Lucene search
K

528 matches found

Github Security Blog
Github Security Blog
added 2026/01/21 4:19 p.m.9 views

go-tuf improperly validates the configured threshold for delegations

Security Disclosure: Improper validation of configured threshold for delegations Summary A compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. Impact Unathorized modification to TUF metadata...

7.5CVSS5.5AI score0.00196EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/01/21 4:19 p.m.5 views

GHSA-FPHV-W9FQ-2525 go-tuf improperly validates the configured threshold for delegations

Security Disclosure: Improper validation of configured threshold for delegations Summary A compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. Impact Unathorized modification to TUF metadata...

5.9CVSS5.6AI score0.00196EPSS
Exploits0References5
CBLMariner
CBLMariner
added 2026/01/20 9:41 p.m.5 views

CVE-2025-69195 affecting package wget for versions less than 2.1.0-7

CVE-2025-69195 affecting package wget for versions less than 2.1.0-7. A patched version of the package is available...

8.8CVSS5.5AI score0.00291EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.12 views

PT-2026-3904

Name of the Vulnerable Software and Affected Versions go-tuf versions 2.0.0 through 2.3.0 Description go-tuf, a Go implementation of The Update Framework TUF, is susceptible to a condition where a compromised or misconfigured repository can have signature thresholds set to 0. This effectively...

8.8CVSS5.2AI score0.00308EPSS
Exploits1References331
CBLMariner
CBLMariner
added 2026/01/12 9:27 p.m.6 views

CVE-2025-68231 affecting package kernel for versions less than 6.6.119.3-1

CVE-2025-68231 affecting package kernel for versions less than 6.6.119.3-1. An upgraded version of the package is available that resolves this issue...

6.8AI score0.00156EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/12 12:0 a.m.4 views

A High-Recall Cost-Sensitive Machine Learning Framework for Real-Time Online Banking Transaction Fraud Detection

Fraudulent activities on digital banking services are becoming more intricate by the day, challenging existing defenses. While older rule driven methods struggle to keep pace, even precision focused algorithms fall short when new scams are introduced. These tools typically overlook subtle shifts ...

6.6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.7 views

PT-2026-6164

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The uacce module, which supports device isolation, creates sysfs files if the driver implements the isolate err threshold read and isolate err threshold write callback functions. Users c...

5.5CVSS6.5AI score0.00114EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.7 views

PT-2026-8152

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.18 Description The Linux kernel contains a flaw in the btrfs subsystem related to dirty metadata page handling. Specifically, the kernel may strictly require a dirty metadata threshold for metadata writepages,...

5.5CVSS6.4AI score0.00125EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/12/31 12:0 a.m.2 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992770)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992770 advisory. In the Linux kernel, the following vulnerability has been resolved: dm thin: fix use-after-free crash in dmsmregisterthresholdcallback Fault inject on pool metadata...

5.5CVSS6.1AI score0.002EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/30 12:0 a.m.1 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992428)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992428 advisory. In the Linux kernel, the following vulnerability has been resolved: dm thin: fix use-after-free crash in dmsmregisterthresholdcallback Fault inject on pool metadata...

5.5CVSS6.1AI score0.002EPSS
Exploits0References4
Schneier on Security
Schneier on Security
added 2025/12/26 10:8 p.m.4 views

Friday Squid Blogging: Squid Camouflage

New research: Abstract: Coleoid cephalopods have the most elaborate camouflage system in the animal kingdom. This enables them to hide from or deceive both predators and prey. Most studies have focused on benthic species of octopus and cuttlefish, while studies on squid focused mainly on the...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/23 12:0 a.m.9 views

Evasion-Resilient Detection of DNS-Over-HTTPS Data Exfiltration: A Practical Evaluation and Toolkit

The purpose of this project is to assess how well defenders can detect DNS-over-HTTPS DoH file exfiltration, and which evasion strategies can be used by attackers. While providing a reproducible toolkit to generate, intercept and analyze DoH exfiltration, and comparing Machine Learning vs...

6.8AI score
Exploits0
CBLMariner
CBLMariner
added 2025/12/16 2:48 p.m.3 views

CVE-2025-61145 affecting package libtiff for versions less than 4.6.0-11

CVE-2025-61145 affecting package libtiff for versions less than 4.6.0-11. A patched version of the package is available...

5.5CVSS5.9AI score0.00131EPSS
Exploits1
CBLMariner
CBLMariner
added 2025/12/15 4:3 p.m.5 views

CVE-2025-40288 affecting package kernel for versions less than 6.6.117.1-1

CVE-2025-40288 affecting package kernel for versions less than 6.6.117.1-1. An upgraded version of the package is available that resolves this issue...

6.8AI score0.00156EPSS
Exploits0
CBLMariner
CBLMariner
added 2025/12/15 4:3 p.m.3 views

CVE-2025-64329 affecting package containerd2 for versions less than 2.0.0-16

CVE-2025-64329 affecting package containerd2 for versions less than 2.0.0-16. A patched version of the package is available...

6.9CVSS6.9AI score0.00151EPSS
Exploits1
CBLMariner
CBLMariner
added 2025/12/15 4:3 p.m.3 views

CVE-2025-40280 affecting package kernel for versions less than 6.6.117.1-1

CVE-2025-40280 affecting package kernel for versions less than 6.6.117.1-1. An upgraded version of the package is available that resolves this issue...

6.8AI score0.00199EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/13 12:0 a.m.5 views

Diverse LLMs Vs. Vulnerabilities: Who Detects and Fixes Them Better?

Large Language Models LLMs are increasingly being studied for Software Vulnerability Detection SVD and Repair SVR. Individual LLMs have demonstrated code understanding abilities, but they frequently struggle when identifying complex vulnerabilities and generating fixes. This study presents...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/10 12:0 a.m.4 views

ByteShield: Adversarially Robust End-To-End Malware Detection through Byte Masking

Research has proven that end-to-end malware detectors are vulnerable to adversarial attacks. In response, the research community has proposed defenses based on randomized and derandomized smoothing. However, these techniques remain susceptible to attacks that insert large adversarial payloads. To...

6.8AI score
Exploits0
OSV
OSV
added 2025/12/04 4:16 p.m.4 views

AZL-71404 CVE-2025-40264 affecting package kernel for versions less than 6.6.119.3-1

In the Linux kernel, the following vulnerability has been resolved: be2net: pass wrbparams in case of OS2BMC beinsertvlaninpkt is called with the wrbparams argument being NULL at besendpkttobmc call site. This may lead to dereferencing a NULL pointer when processing a workaround for specific...

5.8AI score0.00189EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/12/03 12:0 a.m.3 views

Adversarial Limits of Quantum Certification: When Eve Defeats Detection

Security of quantum key distribution QKD relies on certifying that observed correlations arise from genuine quantum entanglement rather than eavesdropper manipulation. Theoretical security proofs assume idealized conditions, practical certification must contend with adaptive adversaries who...

6.5AI score
Exploits0
Rows per page
Query Builder