Lucene search
K

35 matches found

NVD
NVD
added 2026/06/19 9:17 p.m.8 views

CVE-2026-49295

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in decodercontext::processreferencepictureset libde265/decctx.cc:1376. The root cause is a missing aggregate bound check on predicted...

7.1CVSS0.00227EPSS
Exploits1References2
CVE
CVE
added 2026/06/19 8:9 p.m.24 views

CVE-2026-49295

CVE-2026-49295 affects libde265. Before version 1.0.20, crafted H.265 bitstreams can trigger an out-of-bounds write in decoder_context::process_reference_picture_set() due to a missing aggregate bound check on predicted short-term reference picture set entries; while individual list sizes are che...

7.1CVSS5.9AI score0.00227EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/19 8:9 p.m.6 views

CVE-2026-49295

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in decodercontext::processreferencepictureset libde265/decctx.cc:1376. The root cause is a missing aggregate bound check on predicted...

7.1CVSS5.9AI score0.00227EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2026/06/19 8:9 p.m.6 views

CVE-2026-49295

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in decodercontext::processreferencepictureset libde265/decctx.cc:1376. The root cause is a missing aggregate bound check on predicted...

7.1CVSS5.9AI score0.00227EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/06/16 6:59 p.m.17 views

n8n: NoSQL Injection in MongoDB Node Find And Replace Operation

Impact An authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before being passed to MongoDB as a query filter, allowing unintended documents to be matched and overwritten with...

7.7CVSS5.3AI score0.0026EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/01 11:17 p.m.8 views

CVE-2026-31773

A flaw was found in the Linux kernel's Bluetooth Security Manager Protocol SMP. The system incorrectly labels a Short Term Key STK as authenticated during legacy pairing, even when Man-in-the-Middle MITM protection was not established. This misrepresentation of the key's authentication status cou...

8.8CVSS5.8AI score0.00282EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/01 2:15 p.m.7 views

CVE-2026-31773

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: derive legacy responder STK authentication from MITM state The legacy responder path in smprandom currently labels the stored STK as authenticated whenever pendingseclevel is BTSECURITYHIGH. That reflects what the...

8.8CVSS5.7AI score0.00282EPSS
Exploits0References9Affected Software1
Debian CVE
Debian CVE
added 2026/05/01 2:15 p.m.5 views

CVE-2026-31773

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: derive legacy responder STK authentication from MITM state The legacy responder path in smprandom currently labels the stored STK as authenticated whenever pendingseclevel is BTSECURITYHIGH. That reflects what the...

8.8CVSS5.7AI score0.00282EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.10 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the STK authentication status in the Bluetooth SMP protocol not correctly reflecting the MITM status, which...

8.8CVSS5.8AI score0.00282EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 6:6 p.m.21 views

CVE-2026-33720

n8n (open source workflow automation) has a vulnerability in pre-2.8.0 where setting N8N_SKIP_AUTH_ON_OAUTH_CALLBACK=true causes the OAuth callback to skip ownership verification of the OAuth state. An attacker can trick a victim into completing an OAuth flow for a credential the attacker control...

6.3CVSS5.8AI score0.0018EPSS
Exploits0References1Affected Software1
Packet Storm News
Packet Storm News
added 2026/03/20 12:0 a.m.9 views

Memory Poisoning and Secure Multi-Agent Systems

Memory poisoning attacks for Agentic AI and multi-agent systems MAS have recently caught attention. It is partially due to the fact that Large Language Models LLMs facilitate the construction and deployment of agents. Different memory systems are being used nowadays in this context, including...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/08 12:0 a.m.4 views

Learning the APT Kill Chain: Temporal Reasoning over Provenance Data for Attack Stage Estimation

Advanced Persistent Threats APTs evolve through multiple stages, each exhibiting distinct temporal and structural behaviors. Accurate stage estimation is critical for enabling adaptive cyber defense. This paper presents StageFinder, a temporal graph learning framework for multi-stage attack...

5.8AI score
Exploits0
OSV
OSV
added 2026/02/25 9:23 p.m.7 views

GHSA-JJPJ-P2WH-QF23 n8n has a Sandbox Escape in its JavaScript Task Runner

Impact An authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary. On instances using internal Task Runners default runner mode, this could result in full compromise...

9.4CVSS6.2AI score0.00596EPSS
Exploits0References7
Malwarebytes
Malwarebytes
added 2026/01/12 5:3 a.m.5 views

Enshittification is ruining everything online (Lock and Code S07E01)

This week on the Lock and Code podcast … There's a bizarre thing happening online right now where everything is getting worse. Your Google results have become so bad that you’ve likely typed what you’re looking for, plus the word “Reddit,” so you can find discussion from actual humans. If you...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/01 12:0 a.m.6 views

AI-Driven Cybersecurity Testbed for Nuclear Infrastructure: Comprehensive Evaluation Using METL Operational Data

Advanced nuclear reactor systems face increasing cybersecurity threats as sophisticated attackers exploit cyber-physical interfaces to manipulate control systems while evading traditional IT security measures. This research presents a comprehensive evaluation of artificial intelligence approaches...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/22 12:0 a.m.6 views

Think Fast: Real-Time IoT Intrusion Reasoning Using IDS and LLMs at the Edge Gateway

As the number of connected IoT devices continues to grow, securing these systems against cyber threats remains a major challenge, especially in environments with limited computational and energy resources. This paper presents an edge-centric Intrusion Detection System IDS framework that integrate...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/12 12:0 a.m.10 views

A Graph-Attentive LSTM Model for Malicious URL Detection

Malicious URLs pose significant security risks as they facilitate phishing attacks, distribute malware, and empower attackers to deface websites. Blacklist detection methods fail to identify new or obfuscated URLs because they depend on pre-existing patterns. This work presents a hybrid deep...

7AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-41771

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.02938EPSS
Exploits0References12
Packet Storm News
Packet Storm News
added 2025/06/06 12:0 a.m.6 views

SDN-Based False Data Detection with Its Mitigation and Machine Learning Robustness for In-Vehicle Networks

As the development of autonomous and connected vehicles advances, the complexity of modern vehicles increases, with numerous Electronic Control Units ECUs integrated into the system. In an in-vehicle network, these ECUs communicate with one another using an standard protocol called Controller Are...

7.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 1:24 a.m.9 views

CVE-2022-25838

Laravel Fortify before 1.11.1 allows reuse within a short time window, thus calling into question the "OT" part of the "TOTP" concept...

8.1CVSS6.8AI score0.00931EPSS
Exploits0References1
Rows per page
Query Builder