Lucene search
K

79241 matches found

Redos
Redos
added 2026/05/24 12:0 a.m.9 views

ROS-20260524-73-0058

Vulnerability in golang-x-crypto related to the use of insufficiently randomized values. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

5.9CVSS6.9AI score0.03437EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/05/16 12:37 p.m.99 views

Exploit for Server-Side Request Forgery in Apache Axis

Axis1.4 CVE-2019-0227 Remote Command Execution Vulnerability E...

7.5CVSS7.3AI score0.86503EPSS
Exploits7
Packet Storm News
Packet Storm News
added 2026/05/13 12:0 a.m.68 views

ExploitBench: A Capability Ladder Benchmark for LLM Cybersecurity Agents

Exploitation is not a binary event. It is a ladder of acquiring progressive capabilities, from executing a single buggy line of code to taking full control of the target. However, existing LLM security benchmarks treat a crash as exploitation success. That single binary outcome collapses the hard...

6.4AI score
Exploits0
OSV
OSV
added 2026/05/12 7:44 a.m.5 views

MAL-2026-3666 Malicious code in 01-0redi7qgbz0uv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ceb633970757ab5d5ee0b64512c18d46be8402ac2169769101655a697ee5d6d the analysis found that this package has a garbage randomized name '01-0redi7qgbz0uv', empty description, placeholder test script, and an index.js th...

5.9AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 3:5 p.m.6 views

CVE-2026-41584

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-chain version 6.0.2, Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity a "zero"...

9.2CVSS5.7AI score0.00268EPSS
Exploits0References2Affected Software1
Packet Storm News
Packet Storm News
added 2026/04/22 12:0 a.m.10 views

Towards Certified Malware Detection: Provable Guarantees against Evasion Attacks

Machine learning-based static malware detectors remain vulnerable to adversarial evasion techniques, such as metamorphic engine mutations. To address this vulnerability, we propose a certifiably robust malware detection framework based on randomized smoothing through feature ablation and targeted...

5.8AI score
Exploits0
Talos Blog
Talos Blog
added 2026/04/16 10:0 a.m.7 views

PowMix botnet targets Czech workforce

Cisco Talos discovered an ongoing malicious campaign, operating since at least December 2025, affecting a broader workforce in the Czech Republic with a previously undocumented botnet we call "PowMix." PowMix employs randomized command-and-control C2 beaconing intervals, rather than persistent...

6.5AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/21 12:42 a.m.5 views

CVE-2026-32053 OpenClaw < 2026.2.23 - Twilio Webhook Replay Bypass via Randomized Event ID Normalization

OpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio webhook event deduplication where normalized event IDs are randomized per parse, allowing replay events to bypass manager dedupe checks. Attackers can replay Twilio webhook events to trigger duplicate or stale call-state...

6.9CVSS5.8AI score0.00337EPSS
Exploits0References3
CVE
CVE
added 2026/03/21 12:42 a.m.16 views

CVE-2026-32053

CVE-2026-32053 affects OpenClaw versions prior to 2026.2.23. The root cause is a flaw in Twilio webhook event deduplication, where normalized event IDs are randomized per parse, allowing replayed webhook events to bypass dedupe checks. This can cause duplicate or stale call-state transitions, lea...

6.9CVSS5.8AI score0.00337EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/03 7:16 p.m.2 views

GHSA-VQX8-9XXW-F2M7 OpenClaw's voice-call Twilio webhook replay could bypass manager dedupe because normalized event IDs were randomized per parse

Impact Twilio webhook replay events could bypass voice-call manager dedupe because normalized event IDs were randomized per parse. A replayed event could be treated as new and trigger duplicate or stale call-state transitions. Affected Packages / Versions - Package: openclaw npm - Vulnerable...

6.9CVSS5.9AI score0.00337EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/02/26 12:0 a.m.3 views

RandSet: Randomized Corpus Reduction for Fuzzing Seed Scheduling

Seed explosion is a fundamental problem in fuzzing seed scheduling, where a fuzzer maintains a huge corpus and fails to choose promising seeds. Existing works focus on seed prioritization but still suffer from seed explosion since corpus size remains huge. We tackle this from a new perspective:...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/30 12:0 a.m.6 views

RPP: A Certified Poisoned-Sample Detection Framework for Backdoor Attacks under Dataset Imbalance

Deep neural networks are highly susceptible to backdoor attacks, yet most defense methods to date rely on balanced data, overlooking the pervasive class imbalance in real-world scenarios that can amplify backdoor threats. This paper presents the first in-depth investigation of how the dataset...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/23 12:0 a.m.7 views

SemCovert: Secure and Covert Video Transmission Via Deep Semantic-Level Hiding

Video semantic communication, praised for its transmission efficiency, still faces critical challenges related to privacy leakage. Traditional security techniques like steganography and encryption are challenging to apply since they are not inherently robust against semantic-level transformations...

6.9AI score
Exploits0
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.4 views

WordPress plugin WebP Express 信息泄露漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WebP Express, which stem...

5.3CVSS5.6AI score0.00266EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/11/17 12:0 a.m.7 views

Randomized Controlled Trials for Phishing Triage Agent

Security operations centers SOCs face a persistent challenge: efficiently triaging a high volume of user-reported phishing emails while maintaining robust protection against threats. This paper presents the first randomized controlled trial RCT evaluating the impact of a domain-specific AI agent ...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/11/16 12:0 a.m.4 views

Fedora 43 : bind9-next (2025-b68f7f541d)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b68f7f541d advisory. Update to 9.21.14 rhbz2394406 Security Fixes: - DNSSEC validation fails if matching but invalid DNSKEY is found. CVE-2025-8677 - Address various...

8.6CVSS6.7AI score0.1096EPSS
Exploits1References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.5 views

Malicious code in isostasy-loopback-docusaurus-inflation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 797720d1b8288c7e2626da0beb9bf3b04fce2db05038749d1edb8dae27d74f6f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in zeta-beta-secure-secure-load (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d93a5c435de2671bef333672da04229cac813381b0a6af0485bceb971f387c84 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.8 views

Malicious code in nextjs-shelljs-centaurus-singularity (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c55363b3a5905f100f53657d0b726caa73dfb097b64c18ebd0409751dc343854 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.7 views

Malicious code in table-old-sun-await-decode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fff252c7519516e755af569d60b67bb3cbe754fc47400f464b2f0a3628ac9d4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
Rows per page
Query Builder