Lucene search
+L

708 matches found

CNNVD
CNNVD
added 2026/05/12 12:0 a.m.15 views

JunoClaw 操作系统命令注入漏洞

JunoClaw is a decentralized AI proxy platform developed by Dragonmonk111. Versions prior to JunoClaw 0.x.y-security-1 contained an operating system command injection vulnerability. This vulnerability stemmed from a substring blacklist in the plugin-shell command security check, which could be...

8.4CVSS5.8AI score0.00171EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/11 3:29 p.m.4 views

Improperly Implemented Security Check for Standard

Overview Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard due to improper verification of UE Security Capabilities in the PathSwitchRequest messages. An attacker can alter stored security capabilities for any user equipment by sending a crafte...

6.1CVSS5.3AI score0.00148EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.21 views

PT-2026-38625

Name of the Vulnerable Software and Affected Versions python-utcp versions prior to 1.1.3 Description The utcp-http plugin is subject to a blind Server-Side Request Forgery SSRF, a flaw where an attacker can induce the server to make requests to an unintended location. This occurs due to a...

4.7CVSS5.8AI score0.00168EPSS
Exploits0References10
Packet Storm News
Packet Storm News
added 2026/05/07 12:0 a.m.15 views

ClawGuard: Out-Of-Band Detection of LLM Agent Workflow Hijacking Via EM Side Channel

Autonomous LLM agents face a critical security risk known as workflow hijacking, where attackers subtly alter tool and skill invocations. Existing defenses rely on host-internal telemetry such as audit logs, which can be forged if the host OS is compromised. To solve this, we introduce ClawGuard,...

5.8AI score
Exploits0
NVD
NVD
added 2026/04/24 3:16 p.m.8 views

CVE-2026-31634

In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix reference count leak in rxrpcserverkeyring This patch fixes a reference count leak in rxrpcserverkeyring by checking if rx-securities is already set...

5.5CVSS0.00129EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/04/24 2:44 p.m.39 views

CVE-2026-31634 rxrpc: fix reference count leak in rxrpc_server_keyring()

In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix reference count leak in rxrpcserverkeyring This patch fixes a reference count leak in rxrpcserverkeyring by checking if rx-securities is already set...

0.00129EPSS
Exploits0References8
CVE
CVE
added 2026/04/14 3:13 p.m.16 views

CVE-2026-2404

CVE-2026-2404 describes an input handling flaw (CWE-116) where improper encoding/escaping of output can lead to log injection and forged logs when an attacker alters the POST /j_security check request payload. The description confirms a network-exposed vector (AV:N) with no user interaction requi...

6.9CVSS5.8AI score0.00186EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/04/08 3:4 p.m.7 views

Improperly Implemented Security Check for Standard

Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard via the sortnatural and sort filters, which bypass the iownPropertyOnly security...

8.7CVSS5.8AI score0.00403EPSS
Exploits1References2
CVE
CVE
added 2026/04/06 7:9 p.m.14 views

CVE-2026-35181

CVE-2026-35181 affects WWBN AVideo prior to 29.x. The endpoint admin/playerUpdate.json.php does not validate CSRF tokens, and the ORM security check excludes the plugins table via ignoreTableSecurityCheck(), removing the remaining defense. Coupled with SameSite=None cookies, an authenticated admi...

4.3CVSS5.9AI score0.00134EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.6 views

PT-2026-30285

Severity: Medium CWE: CWE-352 Cross-Site Request Forgery Summary The player skin configuration endpoint at admin/playerUpdate.json.php does not validate CSRF tokens. The plugins table is explicitly excluded from the ORM's domain-based security check via ignoreTableSecurityCheck, removing the only...

4.3CVSS6AI score0.00134EPSS
Exploits1References4
OSV
OSV
added 2026/04/01 8:54 p.m.8 views

GHSA-HQXF-MHFW-RC44 AVideo: CSRF on Plugin Enable/Disable Endpoint Allows Disabling Security Plugins

Summary The AVideo endpoint objects/pluginSwitch.json.php allows administrators to enable or disable any installed plugin. The endpoint checks for an active admin session but does not validate a CSRF token. Additionally, the plugins database table is explicitly listed in ignoreTableSecurityCheck,...

6.5CVSS6AI score0.00201EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2026/03/16 12:0 a.m.7 views

Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2026-1361)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.2AI score0.00129EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2026/03/16 12:0 a.m.10 views

Fedora: Security Advisory (FEDORA-2026-88c901f6a2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS5.8AI score0.01535EPSS
Exploits0References3
Huntr
Huntr
added 2026/03/05 1:20 p.m.8 views

NLTK Data Module - Arbitrary File Read via Dead Security Check

This report is not public...

5.3AI score
Exploits0
Snyk
Snyk
added 2026/03/04 9:30 p.m.2 views

Improperly Implemented Security Check for Standard

Overview fickling is an A static analyzer and interpreter for Python pickle data Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard in the alwayschecksafety function. An attacker can execute arbitrary code by supplying a malicious pickle payload...

10CVSS6.1AI score
Exploits0References2
Malwarebytes
Malwarebytes
added 2026/03/02 8:1 a.m.26 views

A week in security (February 23 – March 1)

Last week on Malwarebytes Labs: Public Google API keys can be used to expose Gemini AI data Inside a fake Google security check that becomes a browser RAT Fake Zoom and Google Meet scams install Teramind: A technical deep dive How to understand and avoid Advanced Persistent Threats The Conduent...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2026/02/14 12:0 a.m.6 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of a security check before reading the DMA buffer. This vulnerability may lead to null pointer...

5.5CVSS6AI score0.001EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/09 6:23 p.m.4 views

Improperly Implemented Security Check for Standard

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard due to improper verification if an Identity Provider IdP i...

8.8CVSS5.6AI score0.00449EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/07 1:13 p.m.6 views

CVE-2026-24931

Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

5.9CVSS5.2AI score0.00102EPSS
Exploits0References1
OSV
OSV
added 2026/02/06 9:15 a.m.5 views

CVE-2026-24931

Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

5.5CVSS5.8AI score0.00102EPSS
Exploits0References2
Rows per page
Query Builder