Lucene search
K

279 matches found

OSV
OSV
added 2026/06/26 10:49 p.m.3 views

GHSA-M34P-749J-X6M6 js-toml has silent type confusion via falsy-primitive duplicate-key bypass

Summary js-toml's interpreter checks whether a key already exists in a parser-built container with if objectkey instead of if key in object. When the prior value is a falsy primitive — false, 0, 0n, 0.0, -0, or "" — the duplicate-key branch is skipped and the value is silently overwritten by a...

5.3CVSS5.8AI score
Exploits0References2
Fedora
Fedora
added 2026/06/23 1:9 a.m.8 views

[SECURITY] Fedora 44 Update: thorvg-1.0.6-1.fc44

ThorVG is an open-source graphics library designed for creating vector-based scenes and animations. It combines immense power with remarkable lightweight efficiency, as Thor embodies a dual meaning=E2=80=94symbolizing both thundero us strength and lightning-fast agility. Embracing the philosophy ...

4.3CVSS5.8AI score0.00235EPSS
Exploits0
Snyk
Snyk
added 2026/06/19 8:47 p.m.7 views

Unprotected Transport of Credentials

Overview CoreWCF.Primitives is a port of the service side of Windows Communication Foundation WCF to .NET Core. The goal of this project is to enable existing WCF services to move to .NET Core. Affected versions of this package are vulnerable to Unprotected Transport of Credentials through the...

9.1CVSS5.9AI score0.00175EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 8:47 p.m.5 views

Improper Verification of Cryptographic Signature

Overview CoreWCF.Primitives is a port of the service side of Windows Communication Foundation WCF to .NET Core. The goal of this project is to enable existing WCF services to move to .NET Core. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature vi...

10CVSS5.9AI score0.00246EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/19 8:47 p.m.9 views

Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

Overview CoreWCF.Primitives is a port of the service side of Windows Communication Foundation WCF to .NET Core. The goal of this project is to enable existing WCF services to move to .NET Core. Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiati...

6.9CVSS5.8AI score0.00157EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/19 8:47 p.m.6 views

Insufficient Session Expiration

Overview CoreWCF.Primitives is a port of the service side of Windows Communication Foundation WCF to .NET Core. The goal of this project is to enable existing WCF services to move to .NET Core. Affected versions of this package are vulnerable to Insufficient Session Expiration due to the TryAdd...

8.2CVSS5.9AI score0.00268EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/19 8:46 p.m.6 views

Improper Verification of Cryptographic Signature

Overview CoreWCF.Primitives is a port of the service side of Windows Communication Foundation WCF to .NET Core. The goal of this project is to enable existing WCF services to move to .NET Core. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature...

8.2CVSS5.9AI score0.00238EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 11:47 p.m.9 views

CVE-2026-46545 nimiq-primitives: Panic DoS in trie chunk processing via ROOT-keyed item

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote, unauthenticated denial-of-service vulnerability in MerkleRadixTrie::putchunk allows any state-sync peer to crash any node performing state...

7.5CVSS5.2AI score0.00339EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 11:47 p.m.25 views

CVE-2026-46545

Summary: CVE-2026-46545 affects the Nimiq core-rs-albatross project (MerkleRadixTrie::put_chunk) and causes a remote, unauthenticated denial-of-service by a malicious state-sync peer sending a ROOT-keyed item in a ResponseChunk; upon put_raw attempting to store at the root, it panics with RootCan...

7.5CVSS5.4AI score0.00339EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 11:44 p.m.35 views

CVE-2026-46539 nimiq-primitives: BlockInclusionProof interlink issue when hops are empty

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a logic flaw in BlockInclusionProof::isblockproven causes the function to return true without performing any cryptographic verification when getinterlinkhops...

5.9CVSS0.0015EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 11:44 p.m.23 views

CVE-2026-46539

CVE-2026-46539 affects Nimiq (Rust, Albatross-based PoS). Prior to 1.4.0, a logic flaw in BlockInclusionProof::is_block_proven returns true without cryptographic verification when get_interlink_hops yields an empty hop list, specifically for the target block at the election block position immedia...

5.9CVSS5.4AI score0.0015EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/06/04 12:0 a.m.28 views

ExploitBench AI Exploit Benchmark Tool

ExploitBench measures how far AI agents climb, from reaching vulnerable code, to triggering the bug, to building exploit primitives, to arbitrary code execution...

6.1AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/30 6:16 p.m.137 views

cyanide

Cyanide By @zeroxjf — an iOS...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/30 12:0 a.m.30 views

Benchmarking Security Risk Detection and Verification in Open Agentic Skill Ecosystems

Open agent platforms allow community contributors to publish reusable skills that agents can invoke at runtime. This extensibility also creates a supply-chain risk: malicious contributors can hide harmful behavior inside skills that appear benign under superficial inspection. However, existing...

5.9AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/21 7:50 p.m.7 views

nimiq-account (>=0.1.0 <=0.2.0), nimiq-accounts (>=0.1.0 <=0.2.0) +15 more potentially affected by CVE-2026-46545 via nimiq-primitives (>=0.1.0 <=0.2.0)

nimiq-primitives CARGO version =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2026-46545 Source advisory: OSV:GHSA-MW3Q-R9WH-H2FF...

7.5CVSS5.5AI score0.00339EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/21 7:38 p.m.7 views

nimiq-account (>=0.1.0 <=0.2.0), nimiq-accounts (>=0.1.0 <=0.2.0) +15 more potentially affected by CVE-2026-46539 via nimiq-primitives (>=0.1.0 <=0.2.0)

nimiq-primitives CARGO version =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2026-46539 Source advisory: OSV:GHSA-799F-29JM-GR6C...

5.9CVSS5.5AI score0.0015EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/13 12:0 a.m.96 views

ExploitBench: A Capability Ladder Benchmark for LLM Cybersecurity Agents

Exploitation is not a binary event. It is a ladder of acquiring progressive capabilities, from executing a single buggy line of code to taking full control of the target. However, existing LLM security benchmarks treat a crash as exploitation success. That single binary outcome collapses the hard...

6.4AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/11 7:40 p.m.13 views

SandboxJS has a sandbox escape via Function.caller leakage of internal call op

Summary Sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That callback can then be invoked with attacker-controlled fake context and obj values to extract blocked host statics, recover the real host Function...

10CVSS6.1AI score0.00472EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.14 views

PT-2026-39892

Name of the Vulnerable Software and Affected Versions SandboxJS versions prior to 0.9.6 Description Sandbox-defined functions expose the Function.caller property, which allows sandboxed code to recover the internal LispType.Call runtime callback. An attacker can invoke this callback using forged...

10CVSS6.1AI score0.00472EPSS
Exploits1References12
Fedora
Fedora
added 2026/04/25 1:55 a.m.5 views

[SECURITY] Fedora 44 Update: python-cryptography-46.0.7-1.fc44

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers...

9.8CVSS4.5AI score0.00652EPSS
Exploits0
Rows per page
Query Builder