Lucene search
K

37 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Firefox, Thunderbird

Security policy violation events could have revealed cross-origin information due to violations of frame-ancestor rules. This vulnerability affects Firefox ESR versions earlier than 91.5, Firefox versions earlier than 96, and Thunderbird versions earlier than 91.5...

6.5CVSS6.6AI score0.00646EPSS
Exploits0References1
OSV
OSV
added 2026/06/19 6:17 a.m.4 views

ALPINE-CVE-2026-56131

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur similar to the CVE-2026-50219 situation...

4.9CVSS5.8AI score0.00102EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 2:56 a.m.11 views

EUVD-2026-37976

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur similar to the CVE-2026-50219 situation...

5.9CVSS5.2AI score0.00218EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

VMware Spring Web Services 安全漏洞

VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are security vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from the...

8.2CVSS5.3AI score0.00229EPSS
Exploits0References1
Microsoft Secure
Microsoft Secure
added 2026/06/09 5:35 p.m.12 views

Reconstructing AI activity in investigations

AI systems are now part of everyday work. Investigators need a consistent way to reconstruct what happened within them. Security teams are already investigating activity involving Microsoft 365 Copilot and Azure AI services—from prompt injection attempts to unexpected data access. Those signals a...

5.4AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/06/09 5:35 p.m.28 views

Reconstructing AI activity in investigations

AI systems are now part of everyday work. Investigators need a consistent way to reconstruct what happened within them. Security teams are already investigating activity involving Microsoft 365 Copilot and Azure AI services—from prompt injection attempts to unexpected data access. Those signals a...

5.5AI score
Exploits0
NVD
NVD
added 2026/06/04 6:16 a.m.11 views

CVE-2026-50219

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,...

5.9CVSS0.00218EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.7 views

libexpat 资源管理错误漏洞

libexpat is a streaming XML parser written in C language by the libexpat team. Versions of libexpat prior to 2.8.2 contained a resource management vulnerability. This vulnerability stemmed from insufficient deep tracking during the processing of policy violations, where calls to functions such as...

5.9CVSS5.3AI score0.00218EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/29 12:0 a.m.8 views

LoLLMs 授权问题漏洞

LoLLMs is a large language and multimodal system developed by Saifeddine ALOUI. Versions of LoLLMs 2.2.0 and earlier contained an authorization vulnerability. This vulnerability stemmed from the lack of mandatory authentication for the/api/files/extract-text endpoint, which could lead to...

9.8CVSS7.1AI score0.0043EPSS
Exploits1References3
Packet Storm News
Packet Storm News
added 2025/07/28 12:0 a.m.2 views

Security Challenges in AI Agent Deployment: Insights from a Large Scale Public Competition

Recent advances have enabled LLM-powered AI agents to autonomously execute complex tasks by combining language model reasoning with tools, memory, and web access. But can these systems be trusted to follow deployment policies in realistic environments, especially under attack? To investigate, we...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/14 12:0 a.m.4 views

SOSBENCH: Benchmarking Safety Alignment on Scientific Knowledge

Large language models LLMs exhibit advancing capabilities in complex tasks, such as reasoning and graduate-level question answering, yet their resilience against misuse, particularly involving scientifically sophisticated risks, remains underexplored. Existing safety benchmarks typically focus...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/16 12:48 p.m.16 views

Google Blocked 5.1B Harmful Ads and Suspended 39.2M Advertiser Accounts in 2024

Google on Wednesday revealed that it suspended over 39.2 million advertiser accounts in 2024, with a majority of them identified and blocked by its systems before it could serve harmful ads to users. In all, the tech giant said it stopped 5.1 billion bad ads, restricted 9.1 billion ads, and block...

7.2AI score
Exploits0
Securelist
Securelist
added 2024/10/29 2:0 p.m.9 views

Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses

Introduction Organizations often rely on a layered defense strategy, yet breaches still occur, slipping past multiple levels of protection unnoticed. This is where compromise assessment enters the game. The primary objective of these services is risk reduction. They help discover active...

7.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2024/10/01 9:3 a.m.27 views

Moderate: Red Hat Security Advisory: RHACS 4.5 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes RHACS. The updated image includes security and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which give...

7.5CVSS6.7AI score0.00812EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2024/04/29 5:7 p.m.15 views

Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023

Google on Monday revealed that almost 200,000 app submissions to its Play Store for Android were either rejected or remediated to address issues with access to sensitive data such as location or SMS messages over the past year. The tech giant also said it blocked 333,000 bad accounts from the app...

7.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2023/12/13 1:49 p.m.13 views

Are HTTP Content-Security-Policy (CSP) Headers Sufficient to Secure Your Client Side?

Modern web frameworks have shifted business logic from the server side to the client side web browser, enhancing performance, flexibility, and user experience. However, this move introduces security and privacy concerns, as exposing sensitive logic and data can lead to vulnerabilities like code...

7.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/09/23 1:0 p.m.13 views

SaaS Eliminates Barriers to Applying Security Controls to Your Entire AWS and Azure Data Repository

Businesses today widely regard data as “the new oil,” the most valuable resource on earth. At the same time, we are in the midst of the most dynamic IT landscape in history which is increasing the risk to this most valuable asset. Organizations, without sufficiently skilled staff to effectively...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2022/04/27 12:9 p.m.18 views

Google's New Safety Section Shows What Data Android Apps Collect About Users

Google on Tuesday officially began rolling out a new "Data safety" section for Android apps on the Play Store to highlight the type of data being collected and shared with third-parties. "Users want to know for what purpose their data is being collected and whether the developer is sharing user...

7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2022/01/12 12:8 p.m.2 views

Mozilla: Leaking cross-origin URLs through securitypolicyviolation event

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations...

6.5CVSS7.3AI score0.00646EPSS
Exploits0References4
Rapid7 Blog
Rapid7 Blog
added 2021/11/19 3:0 p.m.18 views

Make Room for Cloud Security in Your 2022 Budget

Are you thinking about cloud security when making your 2022 budget? You should be. Cloud is the key to innovation and business transformation. It can make life so much easier. The cloud enables companies to expand their products or services, rapidly develop new products, and reach new customers. ...

6.7AI score
Exploits0
Rows per page
Query Builder