Lucene search
K

825 matches found

EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2025-210388

Picklescan before 0.0.25 fails to detect unsafe global functions in the Numpy library, allowing attackers to bypass static analysis and execute arbitrary code during deserialization. Attackers can craft malicious pickle files using numpy.testing.private.utils.runstring within the reduce method to...

7.6CVSS6.1AI score0.00552EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.22 views

CVE-2025-71355 Picklescan - Arbitrary Code Execution via Unsafe Numpy Function Detection Bypass

Picklescan before 0.0.25 fails to detect unsafe global functions in the Numpy library, allowing attackers to bypass static analysis and execute arbitrary code during deserialization. Attackers can craft malicious pickle files using numpy.testing.private.utils.runstring within the reduce method to...

7.6CVSS0.00552EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 4:29 p.m.4 views

CVE-2026-52987 drm/amdgpu: avoid double drm_exec_fini() in userq validate

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid double drmexecfini in userq validate When newaddition is true, amdgpuuserqvmvalidate calls drmexecfini&exec before iterating over the collected HMM ranges and calling amdgputtmttgetuserpages. If...

7.8CVSS5.8AI score0.00131EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: media: adv7842: Avoid possible out-of-bounds array accesses in adv7842cplogstatus It is possible for cpread and hdmiread to return -EIO. These values are further used as indexes to access arrays. The issue was fixed by checking t...

7.1CVSS5.9AI score0.00117EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: A memory leak has been fixed in amdgpuacpienumeratexcc. In amdgpuacpienumeratexcc, if amdgpuacpidevinit returns -ENOMEM, the function returns directly without releasing the allocated xccinfo. This results in a memory...

5.5CVSS5.8AI score0.00162EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: A memory leak was fixed in amdgpurasinit. When amdgpunbiorasswinit fails in amdgpurasinit, the function returns directly without freeing the allocated con structure, resulting in a memory leak. This issue was fixed by...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: pinctrl: A single issue was addressed: fixing the refcount leak in pcsadd gpiofunc. The function ofparsephandlewithargs returns a devicenode pointer whose refcount is incremented in gpiospec.np. The loop iterates through all...

5.5CVSS5.8AI score0.00156EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: md/raid1: A memory leak was fixed in raid1run. raid1run calls setupconf, which registers a thread via mdregisterthread. If raid1setlimits fails, the previously registered thread remains unregistered, resulting in a memory leak of...

5.5CVSS5.8AI score0.00155EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/06/10 12:0 a.m.12 views

ClickFix HTML Static Detector

This script is a lightweight static analysis tool designed to identify HTML pages that exhibit patterns commonly associated with ClickFix-style social engineering campaigns...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/10 12:0 a.m.19 views

Can Open-Source LLM Agents Replace Static Application Security Testing Tools? an Empirical Assessment

This paper explores the value of agentic AI tools for cybersecurity purposes. We evaluate the efficacy of a general-purpose GenAI Large Language Model- GenAI- based agent when powered by three different Ollama-hosted general-purpose open source models. We assess each agent's performance using...

5.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/08 11:53 a.m.20 views

The Hardest Fork

Mythos is real. I know a big chunk of the industry thinks it's a marketing stunt, and I get why. I get it. But I've seen the findings, and they're bad. These aren't "whoops, this line right here is wrong, and that's RCE." They're novel combinations of a few dozen issues out of thousands of things...

5.6AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/08 6:19 a.m.71 views

janus-security-platform

Agentic Security Platform Payments-domain SAST + autonomous P...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/05 12:0 a.m.25 views

MOLOT System Card: Malicious Operational Logic Observation Transformer

MOLOT Malicious Operational Logic Observation Transformer is a static malicious-code detection system designed for SAST setup where package metadata, maintainer history, and dynamic execution traces may be unavailable or unreliable. The system represents source code as behavior sequences derived...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/04 12:0 a.m.10 views

angr 9.2.221

angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic "concolic" analysis, providing tools to solve a variety of tasks...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/03 12:0 a.m.35 views

Description-Code Inconsistency in Real-World MCP Servers: Measurement, Detection, and Security Implications

The Model Context Protocol MCP has emerged as a critical standard empowering Large Language Models LLMs to utilize external tools. In this ecosystem, LLMs rely on natural language descriptions provided by MCP servers to select and execute functions. This interaction implicitly assumes that tool...

6AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/02 8:36 a.m.96 views

multi-layered-security-assessment

Advanced Network Attack and Defense: Multi-Layered Assessment...

7.2CVSS7.2AI score0.83524EPSS
Exploits82
Packet Storm News
Packet Storm News
added 2026/06/02 12:0 a.m.9 views

Don't Trust Us: A Privacy-By-Design Android Malware Detection Pipeline

Android malware detection increasingly relies on collecting and processing sensitive user data, including device identifiers, network artifacts, and runtime traces, while privacy is too often treated as a secondary concern. Existing privacy-aware approaches typically enforce privacy after data...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/02 12:0 a.m.12 views

angr 9.2.220

angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic "concolic" analysis, providing tools to solve a variety of tasks...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/31 12:0 a.m.36 views

ClawHub Security Signals: When VirusTotal, Static Analysis, and SkillSpector Disagree

Agent skills extend AI agents with reusable instructions, tools, scripts, references, and workflows, establishing a security boundary distinct from both model safety and traditional package-malware detection. ClawHub Security Signals is a sanitized dataset of 67,453 latest public OpenClaw skill...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/29 12:0 a.m.16 views

How to Compare the Security of Code Written by Humans to LLM-Generated Code

Large language models LLMs are rapidly transforming how software is created and maintained. Comparing LLM-generated code against human-written standards is essential to determine whether these new tools uphold or erode the security baselines established by professional developers. Yet, we lack a...

5.9AI score
Exploits0
Rows per page
Query Builder