Lucene search
K

16733 matches found

The Hacker News
The Hacker News
added 7 hours ago12 views

SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing

Scanners meant to catch malicious add-on "skills" for AI coding agents can be fooled by a few simple changes that leave the malware working, according to a new study from researchers at the Hong Kong University of Science and Technology. Their strongest trick slipped past every scanner tested mor...

6.1AI score
Exploits0
OSV
OSV
added 7 hours ago3 views

OESA-2026-2869 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A...

9.8CVSS6.2AI score0.00595EPSS
Exploits2References46
Nuclei
Nuclei
added 10 hours ago16 views

Google ADK-Python - Unauthenticated Builder Endpoint

Google Agent Development Kit ADK 1.7.0 through 1.28.1 and 2.0.0a1 through 2.0.0a2 on Python OSS, Cloud Run, and GKE contains a code injection and missing authentication vulnerability, letting unauthenticated remote attackers execute arbitrary code on the server, exploit requires no authentication...

10CVSS6.4AI score0.01816EPSS
Exploits0References1
Nuclei
Nuclei
added 10 hours ago12 views

Tandoor Recipes < 1.5.24 - Jinja2 SSTI RCE

Tandoor Recipes 1.5.24 has a Jinja2 SSTI vulnerability that allows command execution via recipe steps. id: CVE-2025-23211 info: name: Tandoor Recipes 1.5.24 - Jinja2 SSTI RCE author: sammiee5311 severity: critical description: | Tandoor Recipes 1.5.24 has a Jinja2 SSTI vulnerability that allows...

9.9CVSS6.1AI score0.03464EPSS
Exploits1References4
Nuclei
Nuclei
added 10 hours ago67 views

Aimhubio Aim Server 3.19.3 - Arbitrary File Overwrite

A vulnerability in the backuprun function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the runhash and repo.path parameters, which can be manipulated to create an...

9.8CVSS7.6AI score0.53394EPSS
Exploits1
GithubExploit
GithubExploit
added yesterday28 views

libextractor-ole2-rce

Stack-Based Buffer Overflow in GNU libextractor ≤ 1.14 OLE2 P...

7AI score
Exploits0
GithubExploit
GithubExploit
added 3 days ago72 views

hf-model-provenance-scanner

hf-model-provenance-scanner !CIhttps://github.com/poojaki...

6.8AI score
Exploits0
SUSE CVE
SUSE CVE
added 3 days ago2 views

SUSE CVE-2026-53346

In the Linux kernel, the following vulnerability has been resolved: rust: arm64: set uwtable llvm module flag for CONFIGUNWINDTABLES Due to a rustc bug 1 the -Cforce-unwind-tables=y flag only emits the uwtable annotation for functions, but not for the module. This means that compiler-generated...

5.8AI score0.00156EPSS
Exploits0References3
GithubExploit
GithubExploit
added 4 days ago43 views

vulconcern

vulconcern vulconcern is a local, read-only auditor for tam...

6.5AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 4 days ago9 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 22, 2026 to June 28, 2026)

Last week, there were 199 vulnerabilities disclosed in 169 WordPress Plugins and 9 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 111 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...

6AI score
Exploits0
Talos Blog
Talos Blog
added 4 days ago4 views

Catan and Mouse

Welcome to this week's edition of the Threat Source newsletter. " I do not know everything; still many things I understand." ― Madeleine L'Engle, A Wrinkle in Time " Don't try to comprehend with your mind. Your minds are very limited. Use your intuition." ― Madeleine L'Engle, A Wind in the Door T...

10CVSS6.2AI score0.0116EPSS
Exploits1
The Hacker News
The Hacker News
added 4 days ago7 views

Identity Lifecycle Management Wasn't Built for AI Agents 

Identity lifecycle management was architected around a person with an employment record, a manager, and a departure date. AI agents have none of those. As autonomous principals proliferate across enterprise environments, the governance model built for humans develops structural blind spots that...

5.9AI score
Exploits0
OSV
OSV
added 4 days ago2 views

MAL-2026-6772 Malicious code in @marketfront/customdealsfeed (npm)

The @marketfront/customdealsfeed package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6.2AI score
Exploits0References2
OSV
OSV
added 4 days ago3 views

UBUNTU-CVE-2026-53346

In the Linux kernel, the following vulnerability has been resolved: rust: arm64: set uwtable llvm module flag for CONFIGUNWINDTABLES Due to a rustc bug 1 the -Cforce-unwind-tables=y flag only emits the uwtable annotation for functions, but not for the module. This means that compiler-generated...

5.7AI score0.00156EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 4 days ago3 views

Linux Distros Unpatched Vulnerability : CVE-2026-53346

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rust: arm64: set uwtable llvm module flag for CONFIGUNWINDTABLES Due to a rustc bug 1 the -Cforce- unwind-tables=y flag only emits the uwtable annotation for...

6AI score0.00156EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago4 views

Malicious code in @marketfront/customdealsfeed (npm)

The @marketfront/customdealsfeed package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6.2AI score
Exploits0References2
Imperva Blog
Imperva Blog
added 5 days ago4 views

Code Injection in Perforce Helix Core (CVE-2026-6902)

Executive Summary In this article, we disclose our latest findings we made on Perforce protocol P4 Helix Core between command line client and server, and reveal how a threat actor could leverage it to conduct attacks. This security issue affects P4 Helix Core before P4 Helix Core 2025.2 Patch 2,...

7.7CVSS6.4AI score0.00449EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago3 views

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed in IBM Business Automation Manager Open Editions 8.0.9-IF0002 Vulnerability Details CVEID:CVE-2026-5598 DESCRIPTION: Covert timing channel vulnerability in Legion of the...

9.9CVSS7.1AI score0.00691EPSS
Exploits0Affected Software1
The Hacker News
The Hacker News
added 5 days ago9 views

Critical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run Commands

Two flaws in Cursor, an AI code editor, could let a single, ordinary-looking prompt break out of the editor's safety sandbox and run any command on a developer's computer. There is no click to fall for and no approval box to ignore. Cato AI Labs found the pair and named them DuneSlide. They are...

9.8CVSS5.9AI score0.00638EPSS
Exploits0
OSV
OSV
added 5 days ago2 views

DEBIAN-CVE-2026-53346

In the Linux kernel, the following vulnerability has been resolved: rust: arm64: set uwtable llvm module flag for CONFIGUNWINDTABLES Due to a rustc bug 1 the -Cforce-unwind-tables=y flag only emits the uwtable annotation for functions, but not for the module. This means that compiler-generated...

5.7AI score0.00156EPSS
Exploits0References1
Rows per page
Query Builder