Lucene search
K

294 matches found

UbuntuCve
UbuntuCve
added 2026/05/07 12:0 a.m.9 views

CVE-2026-41673

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested DO...

8.7CVSS5.7AI score0.00643EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

XMLDOM 安全漏洞

XMLDOM is a JavaScript implementation of the W3C DOM for Node developed by jindw. Versions of XMLDOM prior to 0.9.10, 0.8.13, and xmldom 0.6.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the unlimited depth of recursive traversal in lib/dom.js, which could...

8.7CVSS5.8AI score0.00643EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/01 9:15 a.m.11 views

WordPress TreePress – Easy Family Trees & Ancestor Profiles plugin <= 3.0.6 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin TreePress – Easy Family Trees & Ancestor Profiles versions = 3.0.6...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/04/22 5:16 p.m.8 views

UBUNTU-CVE-2026-35365

The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real files or directories at the destination. This can lead to...

6.6CVSS5.8AI score0.00161EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/22 5:16 p.m.10 views

CVE-2026-35365

The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real files or directories at the destination. This can lead to...

6.6CVSS5.8AI score0.00161EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/04/22 4:8 p.m.4 views

CVE-2026-35365

The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real files or directories at the destination. This can lead to...

6.6CVSS5.3AI score0.00161EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/03/11 8:53 p.m.371 views

claude-code-pentest

claude-code-pentest 6 Claude Code skills that automate th...

5.8AI score
Exploits0
NVD
NVD
added 2026/02/20 4:22 p.m.19 views

CVE-2026-22364

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes SevenTrees seventrees allows PHP Local File Inclusion.This issue affects SevenTrees: from n/a through =1.0.2...

8.1CVSS0.00403EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/01/28 12:0 a.m.11 views

ShellForge: Adversarial Co-Evolution of Webshell Generation and Multi-View Detection for Robust Webshell Defense

Webshells remain a primary foothold for attackers to compromise servers, particularly within PHP ecosystems. However, existing detection mechanisms often struggle to keep pace with rapid variant evolution and sophisticated obfuscation techniques that camouflage malicious intent. Furthermore, many...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/26 12:0 a.m.17 views

Explainability Methods for Hardware Trojan Detection: A Systematic Comparison

Hardware trojan detection requires accurate identification and interpretable explanations for security engineers to validate and act on results. This work compares three explainability categories for gate-level trojan detection on the Trust-Hub benchmark: 1 domain-aware property-based analysis of...

5.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.6 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000396)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000396 advisory. fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain...

5.5CVSS6.6AI score0.00645EPSS
Exploits0References4
Snyk
Snyk
added 2025/12/16 10:32 p.m.3 views

Malicious Package

Overview vis-trees is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.9AI score
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/12/08 12:0 a.m.2 views

Evaluating Vulnerabilities of Connected Vehicles under Cyber Attacks by Attack-Defense Tree

Connected vehicles represent a key enabler of intelligent transportation systems, where vehicles are equipped with advanced communication, sensing, and computing technologies to interact not only with one another but also with surrounding infrastructures and the environment. Through continuous da...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/18 12:0 a.m.7 views

A Unified Compositional View of Attack Tree Metrics

Attack trees ATs are popular graphical models for reasoning about the security of complex systems, allowing for the quantification of risk through so-called AT metrics. A large variety of different such AT metrics have been proposed, and despite their wide-spread practical use, no systematic...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/14 12:0 a.m.9 views

The Jasmin Compiler Preserves Cryptographic Security

Jasmin is a programming and verification framework for developing efficient, formally verified, cryptographic implementations. A main component of the framework is the Jasmin compiler, which empowers programmers to write efficient implementations of state-of-the-art cryptographic primitives,...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/02 12:0 a.m.6 views

Android Malware Detection: A Machine Learning Approach

This study examines machine learning techniques like Decision Trees, Support Vector Machines, Logistic Regression, Neural Networks, and ensemble methods to detect Android malware. The study evaluates these models on a dataset of Android applications and analyzes their accuracy, efficiency, and...

6.9AI score
Exploits0
Fedora
Fedora
added 2025/11/01 1:50 a.m.7 views

[SECURITY] Fedora 42 Update: vgrep-2.8.0-4.fc42

vgrep is a pager for grep, git-grep, ripgrep and similar grep implementations, and allows for opening the indexed file locations in a user-specified editor such as vim or emacs. vgrep is inspired by the ancient cgvg scripts but extended to perform further operations such as listing statistics of...

6.5CVSS6.9AI score0.00489EPSS
Exploits1
Fedora
Fedora
added 2025/11/01 1:13 a.m.6 views

[SECURITY] Fedora 41 Update: vgrep-2.8.0-4.fc41

vgrep is a pager for grep, git-grep, ripgrep and similar grep implementations, and allows for opening the indexed file locations in a user-specified editor such as vim or emacs. vgrep is inspired by the ancient cgvg scripts but extended to perform further operations such as listing statistics of...

6.5CVSS6.9AI score0.00489EPSS
Exploits1
OSV
OSV
added 2025/10/17 2:56 p.m.4 views

OESA-2025-2482 poppler security update

is a PDF rendering library. Security Fixes: Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata such as GTSPDFEVersion of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in...

8.6CVSS6.7AI score0.00159EPSS
Exploits0References3
NVD
NVD
added 2025/10/07 4:15 p.m.5 views

CVE-2023-53671

In the Linux kernel, the following vulnerability has been resolved: srcu: Delegate work to the boot cpu if using SRCUSIZESMALL Commit 994f706872e6 "srcu: Make Tree SRCU able to operate without snpnode array" assumes that cpu 0 is always online. However, there really are situations when some other...

5.5CVSS0.00134EPSS
Exploits0References3
Rows per page
Query Builder