Lucene search
K

1319 matches found

Packet Storm News
Packet Storm News
added 2026/02/10 12:0 a.m.6 views

When Skills Lie: Hidden-Comment Injection in LLM Agents

LLM agents often rely on Skills to describe available tools and recommended procedures. We study a hidden-comment prompt injection risk in this documentation layer: when a Markdown Skill is rendered to HTML, HTML comment blocks can become invisible to human reviewers, yet the raw text may still b...

5.5AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/02/06 4:32 p.m.3 views

CVE-2026-2058

A flaw has been found in mathurvishal CloudClassroom-PHP-Project up to 5dadec098bfbbf3300d60c3494db3fb95b66e7be. This impacts an unknown function of the file /postquerypublic.php of the component Post Query Details Page. This manipulation of the argument gnamex causes sql injection. The attack is...

7.5CVSS5.2AI score0.00468EPSS
Exploits3References5
GithubExploit
GithubExploit
added 2026/02/04 8:56 a.m.160 views

Ofensive-security

This repository contains my Offensive Cyber Security / Penetrati...

5.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/31 3:21 p.m.7 views

CVE-2026-25050

Vendure is an open-source headless commerce platform. Prior to version 3.5.3, the NativeAuthenticationStrategy.authenticate method is vulnerable to a timing attack that allows attackers to enumerate valid usernames email addresses. In packages/core/src/config/auth/native-authentication-strategy.t...

6.9CVSS5.9AI score0.00364EPSS
Exploits1References1
OSV
OSV
added 2026/01/30 7:35 p.m.6 views

GHSA-6F65-4FV2-WWCH Vendure vulnerable to timing attack that enables user enumeration in NativeAuthenticationStrategy

Summary The NativeAuthenticationStrategy.authenticate method is vulnerable to a timing attack that allows attackers to enumerate valid usernames email addresses. Details In packages/core/src/config/auth/native-authentication-strategy.ts, the authenticate method returns immediately if a user is no...

6.9CVSS5.9AI score0.00364EPSS
Exploits1References5
NVD
NVD
added 2026/01/30 4:16 p.m.7 views

CVE-2026-25050

Vendure is an open-source headless commerce platform. Prior to version 3.5.3, the NativeAuthenticationStrategy.authenticate method is vulnerable to a timing attack that allows attackers to enumerate valid usernames email addresses. In packages/core/src/config/auth/native-authentication-strategy.t...

6.9CVSS0.00364EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/01/30 3:11 p.m.4 views

CVE-2026-25050 Vendure vulnerable to timing attack that enables user enumeration in NativeAuthenticationStrategy

Vendure is an open-source headless commerce platform. Prior to version 3.5.3, the NativeAuthenticationStrategy.authenticate method is vulnerable to a timing attack that allows attackers to enumerate valid usernames email addresses. In packages/core/src/config/auth/native-authentication-strategy.t...

6.9CVSS5.9AI score0.00364EPSS
Exploits1References2
EUVD
EUVD
added 2026/01/30 3:11 p.m.7 views

EUVD-2026-5025

Vendure is an open-source headless commerce platform. Prior to version 3.5.3, the NativeAuthenticationStrategy.authenticate method is vulnerable to a timing attack that allows attackers to enumerate valid usernames email addresses. In packages/core/src/config/auth/native-authentication-strategy.t...

6.9CVSS5.9AI score0.00364EPSS
Exploits1References2
CVE
CVE
added 2026/01/30 3:11 p.m.20 views

CVE-2026-25050

Vendure CVE-2026-25050 describes a timing-attack vulnerability in the NativeAuthenticationStrategy.authenticate() method. Before version 3.5.3, authentication returns immediately when a user is not found, while a real user triggers bcrypt password verification, creating a measurable timing differ...

6.9CVSS5.9AI score0.00364EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/18 12:0 a.m.8 views

PT-2026-3399

A security vulnerability has been detected in lwj flow up to a3d2fe8133db9d3b50fda4f66f68634640344641. This affects the function uploadFile of the file flow-masterflow-front-restsrcmainjavacomdragonflowwebresourceflowFormResource.java of the component SVG File Handler. The manipulation of the...

6.5CVSS6.7AI score0.00224EPSS
Exploits0References5
Malwarebytes
Malwarebytes
added 2026/01/12 5:3 a.m.7 views

Enshittification is ruining everything online (Lock and Code S07E01)

This week on the Lock and Code podcast … There's a bizarre thing happening online right now where everything is getting worse. Your Google results have become so bad that you’ve likely typed what you’re looking for, plus the word “Reddit,” so you can find discussion from actual humans. If you...

7.1AI score
Exploits0
EUVD
EUVD
added 2025/12/31 4:3 p.m.4 views

EUVD-2025-206019

Missing Authorization vulnerability in Strategy11 Team Tasty Recipes Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tasty Recipes Lite: from n/a through 1.1.5...

4.3CVSS6.5AI score0.00199EPSS
Exploits0References2
Wired Threat Level
Wired Threat Level
added 2025/12/31 10:0 a.m.3 views

Discovering the Dimensions of a New Cold War

The United States’ plan for dealing with Putin’s Russia and Xi’s China remains ill-defined among a shifting global order. That must change...

7AI score
Exploits0
HackRead
HackRead
added 2025/12/28 10:42 a.m.7 views

When Risk Is Fragmented, Strategy Suffers

Risk fragmentation remains one of the most overlooked barriers to effective business performance. It doesn’t show up all…...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/28 12:0 a.m.8 views

EquaCode: A Multi-Strategy Jailbreak Approach for Large Language Models Via Equation Solving and Code Completion

Large language models LLMs, such as ChatGPT, have achieved remarkable success across a wide range of fields. However, their trustworthiness remains a significant concern, as they are still susceptible to jailbreak attacks aimed at eliciting inappropriate or harmful responses. However, existing...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/27 12:0 a.m.10 views

From Rookie to Expert: Manipulating LLMs for Automated Vulnerability Exploitation in Enterprise Software

LLMs democratize software engineering by enabling non-programmers to create applications, but this same accessibility fundamentally undermines security assumptions that have guided software engineering for decades. We show in this work how publicly available LLMs can be socially engineered to...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/23 12:0 a.m.11 views

SemCovert: Secure and Covert Video Transmission Via Deep Semantic-Level Hiding

Video semantic communication, praised for its transmission efficiency, still faces critical challenges related to privacy leakage. Traditional security techniques like steganography and encryption are challenging to apply since they are not inherently robust against semantic-level transformations...

6.9AI score
Exploits0
HackRead
HackRead
added 2025/12/18 12:35 p.m.8 views

Why Organizations Need to Modify Their Cybersecurity Strategy for 2026

Cybersecurity planning continues to advance as organisations integrate new software, cloud platforms, and digital tools into nearly every…...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/18 12:0 a.m.11 views

Security Risks of Agentic Vehicles: A Systematic Analysis of Cognitive and Cross-Layer Threats

Agentic AI is increasingly being explored and introduced in both manually driven and autonomous vehicles, leading to the notion of Agentic Vehicles AgVs, with capabilities such as memory-based personalization, goal interpretation, strategic reasoning, and tool-mediated assistance. While framework...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/14 12:0 a.m.6 views

One Leak Away: How Pretrained Model Exposure Amplifies Jailbreak Risks in Finetuned LLMs

Finetuning pretrained large language models LLMs has become the standard paradigm for developing downstream applications. However, its security implications remain unclear, particularly regarding whether finetuned LLMs inherit jailbreak vulnerabilities from their pretrained sources. We investigat...

7AI score
Exploits0
Rows per page
Query Builder