Lucene search
K

110881 matches found

OSV
OSV
added 2026/05/12 3:40 a.m.9 views

MAL-2026-3589 Malicious code in nextmove-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware df7f916a0e0b35995c3bb3ad68e6686d75a52472172d505eee44bf060e54c105 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
GithubExploit
GithubExploit
added 2026/05/12 2:29 a.m.81 views

esql-injection-poc

ES|QL Source-Index Injection — Remote Exploitation PoC Targ...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/05/12 1:32 a.m.9 views

[SECURITY] Fedora 43 Update: chromium-148.0.7778.96-1.fc43

Chromium is an open-source web browser, powered by WebKit Blink...

9.6CVSS5.8AI score0.00383EPSS
Exploits0
Fedora
Fedora
added 2026/05/12 12:49 a.m.15 views

[SECURITY] Fedora 44 Update: firefox-150.0.1-1.fc44

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.9 views

PT-2026-40461

Name of the Vulnerable Software and Affected Versions Claris FileMaker Cloud versions prior to 2.22.0.5 Description A Remote Code Execution issue allows a user with Admin Console privileges to inject arbitrary operating system commands. This occurs due to unsanitized input within the External ODB...

7.2CVSS6AI score0.00457EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

Syft 安全漏洞

Syft is an open-source remote data analysis tool developed by OpenMined, designed for protecting data privacy. Versions of Syft 0.9.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed from inadequate validation of Python code submitted by users and insufficient sandbox...

9.8CVSS6.2AI score0.00631EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/05/12 12:0 a.m.83 views

CTFusion: A CTF-Based Benchmark for LLM Agent Evaluation

Recent advances in Large Language Models LLMs have enabled agentic systems for complex, multi-step tasks; cybersecurity is emerging as a prominent application. To evaluate such agents, researchers widely adopt Capture The Flag CTF benchmarks. However, current CTF benchmarks reuse existing...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability, which was caused by a side-channel information leakage issue in the Navigation component. This vulnerability could allow remote attackers to leak...

4.3CVSS5.8AI score0.00187EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-40082

Name of the Vulnerable Software and Affected Versions kubectl-mcp-server versions prior to 1.2.1 Description A command injection issue allows unauthenticated attackers to execute arbitrary system commands on a victim system. This can be achieved by injecting shell metacharacters into unsanitized...

9.8CVSS6.1AI score0.00578EPSS
Exploits0References9
CVE
CVE
added 2026/05/12 12:0 a.m.15 views

CVE-2025-65719

Affected software: Open Source Kubectl MCP Server v1.1.1. Issue: A vulnerability allows attackers to execute arbitrary code on a victim system via a crafted HTML page. What is known: Documented across multiple sources (NVD, EUVD, CVE listing) with the same description. No explicit root cause, aff...

9.8CVSS6.2AI score0.00578EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability. This vulnerability stemmed from insufficient network policy execution, which could allow remote attackers to leak cross-source data through specially craft...

3.1CVSS5.8AI score0.0016EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/05/12 12:0 a.m.12 views

Secure (Multiple) Key-Cast over Networks: Multiple Eavesdropping Nodes

We study the secure multiple key-cast problem over noiseless networks under node-based eavesdroppers, where one or more source nodes participate in the generation of distinct secret keys to be shared among designated terminal subsets, while an eavesdropper observing up to $\ell$ nodes, including...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.7 views

Pocket ID 授权问题漏洞

Pocket ID is an open-source OIDC identity provider that supports no-password authentication. Versions of Pocket ID prior to 2.6.0 had an authorization vulnerability. This vulnerability stemmed from the createTokenFromRefreshToken function not revalidating the user’s current authorization status,...

8.5CVSS5.7AI score0.00247EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.14 views

PT-2026-40426

Name of the Vulnerable Software and Affected Versions pyLoad affected versions not specified Description An authenticated attacker with administrative privileges can achieve account takeover by stealing session files of other users. The issue arises because the software fails to block the storage...

6.5CVSS5.8AI score0.00234EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

superduper 安全漏洞

Superduper is an open-source database integration AI proxy and application building tool developed by superduper.io. Versions of Superduper prior to v0.10.0 contained security vulnerabilities. These vulnerabilities stemmed from the Parseoppart function in the query parsing component, which used t...

8.8CVSS6.1AI score0.00405EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.13 views

PT-2026-40468

Name of the Vulnerable Software and Affected Versions Flowsint versions prior to 1.2.3 Description Flowsint is an open-source OSINT graph exploration tool used for cybersecurity investigation, transparency, and verification. A broken access control issue allows an adversary who knows an...

2.3CVSS5.8AI score0.0017EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability. This vulnerability stemmed from insufficient policy execution by the ViewTransitions component, which could allow remote attackers to exploit the...

4.3CVSS5.9AI score0.0018EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/05/12 12:0 a.m.19 views

IPI-Proxy: An Intercepting Proxy for Red-Teaming Web-Browsing AI Agents against Indirect Prompt Injection

Web-browsing AI agents are increasingly deployed in enterprise settings under strict whitelists of approved domains, yet adversaries can still influence them by embedding hidden instructions in the HTML pages those domains serve. Existing red-teaming resources fall short of this scenario:...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

lemur 注入漏洞

Lemur is an open-source TLS certificate management tool developed by Netflix, Inc. Versions of Lemur prior to 1.9.0 contained a injection vulnerability. This vulnerability stemmed from the LDAP authentication module using uncleaned user input to construct LDAP search filters, which could lead to...

8.1CVSS5.8AI score0.00179EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.16 views

PT-2026-40469

Name of the Vulnerable Software and Affected Versions Warpgate versions prior to 0.23.3 Description The SSO flow fails to validate the state parameter. This allows an attacker to trick a user into logging into an account controlled by the attacker, which could lead the user to perform sensitive...

5.8CVSS5.8AI score0.00133EPSS
Exploits1References4
Rows per page
Query Builder