CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm News•added 2026/05/10 12:0 a.m.•2 views

MonitoringBench: Semi-Automated Red-Teaming for Agent Monitoring

We introduce a red-teaming methodology that exposes harder-to-catch attacks for coding-agent monitors, suggesting that current practices may under-elicit attacks and overstate monitor performance. We identify three challenges with current red-teaming. First, mode collapse in attack generation,...

5.9AI score

RedhatCVE•added 2026/04/25 7:22 a.m.•2 views

CVE-2026-41197

Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compatible proving system, and Brillig is the bytecode ACIR uses for non-determinism. Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA...

9.3CVSS5.3AI score0.00019EPSS

NVD•added 2026/04/23 2:16 a.m.•1 views

CVE-2026-41197

9.3CVSS0.00019EPSS

Vulnrichment•added 2026/04/23 12:35 a.m.•1 views

CVE-2026-41197 Brillig: Heap corruption in foreign call results with nested tuple arrays

9.3CVSS5.7AI score0.00019EPSS

CVE•added 2026/04/23 12:35 a.m.•7 views

CVE-2026-41197

CVE-2026-41197 concerns Brillig/Noir: a bug in allocate_foreign_call_result_array when handling nested arrays (e.g., [(u32,u32);3]) during foreign calls. The code discards inner element types and uses the semantic length of the nested array, yielding under-allocation of semi-flattened size for co...

9.3CVSS5.7AI score0.00019EPSS

Cvelist•added 2026/04/23 12:35 a.m.•34 views

CVE-2026-41197 Brillig: Heap corruption in foreign call results with nested tuple arrays

9.3CVSS0.00019EPSS

Positive Technologies•added 2026/04/21 12:0 a.m.•1 views

PT-2026-34235

Description Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA instructions are processed block-by-block in BrilligBlock::compile block. When the compiler encounters an Instruction::Call with a Value::ForeignFunction target, it invokes...

9.3CVSS5.8AI score0.00019EPSS

Exploits0References7

Packet Storm News•added 2026/04/17 12:0 a.m.•3 views

A Practical Semi-Quantum Signature Protocol with Improved Eavesdropping Detection

Semi-quantum signature SQS schemes aim to enable quantum signature functionality in scenarios where only a subset of participants possess full quantum capabilities, thereby improving practical deployability while preserving quantum security advantages. Within this framework, we present a practica...

5.8AI score

Packet Storm News•added 2026/03/30 12:0 a.m.•0 views

Label-Efficient Training Updates for Malware Detection over Time

Machine Learning ML-based detectors are becoming essential to counter the proliferation of malware. However, common ML algorithms are not designed to cope with the dynamic nature of real-world settings, where both legitimate and malicious software evolve. This distribution drift causes models...

5.9AI score

PyPA•added 2026/03/12 5:16 p.m.•7 views

PYSEC-2026-118

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data ingestion feature accepts user-supplied URLs without validation and uses the Axios HTTP client with its default configuration allowAbsoluteUrls: true...

7.7CVSS5.9AI score0.00044EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/03/12 5:0 p.m.•21 views

CVE-2026-21887 OpenCTI has a Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature

7.7CVSS0.00044EPSS

OSV•added 2026/03/12 5:0 p.m.•3 views

CVE-2026-21887 OpenCTI has a Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature

7.7CVSS5.9AI score0.00044EPSS

Exploits0References3

Vulnrichment•added 2026/03/12 5:0 p.m.•1 views

CVE-2026-21887 OpenCTI has a Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature

7.7CVSS5.8AI score0.00044EPSS

EUVD•added 2026/03/12 5:0 p.m.•1 views

EUVD-2026-11599

7.7CVSS5.8AI score0.00044EPSS

Positive Technologies•added 2026/03/12 12:0 a.m.•3 views

PT-2026-25009

7.7CVSS5.8AI score0.00044EPSS

Snyk•added 2026/03/06 7:14 a.m.•2 views

Malicious Package

Overview @douinfe/semi-icons is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score

Packet Storm News•added 2026/03/03 12:0 a.m.•3 views

Gravity Falls: A Comparative Analysis of Domain-Generation Algorithm (DGA) Detection Methods for Mobile Device Spearphishing

Mobile devices are frequent targets of eCrime threat actors through SMS spearphishing smishing links that leverage Domain Generation Algorithms DGA to rotate hostile infrastructure. Despite this, DGA research and evaluation largely emphasize malware C2 and email phishing datasets, leaving limited...

6AI score

Packet Storm News•added 2026/02/09 12:0 a.m.•1 views

Exploring Semantic Labeling Strategies for Third-Party Cybersecurity Risk Assessment Questionnaires

Third-Party Risk Assessment TPRA is a core cybersecurity practice for evaluating suppliers against standards such as ISO/IEC 27001 and NIST. TPRA questionnaires are typically drawn from large repositories of security and compliance questions, yet tailoring assessments to organizational needs...

5.5AI score

Packet Storm News•added 2026/02/05 12:0 a.m.•2 views

Semi-Device-Independent Quantum Random Number Generator Resistant to General Attacks

Quantum random number generators QRNGs produce true random numbers based on the inherent randomness of quantum theory, rendering them a foundational segment of quantum cryptography. Distinguished from trusted-device QRNGs whose security depends on characterized devices, semi-device-independent...

5.5AI score