Lucene search
K

804 matches found

Imperva Blog
Imperva Blog
added 2026/05/06 9:39 a.m.9 views

API Security Operations: How to Move from Visibility to Measurable Risk Reduction

A five-level operating model for turning API security visibility into measurable risk reduction, faster remediation, and confident digital growth — without slowing development. What is API security operationalization? API security operationalization is the process of converting API discovery and...

5.9AI score
Exploits0
NVD
NVD
added 2026/05/05 8:16 p.m.8 views

CVE-2026-34527

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high nibble of each byte is shifted right by 8 instead of 4, which always produces zero for an 8-bit...

5.3CVSS0.00091EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/05 7:33 p.m.8 views

CVE-2026-34527 Sandboxie-Plus EditPassword hash entropy reduced from 160 bits to 80 bits due to incorrect nibble extraction

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high nibble of each byte is shifted right by 8 instead of 4, which always produces zero for an 8-bit...

2CVSS5.7AI score0.00091EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/05 7:33 p.m.7 views

EUVD-2026-27466

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high nibble of each byte is shifted right by 8 instead of 4, which always produces zero for an 8-bit...

2CVSS5.7AI score0.00091EPSS
Exploits0References1
CVE
CVE
added 2026/05/05 7:33 p.m.16 views

CVE-2026-34527

CVE-2026-34527 affects Sandboxie-Plus for Windows (versions 1.17.2 and earlier). The vulnerability arises in SbieIniServer::HashPassword, where the high nibble of each SHA-1 digest byte is extracted incorrectly (shifted by 8 instead of 4). This causes the stored EditPassword hash to preserve only...

5.3CVSS5.7AI score0.00091EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/05 7:33 p.m.30 views

CVE-2026-34527 Sandboxie-Plus EditPassword hash entropy reduced from 160 bits to 80 bits due to incorrect nibble extraction

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high nibble of each byte is shifted right by 8 instead of 4, which always produces zero for an 8-bit...

2CVSS0.00091EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/05 8:25 a.m.90 views

Automation-Exploit-Legacy

Automation-Exploit Legacy Prototype This repository contain...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

Sandboxie-Plus 安全漏洞

Sandboxie-Plus is a sandbox isolation software developed by Sandboxie-Plus Inc. Versions of Sandboxie-Plus prior to 1.17.2 contained a security vulnerability. This vulnerability stemmed from the HashPassword function, which incorrectly shifted the high half-bits 8 positions to the right instead o...

5.3CVSS5.8AI score0.00091EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.8 views

PT-2026-37230

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high nibble of each byte is shifted right by 8 instead of 4, which always produces zero for an 8-bit...

2CVSS5.7AI score0.00091EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.13 views

PT-2026-37249

Affected Version: OpenMage LTS ≤ 20.16.0 confirmed on 20.16.0 Affected File: https://github.com/OpenMage/magento-lts/blob/main/app/code/core/Mage/Api/Model/Session.php – start method Summary The XML-RPC / SOAP API session ID is generated using an outdated, time-based construction rather than a...

9.3CVSS5.8AI score0.00267EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2026/05/01 10:30 a.m.7 views

Top Five Sales Challenges Costing MSPs Cybersecurity Revenue

The managed security services market is projected to grow from $38.31 billion in 2025 to $69.16 billion by 20301, with cybersecurity being the fastest-growing sector2. Despite this opportunity, many MSPs leave revenue on the table because their go-to-market strategy fails to connect technical...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/30 12:0 a.m.8 views

How Code Representation Shapes False-Positive Dynamics in Cross-Language LLM Vulnerability Detection

How code representation format shapes false positive behaviour in cross-language LLM vulnerability detection remains poorly understood. We systematically vary training intensity and code representation format, comparing raw source text with pruned Abstract Syntax Trees at both training time and...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/29 11:30 a.m.9 views

What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)

Every security team has a version of the same story. The quarter ends with hundreds of vulnerabilities closed. The dashboards are bursting with green. Then someone in a leadership meeting asks: "So, are we actually safer now?" Crickets. The room goes quiet because an honest answer requires contex...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/28 12:0 a.m.8 views

Towards Agentic Investigation of Security Alerts

Security analysts are overwhelmed by the volume of alerts and the low context provided by many detection systems. Early-stage investigations typically require manual correlation across multiple log sources, a task that is usually time-consuming. In this paper, we present an experimental, agentic...

5.8AI score
Exploits0
RustSec
RustSec
added 2026/04/27 12:0 p.m.11 views

AVX2 Implementation Did Not Fully Reduce Intermediate Values

The AVX2 implementation of ML-DSA did not fully reduce intermediate inputs to the inverse NTT, which leads to a testable difference in panic behaviour of internal functions compared to the portable implementation. Impact We are not aware of inputs to the public key generation, signing or...

5.8AI score
Exploits0Affected Software1
Packet Storm News
Packet Storm News
added 2026/04/27 12:0 a.m.10 views

Machine-Checked Cardinality Bounds for Masked Barrett Reduction: A 1-Bit Side-Channel Leakage Barrier in Post-Quantum Cryptographic Hardware

Barrett reduction is the nonlinear core of every practical NTT-based post-quantum cryptography implementation. Existing composition frameworks ISW, t-SNI, PINI, DOM address Boolean masking over GF2; none provides a machine-checked characterization of Barrett's leakage under first-order arithmetic...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/27 12:0 a.m.8 views

RowHammer Vulnerability Counter (RVC): Redefining RowHammer Detection with Victim-Centric Tracking

The Rowhammer vulnerability poses an increasing challenge with newer generations of DRAM and aggressive technology scaling. Existing mitigation techniques, such as Graphene, Twice, and Hydra, primarily rely on tracking activation counts for each row and issuing refreshes when a row reaches a...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/26 12:0 a.m.7 views

Unity Linux 20.1060a Security Update: kernel (UTSA-2026-014347)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014347 advisory. In the Linux kernel, the following vulnerability has been resolved: netem: Update sch-q.qlen before qdisctreereducebacklog qdisctreereducebacklog notifies parent qdi...

7.8CVSS6.6AI score0.00275EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/04/25 12:0 a.m.6 views

Scalable and Verifiable Federated Learning for Cross-Institution Financial Fraud Detection

The global financial ecosystem confronts a critical asymmetry: while fraud syndicates operate as borderless, distributed networks, banking institutions remain constrained by regulatory data silos, limiting visibility into cross-institutional threat patterns under strict privacy laws such as GDPR...

5.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2026/04/22 5:12 p.m.27 views

Don’t Wait for a Patch. Mitigate RedSun Zero-Day Risk in Microsoft Defender Today

Key Takeaways RedSun is a critical zero-day vulnerability in Microsoft Defender that allows low-privileged users to gain SYSTEM access No patch is currently available, leaving all Defender-enabled Windows systems potentially exposed Qualys VMDR detects affected assets instantly QID 92382 TruRisk...

5.7AI score
Exploits0
Rows per page
Query Builder