Lucene search
K

132 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-284 Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC

Impact When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation document.proof was not factored into the final verified value true/false on the presentation record. Below is an example result from verifying a JSON-LD...

9.9CVSS5.8AI score0.00627EPSS
Exploits1References9
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in rpm

A flaw was discovered in the RPM package’s read functionality. This flaw allows an attacker to persuade a victim to install a seemingly verifiable package, or to compromise an RPM repository, thereby causing corruption of the RPM database. The most significant threat posed by this vulnerability i...

5.5CVSS6.7AI score0.00701EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/06/03 12:0 a.m.9 views

The Coverage Gap: Chile's Cyber Disclosure Framework Versus the USA, EU and UK

We introduce the Coverage Gap as a measurable distance between the observable public exposure of critical-infrastructure operators and their declared capability to coordinate vulnerability disclosure. We instantiate it against the 915 Chilean Operadores de Importancia Vital OIVs -- Operators of...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/28 12:0 a.m.15 views

Honeyval: A Comprehensive Evaluation Framework for LLM-Powered HTTP Honeypots

Honeypots are decoy systems mimicking real system components designed to defend against cyber attacks. Recently, LLMs increasingly serve as simulation backbones for honeypots. They enable defenders to construct high-interaction honeypots with low system security risks. However, LLM-powered honeyp...

5.8AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/26 5:35 p.m.9 views

CVE-2026-41164 nuts-node: JWT type confusion in v1 access token introspection allows VP replay as access token

nuts-node is the reference implementation of the Nuts specification. Prior to 6.2.3 and 5.4.31, the v1 access token introspection endpoint /auth/v1/introspectaccesstoken accepts any JWT signed by a key present on the node, without validating the JWT type, issuer-to-key binding, or required claims...

4.4CVSS5.8AI score0.00076EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 5:35 p.m.6 views

CVE-2026-41164

nuts-node is the reference implementation of the Nuts specification. Prior to 6.2.3 and 5.4.31, the v1 access token introspection endpoint /auth/v1/introspectaccesstoken accepts any JWT signed by a key present on the node, without validating the JWT type, issuer-to-key binding, or required claims...

4.4CVSS5.8AI score0.00076EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/26 5:35 p.m.45 views

CVE-2026-41164 nuts-node: JWT type confusion in v1 access token introspection allows VP replay as access token

nuts-node is the reference implementation of the Nuts specification. Prior to 6.2.3 and 5.4.31, the v1 access token introspection endpoint /auth/v1/introspectaccesstoken accepts any JWT signed by a key present on the node, without validating the JWT type, issuer-to-key binding, or required claims...

4.4CVSS0.00076EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 5:35 p.m.16 views

EUVD-2026-31940

nuts-node is the reference implementation of the Nuts specification. Prior to 6.2.3 and 5.4.31, the v1 access token introspection endpoint /auth/v1/introspectaccesstoken accepts any JWT signed by a key present on the node, without validating the JWT type, issuer-to-key binding, or required claims...

4.4CVSS5.8AI score0.00076EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/13 12:0 a.m.10 views

On the (Non-)Resilience of Encrypted Controllers to Covert Attacks

The security of networked control systems NCS is receiving increasing attention from both cyber-security and system-theoretic perspectives. The former focuses on classical IT security goals such as confidentiality, integrity, and availability of process data, while the latter investigates tailore...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/07 12:0 a.m.14 views

From Specification to Deployment: Empirical Evidence from a W3C VC + DID Trust Infrastructure for Autonomous Agents

Autonomous AI agents now transact at production scale -- 69,000 bots executing 165 million transactions across 50 million USDC in cumulative volume on a single marketplace -- without any shared trust layer between participants. Regulatory frameworks Singapore IMDA, NIST CAISI, EU AI Act and major...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/05/05 5:15 p.m.9 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the /auth/v1/introspectaccesstoken endpoint, which accepts any JWT signed by a key present on the node without validating the JWT type, issuer-to-key binding, or required claims. An...

4.4CVSS5.8AI score0.00076EPSS
Exploits0References2
OSV
OSV
added 2026/05/05 5:15 p.m.5 views

GHSA-9HMG-827W-9RHJ nuts-node has JWT type confusion in v1 access token introspection that allows VP replay as access token

Summary The v1 access token introspection endpoint /auth/v1/introspectaccesstoken accepts any JWT signed by a key present on the node, without validating the JWT type, issuer-to-key binding, or required claims. This allows a Verifiable Presentation VP JWT to be replayed as an access token and...

4.4CVSS5.8AI score0.00076EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/05 5:15 p.m.22 views

nuts-node has JWT type confusion in v1 access token introspection that allows VP replay as access token

Summary The v1 access token introspection endpoint /auth/v1/introspectaccesstoken accepts any JWT signed by a key present on the node, without validating the JWT type, issuer-to-key binding, or required claims. This allows a Verifiable Presentation VP JWT to be replayed as an access token and...

4.4CVSS5.8AI score0.00076EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.16 views

PT-2026-37245

Name of the Vulnerable Software and Affected Versions nuts-node versions prior to 5.4.31 nuts-node versions prior to 6.2.3 Description The v1 access token introspection endpoint '/auth/v1/introspect access token' accepts any JSON Web Token JWT signed by a key present on the node without validatin...

4.4CVSS5.8AI score0.00076EPSS
Exploits0References8
Packet Storm News
Packet Storm News
added 2026/03/23 12:0 a.m.8 views

OrgForge-IT: A Verifiable Synthetic Benchmark for LLM-Based Insider Threat Detection

Synthetic insider threat benchmarks face a consistency problem: corpora generated without an external factual constraint cannot rule out cross-artifact contradictions. The CERT dataset -- the field's canonical benchmark -- is also static, lacks cross-surface correlation scenarios, and predates th...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/06 12:0 a.m.2 views

ESAA-Security: An Event-Sourced, Verifiable Architecture for Agent-Assisted Security Audits of AI-Generated Code

AI-assisted software generation has increased development speed, but it has also amplified a persistent engineering problem: systems that are functionally correct may still be structurally insecure. In practice, prompt-based security review with large language models often suffers from uneven...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/12 12:0 a.m.3 views

Verifiable Provenance of Software Artifacts with Zero-Knowledge Compilation

Verifying that a compiled binary originates from its claimed source code is a fundamental security requirement, called source code provenance. Achieving verifiable source code provenance in practice remains challenging. The most popular technique, called reproducible builds, requires difficult...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/06 12:0 a.m.4 views

Evaluating and Enhancing the Vulnerability Reasoning Capabilities of Large Language Models

Large Language Models LLMs have demonstrated remarkable proficiency in vulnerability detection. However, a critical reliability gap persists: models frequently yield correct detection verdicts based on hallucinated logic or superficial patterns that deviate from the actual root cause. This...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/10 12:0 a.m.4 views

ZkRansomware: Proof-Of-Data Recoverability and Multi-Round Game Theoretic Modeling of Ransomware Decisions

Ransomware is still one of the most serious cybersecurity threats. Victims often pay but fail to regain access to their data, while also facing the danger of losing data privacy. These uncertainties heavily shape the attacker-victim dynamics in decision-making. In this paper, we introduce and...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/25 12:0 a.m.5 views

Verifiable Passkey: The Decentralized Authentication Standard

Passwordless authentication has revolutionized the way we authenticate across various websites and services. FIDO2 Passkeys, is one of the most-widely adopted standards of passwordless authentication that promises phishing-resistance. However, like any other authentication system, passkeys requir...

6.7AI score
Exploits0
Rows per page
Query Builder