 a.m.1 views

Advanced Python Payload Encryption Framework with Hybrid Cryptography Steganography and Anti‑Debugging

This Python program implements an advanced payload protection framework that combines multiple security and obfuscation techniques to encrypt, package, and distribute Python code. The framework supports hybrid encryption, multi‑key protection, anti‑debugging checks, and optional steganographic...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.5 views

PT-2026-23848

Name of the Vulnerable Software and Affected Versions dpkg-deb affected versions not specified Description The dpkg-deb component of the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive. This can lead to a...

7.5CVSS5.8AI score0.00418EPSS
Exploits0References30
CNVD
CNVD
added 2026/03/02 12:0 a.m.7 views

OpenClaw has an unspecified vulnerability (CNVD-2026-13379)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from local helper scripts following symbolic links when packaging skills, which can be exploited by an attacker to cause unintentional disclosure of local files...

4.6CVSS5.8AI score0.00221EPSS
Exploits0References1
OSV
OSV
added 2026/02/28 12:44 p.m.13 views

OESA-2026-1443 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 23.3.1 Release: 6 Summary: A...

8.9CVSS7.2AI score0.02667EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/27 4:28 a.m.25 views

CVE-2026-1442 Unitree UPK files Hard-Coded Key

Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker or anyone paying attention, the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree Go2 and other models...

7.8CVSS0.00153EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/24 5:25 p.m.10 views

Security Bulletin: IBM Installation Manager is affected by a vulnerability in the IBM SDK Java Technology Edition.

Summary There is a vulnerability in the IBM® SDK, Java™ Technology Edition Versions 8 used by IBM Installation Manager and IBM Packaging Utility. Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port library component since release 0.2.0, an API function to return the...

9.8CVSS5.8AI score0.00491EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/22 1:25 p.m.7 views

CVE-2026-27485

OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, skills/skill-creator/scripts/packageskill.py a local helper script used when authors package skills previously followed symlinks while building .skill archives. If an author runs this script on a crafted local skill directory...

4.6CVSS5.6AI score0.00221EPSS
Exploits0References1
NVD
NVD
added 2026/02/21 10:16 a.m.8 views

CVE-2026-27485

OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, skills/skill-creator/scripts/packageskill.py a local helper script used when authors package skills previously followed symlinks while building .skill archives. If an author runs this script on a crafted local skill directory...

4.6CVSS0.00221EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/21 9:27 a.m.24 views

CVE-2026-27485 OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline script injection

OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, skills/skill-creator/scripts/packageskill.py a local helper script used when authors package skills previously followed symlinks while building .skill archives. If an author runs this script on a crafted local skill directory...

4.6CVSS0.00221EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/21 9:27 a.m.7 views

CVE-2026-27485

OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, skills/skill-creator/scripts/packageskill.py a local helper script used when authors package skills previously followed symlinks while building .skill archives. If an author runs this script on a crafted local skill directory...

4.6CVSS5.7AI score0.00221EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/02/21 9:27 a.m.6 views

CVE-2026-27485 OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline script injection

OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, skills/skill-creator/scripts/packageskill.py a local helper script used when authors package skills previously followed symlinks while building .skill archives. If an author runs this script on a crafted local skill directory...

4.6CVSS5.7AI score0.00221EPSS
Exploits0References7
Rows per page
Query Builder