Lucene search
K

42 matches found

Nuclei
Nuclei
added yesterday38 views

Flatpress < v1.2.1 - Cross Site Scripting

Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting XSS vulnerability via the page parameter at /flatpress/admin.php. id: CVE-2022-40047 info: name: Flatpress v1.2.1 - Cross Site Scripting author: r3Y3r53 severity: medium description: | Flatpress v1.2.1 was discovered to...

5.4CVSS6AI score0.01431EPSS
Exploits1References3
OSV
OSV
added 2026/05/20 7:7 p.m.11 views

GO-2026-4953 goshs is Missing Write Protection for Parametric Data Values in github.com/patrickhener/goshs

goshs is Missing Write Protection for Parametric Data Values in github.com/patrickhener/goshs...

7.7CVSS7.3AI score0.00318EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.12 views

PT-2026-42366

goshs is Missing Write Protection for Parametric Data Values in github.com/patrickhener/goshs...

7.7CVSS7.3AI score0.00318EPSS
Exploits1References5
Snyk
Snyk
added 2026/04/10 9:10 p.m.4 views

Missing Write Protection for Parametric Data Values

Overview Affected versions of this package are vulnerable to Missing Write Protection for Parametric Data Values through improper sanitization of the destination path in the rename process. An attacker can overwrite files outside the intended root directory by supplying crafted destination paths...

7.7CVSS5.8AI score0.00318EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 9:10 p.m.4 views

Missing Write Protection for Parametric Data Values

Overview Affected versions of this package are vulnerable to Missing Write Protection for Parametric Data Values through improper sanitization of the destination path in the rename process. An attacker can overwrite files outside the intended root directory by supplying crafted destination paths...

7.7CVSS8.4AI score0.00318EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/10 8:0 p.m.2 views

EUVD-2026-21589

goshs is Missing Write Protection for Parametric Data Values...

7.7CVSS5.8AI score0.00318EPSS
Exploits1References3
Packet Storm News
Packet Storm News
added 2025/10/28 12:0 a.m.4 views

Secure Retrieval-Augmented Generation against Poisoning Attacks

Large language models LLMs have transformed natural language processing NLP, enabling applications from content generation to decision support. Retrieval-Augmented Generation RAG improves LLMs by incorporating external knowledge but also introduces security risks, particularly from data poisoning...

6.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/09/16 3:32 p.m.9 views

Spring Framework annotation detection mechanism may result in improper authorization

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by...

7.5CVSS6.9AI score0.0046EPSS
Exploits0References6Affected Software1
Packet Storm News
Packet Storm News
added 2025/08/16 12:0 a.m.3 views

Mitigating Jailbreaks with Intent-Aware LLMs

Despite extensive safety-tuning, large language models LLMs remain vulnerable to jailbreak attacks via adversarially crafted instructions, reflecting a persistent trade-off between safety and task performance. In this work, we propose Intent-FT, a simple and lightweight fine-tuning approach that...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/07/14 12:0 a.m.4 views

Optimal Debiased Inference on Privatized Data Via Indirect Estimation and Parametric Bootstrap

We design a debiased parametric bootstrap framework for statistical inference from differentially private data. Existing usage of the parametric bootstrap on privatized data ignored or avoided handling the effect of clamping, a technique employed by the majority of privacy mechanisms. Ignoring th...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/21 12:0 a.m.7 views

Towards Reliable Forgetting: a Survey on Machine Unlearning Verification, Challenges, and Future Directions

With growing demands for privacy protection, security, and legal compliance e.g., GDPR, machine unlearning has emerged as a critical technique for ensuring the controllability and regulatory alignment of machine learning models. However, a fundamental challenge in this field lies in effectively...

7.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/05/05 12:0 a.m.6 views

The vulnerability of Cobalt Ashlar-Vellum’s software for parametric automated design and 3D modeling lies in its ability to read data beyond the buffer limit in memory, allowing an attacker to execute arbitrary code.

The vulnerability of Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling lies in the reading of data beyond the buffer in memory during the processing of AR format files. Exploiting this vulnerability allows an attacker to execute arbitrary code...

7.8CVSS7.8AI score0.00229EPSS
Exploits0References4Affected Software1
Packet Storm News
Packet Storm News
added 2025/04/28 12:0 a.m.2 views

SILENT: a New Lens on Statistics in Software Timing Side Channels

Cryptographic research takes software timing side channels seriously. Approaches to mitigate them include constant-time coding and techniques to enforce such practices. However, recent attacks like Meltdown 42, Spectre 37, and Hertzbleed 70 have challenged our understanding of what it means for...

7.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/03/13 12:0 a.m.5 views

The vulnerability of the Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling lies in its ability to read data beyond the acceptable range of memory. This allows a malicious actor to execute arbitrary code.

The vulnerability of the Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling lies in the ability to read data beyond the acceptable range in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code within the context of the current process...

7.8CVSS7.7AI score0.003EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/03/13 12:0 a.m.7 views

The vulnerability of Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling lies in its integer overflow vulnerabilities, allowing an attacker to execute arbitrary code.

The vulnerability of the Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling is related to a numerical overflow condition. Exploiting this vulnerability could allow an attacker to execute arbitrary code within the context of the current process...

7.8CVSS7.7AI score0.0026EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/03/13 12:0 a.m.17 views

The vulnerability of Cobalt Ashlar-Vellum’s software-based parametric automated design and 3D modeling capabilities lies in its ability to exploit memory after release, allowing an attacker to execute arbitrary code.

The vulnerability of Cobalt Ashlar-Vellum’s parametric automated design and 3D modeling software lies in its ability to exploit memory after it is freed. Exploiting this vulnerability allows an attacker to execute arbitrary code within the context of the current process...

7.8CVSS7.6AI score0.0029EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/03/13 12:0 a.m.8 views

The vulnerability of Cobalt Ashlar-Vellum’s software for parametric automated design and 3D modeling lies in its integer overflow vulnerabilities, allowing an attacker to execute arbitrary code.

The vulnerability of Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling is related to a numerical overflow condition. Exploiting this vulnerability could allow an attacker to execute arbitrary code within the context of the current process...

7.8CVSS7.6AI score0.0026EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/03/13 12:0 a.m.7 views

The vulnerability of Cobalt Ashlar-Vellum’s software for parametric automated design and 3D modeling lies in buffer overflow attacks in dynamic memory, allowing an attacker to execute arbitrary code.

The vulnerability of the Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling is related to buffer overflow in dynamic memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code within the context of the current process...

7.8CVSS8AI score0.00264EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/03/13 12:0 a.m.5 views

The vulnerability of Cobalt Ashlar-Vellum’s software for parametric automated design and 3D modeling lies in its ability to read data beyond the buffer limit in memory, allowing an attacker to execute arbitrary code.

The vulnerability of Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling lies in the reading of data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code within the context of the current process...

7.8CVSS7.9AI score0.0026EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/03/13 12:0 a.m.7 views

The vulnerability of the Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling lies in errors related to data type mixing, allowing a hacker to execute arbitrary code.

The vulnerability of the Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling is related to errors in data type mixing. Exploiting this vulnerability could allow an attacker to execute arbitrary code within the context of the current process...

7.8CVSS7.6AI score0.0026EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder