Lucene search
+L

153 matches found

CNNVD
CNNVD
added 2026/04/23 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from a permission escalation vulnerability in the chat.send endpoint, allowing gatekeepers with write...

8.8CVSS5.8AI score0.00209EPSS
Exploits0References1
Schneier on Security
Schneier on Security
added 2026/04/16 9:41 a.m.9 views

Human Trust of AI Agents

Interesting research: "Humans expect rationality and cooperation from LLM opponents in strategic games." Abstract: As Large Language Models LLMs integrate into our social and economic interactions, we need to deepen our understanding of how humans respond to LLMs opponents in strategic settings. ...

5.8AI score
Exploits0
OSV
OSV
added 2026/04/08 7:21 p.m.5 views

GHSA-F292-66H9-FPMF PraisonAI Has Unauthenticated SSE Event Stream that Exposes All Agent Activity in A2U Server

The A2U Agent-to-User event stream server in PraisonAI exposes all agent activity without authentication. This is a separate component from the gateway server fixed in CVE-2026-34952. The createa2uroutes function registers the following endpoints with NO authentication checks: - GET /a2u/info —...

7.5CVSS5.8AI score0.00425EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.6 views

Stop Fixating on Prompts: Reasoning Hijacking and Constraint Tightening for Red-Teaming LLM Agents

With the widespread application of LLM-based agents across various domains, their complexity has introduced new security threats. Existing red-team methods mostly rely on modifying user prompts, which lack adaptability to new data and may impact the agent's performance. To address the challenge,...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.5 views

From Incomplete Architecture to Quantified Risk: Multimodal LLM-Driven Security Assessment for Cyber-Physical Systems

Cyber-physical systems often contend with incomplete architectural documentation or outdated information resulting from legacy technologies, knowledge management gaps, and the complexity of integrating diverse subsystems over extended operational lifecycles. This architectural incompleteness...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/04/06 6:55 p.m.121 views

VulnHive-AI

Pentest Agent AI-powered penetration testing agent using Clau...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/04/06 6:55 p.m.122 views

pentest-agent

Pentest Agent AI-powered penetration testing agent using Clau...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/05 12:0 a.m.6 views

Towards Unveiling Vulnerabilities of Large Reasoning Models in Machine Unlearning

Large language models LLMs possess strong semantic understanding, driving significant progress in data mining applications. This is further enhanced by large reasoning models LRMs, which provide explicit multi-step reasoning traces. On the other hand, the growing need for the right to be forgotte...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/04 12:0 a.m.10 views

SecPI: Secure Code Generation with Reasoning Models Via Security Reasoning Internalization

Reasoning language models RLMs are increasingly used in programming. Yet, even state-of-the-art RLMs frequently introduce critical security vulnerabilities in generated code. Prior training-based approaches for secure code generation face a critical limitation that prevents their direct applicati...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/04 12:0 a.m.3 views

Automating Cloud Security and Forensics through a Secure-By-Design Generative AI Framework

As cloud environments become increasingly complex, cybersecurity and forensic investigations must evolve to meet emerging threats. Large Language Models LLMs have shown promise in automating log analysis and reasoning tasks, yet they remain vulnerable to prompt injection attacks and lack forensic...

5.9AI score
Exploits0
Snyk
Snyk
added 2026/03/31 11:57 p.m.8 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the chat.send process. An attacker can persist verbose output for future sessions and expose additional internal reasoning or tool output by leveraging...

7.1CVSS5.9AI score0.00209EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/03/28 12:0 a.m.5 views

Red-MIRROR: Agentic LLM-Based Autonomous Penetration Testing with Reflective Verification and Knowledge-Augmented Interaction

Web applications remain the dominant attack surface in cybersecurity, where vulnerabilities such as SQL injection, XSS, and business logic flaws continue to cause significant data breaches. While penetration testing is effective for identifying these weaknesses, traditional manual approaches are...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/28 12:0 a.m.41 views

Finding Memory Leaks in C/C++ Programs Via Neuro-Symbolic Augmented Static Analysis

Memory leaks remain prevalent in real-world C/C++ software. Static analyzers such as CodeQL provide scalable program analysis but frequently miss such bugs because they cannot recognize project-specific custom memory-management functions and lack path-sensitive control-flow modeling. We present...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/26 12:0 a.m.6 views

Beyond Content Safety: Real-Time Monitoring for Reasoning Vulnerabilities in Large Language Models

Large language models LLMs increasingly rely on explicit chain-of-thought CoT reasoning to solve complex tasks, yet the safety of the reasoning process itself remains largely unaddressed. Existing work on LLM safety focuses on content safety--detecting harmful, biased, or factually incorrect...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/23 12:0 a.m.16 views

STRIATUM-CTF: A Protocol-Driven Agentic Framework for General-Purpose CTF Solving

Large Language Models LLMs have demonstrated potential in code generation, yet they struggle with the multi-step, stateful reasoning required for offensive cybersecurity operations. Existing research often relies on static benchmarks that fail to capture the dynamic nature of real-world...

5.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2026/03/17 3:0 p.m.8 views

The New Era of Application Security: Reasoning-Based Agents, Runtime Reality, and Risk Intelligence

Key Takeaways AI reasoning systems improve vulnerability detection in source code, but do not address the full spectrum of application security risk. Modern application security must account for APIs, runtime environments, and externally exposed assets beyond the source repository. Continuous...

6.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/16 12:0 a.m.35 views

Uncovering Security Threats and Architecting Defenses in Autonomous Agents: A Case Study of OpenClaw

The rapid evolution of Large Language Models LLMs into autonomous, tool-calling agents has fundamentally altered the cybersecurity landscape. Frameworks like OpenClaw grant AI systems operating-system-level permissions and the autonomy to execute complex workflows. This level of access creates...

6.1AI score
Exploits0
GithubExploit
GithubExploit
added 2026/03/10 7:34 a.m.122 views

pentesting-writeups

🔐 Pentesting Writeups Personal penetration testing document...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/09 12:0 a.m.5 views

OSS-CRS: Liberating AIxCC Cyber Reasoning Systems for Real-World Open-Source Security

DARPA's AI Cyber Challenge AIxCC showed that cyber reasoning systems CRSs can go beyond vulnerability discovery to autonomously confirm and patch bugs: seven teams built such systems and open-sourced them after the competition. Yet all seven open-sourced CRSs remain largely unusable outside their...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/03/05 9:26 p.m.162 views

BDO-Ontology

🧠 OntologyLab !Python 3.11+https://img.shields.io/badge/P...

5.9AI score
Exploits0
Rows per page
Query Builder