MAL-2026-3102 Malicious code in semantic_search_client (crates.io)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2495e4537e60cafc5bc13f96987b82749fce367078ee036e3e4fb4421b5bdf4c The OpenSSF Package Analysis project identified 'semantic-search-client' @ 99.0.1 crates.io as malicious. It is considered malicious because: -...

Malicious code in semantic_search_client (crates.io)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2495e4537e60cafc5bc13f96987b82749fce367078ee036e3e4fb4421b5bdf4c The OpenSSF Package Analysis project identified 'semantic-search-client' @ 99.0.1 crates.io as malicious. It is considered malicious because: -...

EUVD-2026-9988

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, the URL ingest pipeline accepted user-controlled remote URLs with incomplete destination restrictions. Although private/local host checks existed, missing...

PT-2026-23642

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, some endpoints returned raw exception strings to clients. Additionally, login token material was exposed in UI/rendered responses and token rotation output. This...

PT-2026-21331

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below, use non-atomic and insufficiently synchronized local JSON persistence flows, potentially causing concurrent operations to lose updates or corrupt local state...

SecureBERT 2.0: Advanced Language Model for Cybersecurity Intelligence

Effective analysis of cybersecurity and threat intelligence data demands language models that can interpret specialized terminology, complex document structures, and the interdependence of natural language and source code. Encoder-only transformer architectures provide efficient and robust...

CLIProv: a Contrastive Log-To-Intelligence Multimodal Approach for Threat Detection and Provenance Analysis

With the increasing complexity of cyberattacks, the proactive and forward-looking nature of threat intelligence has become more crucial for threat detection and provenance analysis. However, translating high-level attack patterns described in Tactics, Techniques, and Procedures TTP intelligence...

SAMEP: a Secure Protocol for Persistent Context Sharing across AI Agents

Current AI agent architectures suffer from ephemeral memory limitations, preventing effective collaboration and knowledge sharing across sessions and agent boundaries. We introduce SAMEP Secure Agent Memory Exchange Protocol, a novel framework that enables persistent, secure, and semantically...

pgai 信息泄露漏洞

pgai is a set of tools open-sourced by timescale to make it easier to develop RAG, semantic search, and other AI applications using PostgreSQL. An information disclosure vulnerability exists in pgai, which stems from a vulnerability that allows an attacker to steal all secrets in a workflow...

DECE Software Geodi Security Vulnerability

DECE Software Geodi is DECE Software's semantic search, GIS and discovery platform based on artificial intelligence and natural language processing. A security vulnerability exists in DECE Software Geodi versions prior to 8.0.0.27396 that stems from the presence of a behavioral workflow execution...

ROPGenerator - Tool That Helps You Building ROP Exploits By Finding And Chaining Gadgets Together

ROPGenerator is a tool that makes ROP exploits easy. It enables you to automatically find gadgets or build ROP chains. The current version supports x86 and x64 binaries. Overview ROPGenerator uses the tool ROPgadget https://github.com/JonathanSalwan/ROPgadget to extract gadgets from binaries and...

Ropper - Display Information About Files In Different File Formats And You Can Find Gadgets To Build Rop Chains For Different Architectures (X86/X86_64, ARM/ARM64, MIPS, PowerPC)

You can use ropper to display information about binary files in different file formats and you can search for gadgets to build rop chains for different architectures x86/X8664, ARM/ARM64, MIPS/MIPS64, PowerPC. For disassembly ropper uses the awesome Capstone Framework. NOTE: I recommend to use th...