Lucene search
+L

460 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/08 8:46 p.m.69 views

CVE-2026-6352

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with auditor-level access to modify compliance violation records due to improper...

2.7CVSS6AI score0.00264EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/07/08 8:46 p.m.36 views

CVE-2026-6352 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with auditor-level access to modify compliance violation records due to improper...

2.7CVSS0.00264EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.14 views

PT-2026-56614

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.2 through 18.11.6 GitLab EE versions 19.0 through 19.0.3 GitLab EE versions 19.1 through 19.1.1 Description An improper authorization issue exists in certain GraphQL operations that could allow an authenticated user with...

2.7CVSS6.1AI score0.00264EPSS
Exploits0References7
OSV
OSV
added 2026/07/07 4:52 p.m.4 views

GO-2026-5761 Malicious image with /dev symlink can trigger limited host filesystem integrity violations in github.com/opencontainers/runc

Malicious image with /dev symlink can trigger limited host filesystem integrity violations in github.com/opencontainers/runc...

3.3CVSS5.9AI score0.00222EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 12:2 a.m.39 views

CVE-2026-41579 runc: Malicious image with /dev symlink can trigger limited host filesystem integrity violations

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions prior to 1.3.6, 1.4.0-rc.1, 1.4.0-rc.12, 1.5.0-rc.1, and 1.5.0-rc.1, when setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join strin...

3.3CVSS0.00222EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 6:17 a.m.4 views

ALPINE-CVE-2026-56131

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur similar to the CVE-2026-50219 situation...

4.9CVSS5.8AI score0.00135EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 2:56 a.m.14 views

EUVD-2026-37976

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur similar to the CVE-2026-50219 situation...

5.9CVSS5.2AI score0.00218EPSS
Exploits0References1
OSV
OSV
added 2026/06/19 2:56 a.m.3 views

CVE-2026-56131

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur similar to the CVE-2026-50219 situation...

4.9CVSS5.9AI score0.00135EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.21 views

VMware Spring Web Services 安全漏洞

VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are security vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from the...

8.2CVSS5.3AI score0.00229EPSS
Exploits0References1
Wired Threat Level
Wired Threat Level
added 2026/06/10 10:0 a.m.16 views

Amnesty International Warns That World Cup Fans Face Potential Human Rights Violations

The organization claims that the FIFA tournament could have impacts on the rights of local people and visiting soccer fans in all three host countries...

5.5AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/06/09 5:35 p.m.15 views

Reconstructing AI activity in investigations

AI systems are now part of everyday work. Investigators need a consistent way to reconstruct what happened within them. Security teams are already investigating activity involving Microsoft 365 Copilot and Azure AI services—from prompt injection attempts to unexpected data access. Those signals a...

5.4AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/06/09 5:35 p.m.34 views

Reconstructing AI activity in investigations

AI systems are now part of everyday work. Investigators need a consistent way to reconstruct what happened within them. Security teams are already investigating activity involving Microsoft 365 Copilot and Azure AI services—from prompt injection attempts to unexpected data access. Those signals a...

5.5AI score
Exploits0
NVD
NVD
added 2026/06/04 6:16 a.m.14 views

CVE-2026-50219

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,...

5.9CVSS0.00218EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.12 views

libexpat 资源管理错误漏洞

libexpat is a streaming XML parser written in C language by the libexpat team. Versions of libexpat prior to 2.8.2 contained a resource management vulnerability. This vulnerability stemmed from insufficient deep tracking during the processing of policy violations, where calls to functions such as...

5.9CVSS5.3AI score0.00218EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2026/06/01 1:52 a.m.32 views

Payment apps are watching what you say (Lock and Code S07E11)

This week on the Lock and Code podcast … In the United States today, you can have your bank account closed, your credit cards cancelled, and your online payments revoked for any number of crimes, like funding terrorism, engaging in money laundering, or violating sanctions. Sensible, right? Well,...

5.9AI score
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Security policy violation events could have revealed cross-origin information due to violations of frame-ancestor rules. This vulnerability affects Firefox ESR versions earlier than 91.5, Firefox versions earlier than 96, and Thunderbird versions earlier than 91.5...

6.5CVSS6.6AI score0.00646EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2025-71300

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Revert arm64: zynqmp: Add an OP-TEE node to the device tree This reverts commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe. OP-TEE logic in U-Boot automatically...

5.5CVSS6.2AI score0.00138EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 12:8 a.m.53 views

CVE-2026-8200

The CVE-2026-8200 entry covers MongoDB Server: affected versions are v7.0 before 7.0.34, v8.0 before 8.0.23, v8.2 before 8.2.9, and v8.3 before 8.3.2. When schema validation is enabled and an update/insert would violate the schema, the generated local server log message may not redact all user da...

5.3CVSS5.8AI score0.00204EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.22 views

vm2 安全漏洞

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.11.0 have security vulnerabilities; these vulnerabilities stem from sandbox boundary violations. During...

7.2CVSS5.9AI score0.002EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2026/05/13 12:0 a.m.29 views

No Attack Required: Semantic Fuzzing for Specification Violations in Agent Skills

LLM-powered agents can silently delete documents, leak credentials, or transfer funds on a routine user request, not because the agent was attacked, but because the skill it invoked broke its own declared safety rules. We call these specification violations: benign inputs cause a skill to breach...

5.9AI score
Exploits0
Rows per page
Query Builder