Lucene search
K

230 matches found

RedhatCVE
RedhatCVE
added last week6 views

CVE-2026-58203

A flaw was found in the pydantic-settings component. When configured to handle nested secrets, this vulnerability allows an attacker to read sensitive files from outside the designated secrets directory. By placing a specially crafted symbolic link within the secrets directory, an attacker can...

5.3CVSS5.9AI score0.00138EPSS
Exploits0References4
OPENSUSE Linux
OPENSUSE Linux
added 2026/07/09 12:0 a.m.6 views

Security update for transmission (moderate)

openSUSE Security Update: Security update for transmission Announcement ID: openSUSE-SU-2026:0237-1 Rating: moderate References: 1267404 Cross-References: CVE-2026-38978 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description: This...

5.3CVSS6.1AI score0.00305EPSS
Exploits0References1
NVD
NVD
added 2026/07/08 3:16 p.m.7 views

CVE-2026-10706

In Adalo’s no-code app builder, Versions 1 and 2 the attackers may extract full user records and correlate user behavior across multiple applications via dbId enumeration. The platform does not implement data minimization, privacy by design, or implement appropriate technical safeguards, allowing...

7.5CVSS0.00303EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/08 2:6 p.m.6 views

EUVD-2026-42277

In Adalo’s no-code app builder, Versions 1 and 2 the attackers may extract full user records and correlate user behavior across multiple applications via dbId enumeration. The platform does not implement data minimization, privacy by design, or implement appropriate technical safeguards, allowing...

5.9AI score0.00303EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.5 views

PT-2026-56454

Name of the Vulnerable Software and Affected Versions Adalo versions 1 through 2 Description Attackers can extract complete user records and correlate user behavior across multiple applications through the enumeration of the dbId variable. This occurs because the platform lacks data minimization,...

7.5CVSS6AI score0.00303EPSS
Exploits0References5
OSV
OSV
added 2026/07/01 8:32 a.m.3 views

OPENSUSE-SU-2026:21189-1 Security update for transmission

This update for transmission fixes the following issues: Changes in transmission: - CVE-2026-38978: add clickjack safeguards when serving http responses bsc1267404...

5.3CVSS5.9AI score0.00305EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 8:39 a.m.3 views

CVE-2026-53253 Bluetooth: bnep: reject short frames before parsing

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: reject short frames before parsing A BNEP peer can send a short BNEP SDU. bneprxframe reads the packet type byte immediately and, for control packets, reads the control opcode and setup UUID-size byte before...

7.1CVSS5.8AI score0.00274EPSS
Exploits0References10
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 3:13 p.m.10 views

Malicious code in @bytemend/mfebus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3d53776853d18aabf967b0f1882eb45f2164feedd600eeccc927f496002f5e4 The package advertises itself as a small in-memory pubsub library but its main entry dist/index.js eagerly requires dist/bootstrap.js, a 277KB...

6AI score
Exploits0References6
The Hacker News
The Hacker News
added 2026/06/10 7:37 a.m.11 views

Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards

On June 9, Anthropic released Claude Fable 5, the most capable model it has ever made, generally available. It also did something unusual: it shipped one model as two products, split not by capability but by a layer of safety classifiers. Fable 5 goes to the public. Its twin, Claude Mythos 5, the...

8.8CVSS6.6AI score0.01915EPSS
Exploits3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

MCP Security 代码问题漏洞

MCP Security is a security tool developed by the Spring AI Community as an open-source project, designed to provide OAuth 2.0 authorization support for the Spring AI’s MCP protocol. Versions of MCP Security prior to 0.1.9 contained code-related vulnerabilities. These vulnerabilities stemmed from...

7.2CVSS5.8AI score0.00198EPSS
Exploits0References1
hivepro
hivepro
added 2026/05/15 6:26 a.m.16 views

Top Cybersecurity Frameworks Compared

Top Cybersecurity Frameworks Compared: NIST, CIS, and MITRE ATT&CK Security leaders do not need another framework for the sake of paperwork. They need a practical way to decide which cybersecurity frameworks help the business govern risk, harden defenses, and validate whether controls can withsta...

5.9AI score
Exploits0
OSV
OSV
added 2026/05/13 3:17 p.m.2 views

CVE-2026-44432 urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

8.9CVSS6.3AI score0.0068EPSS
Exploits0References50
Vulnrichment
Vulnrichment
added 2026/05/13 3:17 p.m.9 views

CVE-2026-44432 urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

8.9CVSS5.8AI score0.0068EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/11 12:0 a.m.11 views

Re-Triggering Safeguards within LLMs for Jailbreak Detection

This paper proposes a jailbreaking prompt detection method for large language models LLMs to defend against jailbreak attacks. Although recent LLMs are equipped with built-in safeguards, it remains possible to craft jailbreaking prompts that bypass them. We argue that such jailbreaking prompts ar...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/11 12:0 a.m.20 views

Context-Aware Spear Phishing: Generative AI-Enabled Attacks against Individuals Via Public Social Media Data

We demonstrate how publicly available social-media data and generative AI GenAI can be misused to automate and scale highly personalized, context-aware spear-phishing campaigns. With minimal attacker effort, a small amount of public activity per target is sufficient for GenAI models to extract...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/24 6:32 p.m.10 views

CVE-2026-41414

Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...

7.4CVSS5.4AI score0.00281EPSS
Exploits1References3
CVE
CVE
added 2026/04/22 4:9 p.m.20 views

CVE-2026-35376

A TOCTOU vulnerability exists in the chcon utility of uutils coreutils during recursive operations. The code uses a fresh path lookup (fts_accpath) to resolve targets instead of binding traversal and label application to the directory state encountered during traversal, and the operations are not...

5.8CVSS5.8AI score0.00088EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 4:8 p.m.8 views

CVE-2026-35363 uutils coreutils rm Safeguard Bypass via Improper Path Normalization

A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly refuses to delete . or .., it fails to recognize equivalent paths with trailing slashes, such as ./ or .///. An accidental or...

5.6CVSS6AI score0.00166EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.9 views

PT-2026-34499

Name of the Vulnerable Software and Affected Versions uutils coreutils affected versions not specified Description A flaw in the rm utility allows the bypass of safeguard mechanisms designed to protect the current directory. Although the utility prevents the deletion of . or .., it does not...

5.6CVSS6AI score0.00166EPSS
Exploits1References12
The Hacker News
The Hacker News
added 2026/04/15 4:30 a.m.19 views

OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams

OpenAI on Tuesday unveiled GPT-5.4-Cyber , a variant of its latest flagship model, GPT‑5.4, that's specifically optimized for defensive cybersecurity use cases, days after rival Anthropic unveiled its own frontier model, Mythos. "The progressive use of AI accelerates defenders – those responsible...

5.8AI score
Exploits0
Rows per page
Query Builder