CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm News•added 2026/05/29 12:0 a.m.•9 views

Improving IoT Intrusion Detection through SMOTE-Based Oversampling and Extended Multi-Model Evaluation on Side-Channel Power Data

The detection of intrusions in IoT-based networks poses challenges that cannot be overcome using traditional machine learning methods. Perhaps the biggest of them is related to the presence of a class imbalance in the side-channel dataset, where the number of samples in the normal class compared ...

Talos Blog•added 2026/05/27 10:0 a.m.•7 views

Introducing EvidenceForge: Synthetic security logs that don’t look (as) fake

Security teams need high-quality, labeled datasets to train threat hunters and incident responders, validate detection logic, and develop robust analytic models. EvidenceForge helps teams overcome the limitations of anonymized or stale public datasets, while avoiding the cost and complexity of...

5.6AI score

AstraLinux•added 2026/05/20 5:53 a.m.•6 views

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: tracing/hist: Fix out-of-bound write on ‘actiondata.varrefidx’ When generating a synthetic event with many parameters and then creating a trace action for it 1, a kernel panic occurred 2. This occurs because in traceactioncreate,...

5.5CVSS5.8AI score0.00017EPSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux, linux-5.10

A flaw was discovered in the Linux kernel’s KVM when attempting to set the SynIC IRQ. This issue allows a malfunctioning VMM to write to the SYNIC/STIMER MSRs, leading to a NULL pointer derefrence error. This flaw enables an unprivileged local attacker on the host to issue specific ioctl calls,...

5.5CVSS6.8AI score0.00027EPSS

Exploits1References2

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: tracing/synthetic: Fixed races when freeing lastcmd. Currently, the “lastcmd” variable can be accessed by multiple processes asynchronously when multiple users manipulate syntheticevents nodes at the same time. This could lead to...

4.7CVSS5.3AI score0.00011EPSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Tracing: Do not register unsupported perf events Synthetic events currently do not have a function to register perf events. This leads to calling the tracepoint register functions with a NULL function pointer, which triggers the...

5.5CVSS5.9AI score0.00033EPSS

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в binutils

A flaw was discovered in Binutils. The thebfd field of the asymbol struct is uninitialized in the bfdmachogetsyntheticsymtab function, which may lead to an application crash and local denial of service...

5.5CVSS5.7AI score0.00024EPSS

Exploits1References2

Positive Technologies•added 2026/05/20 12:0 a.m.•6 views

PT-2026-42174

Name of the Vulnerable Software and Affected Versions Twig versions prior to 3.26.0 Description When a sandbox is enabled selectively via SourcePolicyInterface rather than globally, a sandboxed template permitted to use template from string and include can render an arbitrary inner template witho...

6AI score

Exploits0References6

OSV•added 2026/05/18 9:31 p.m.•3 views

GHSA-2R69-QGV3-HR65 Summarize's hover summary feature allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links

Summarize prior to 0.15.0 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying event trustworthines...

NVD•added 2026/05/18 8:16 p.m.•10 views

Exploits1References7

CVE-2026-45245

7.4CVSS0.00011EPSS

Exploits1References4

EUVD•added 2026/05/18 7:0 p.m.•6 views

EUVD-2026-30795

Cvelist•added 2026/05/18 7:0 p.m.•26 views

Exploits1References4

CVE-2026-45245 Summarize < 0.15.1 Unauthorized Daemon Request via Untrusted Events

7.4CVSS0.00011EPSS

Exploits1References4

ATTACKERKB•added 2026/05/18 7:0 p.m.•6 views

CVE-2026-45245

CVE•added 2026/05/18 7:0 p.m.•6 views

Exploits1References5

CVE-2026-45245

CVE-2026-45245 affects the Summarize extension prior to 0.15.1. A vulnerability in the hover summary feature lets malicious pages dispatch synthetic mouseover events on attacker‑controlled links, causing the extension to issue authenticated daemon requests using stored tokens without verifying ev...

Exploits1References4Affected Software1

Positive Technologies•added 2026/05/18 12:0 a.m.•12 views

PT-2026-41724

Name of the Vulnerable Software and Affected Versions Summarize versions prior to 0.15.1 Description The hover summary feature allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links. This causes the extension to make authenticated daemon requests using stored...

Packet Storm News•added 2026/05/17 12:0 a.m.•9 views

Exploits1References7

LITE-SOC: Lightweight Security Operations Center Simulator for Cybersecurity Education

This innovative practice WIP paper describes LITE-SOC, a lightweight web-based Security Operations Center SOC simulator designed for instructor-led cybersecurity education. SOC analysts must triage large volumes of alerts, separate genuine threats from false positives, and communicate decisions...

Packet Storm News•added 2026/05/16 12:0 a.m.•6 views

Filter-Then-Verify: A Multiphase GNN and ModernBERT Framework for Social Engineering Detection in Email Networks

Social engineering attacks exploit human trust rather than software vulnerabilities, making them difficult to detect using conventional filters. We propose a two-stage filter-then-verify framework combining inductive Graph Neural Networks GNNs for structural anomaly detection with a co-attention...

Microsoft Secure•added 2026/05/12 10:53 p.m.•8 views

Accelerating detection engineering using AI-assisted synthetic attack logs generation

In this article 1. Core Idea: From TTPs to Logs 2. Approaches for Synthetic Attack Log Generation 3. Evaluation Datasets 4. References 5. Learn more Logs and telemetry are the foundation of modern cybersecurity. They enable threat detection, incident response, forensic investigation, and complian...