Lucene search
K

771 matches found

MSRC
MSRC
added 2025/08/25 7:0 a.m.9 views

postMessaged and Compromised

At Microsoft, securing the ecosystem means more than just fixing bugs—it means proactively hunting for variant classes, identifying systemic weaknesses, and working across teams to protect customers before attackers ever get the chance. This blog highlights one such effort: a deep dive into the...

7.2AI score
Exploits0
Snyk
Snyk
added 2025/08/19 3:34 p.m.2 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to insufficient authentication checks in the client and server processes. An attacker can gain unauthorized access to sensitive data by establishing a connection without proper certificate validation or...

10CVSS7.1AI score
Exploits0References3
Wallarm Lab
Wallarm Lab
added 2025/08/14 11:0 a.m.6 views

IBM 2025 Cost of a Data Breach Report: Lessons for API and AI Security

IBM’s 2025 Cost of a Data Breach Report offers one of the clearest and most comprehensive views yet of how AI adoption is shaping the security landscape. While breach numbers are relatively low – only 13% of organizations reported breaches involving AI models or applications – the report reveals ...

7.4AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2025/08/08 1:0 p.m.9 views

It Looks Like a School Bathroom Smoke Detector. A Teen Hacker Showed It Could Be an Audio Bug

A pair of hackers found that a vape detector often found in high school bathrooms contained microphones—and security weaknesses that could allow someone to turn it into a secret listening device...

7.3AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/08/08 12:0 a.m.16 views

The vulnerability of PackageKit for macOS operating systems, which allows a hacker to trigger a service failure.

The vulnerability of PackageKit for macOS operating systems is related to access control deficiencies. Exploiting this vulnerability can allow an attacker to cause service failures...

10CVSS5.4AI score0.00737EPSS
Exploits0References4Affected Software1
Wired Threat Level
Wired Threat Level
added 2025/08/07 6:9 p.m.10 views

Encryption Made for Police and Military Radios May Be Easily Cracked

Researchers found that an encryption algorithm likely used by law enforcement and special forces can have weaknesses that could allow an attacker to listen in...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2025/08/07 6:0 p.m.4 views

AI wrote my code and all I got was this broken prototype

Welcome to this week's edition of the Threat Source newsletter. Vulnerabilities within software are a persistent challenge. Software engineers inadvertently tend to make the same mistakes repeatedly, with the same entries appearing in the annual top 25 list of Common Weakness Enumerations each...

7.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/08/06 12:0 a.m.11 views

The vulnerability of the Framework component in Android operating systems, which allows a hacker to increase their privileges

The vulnerability of the Framework component in Android operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

8.4CVSS5.8AI score0.00105EPSS
Exploits1References4Affected Software1
SUSE Linux
SUSE Linux
added 2025/08/04 10:34 a.m.23 views

Security update for java-21-openjdk

This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.8+9 July 2025 CPU: Security fixes: CVE-2025-30749: several scenarios can lead to heap corruption bsc1246595 CVE-2025-30754: incomplete handshake may lead to weakening TLS protections bsc1246598...

8.6CVSS8.2AI score0.01058EPSS
Exploits1References18
BDU FSTEC
BDU FSTEC
added 2025/08/04 12:0 a.m.10 views

The vulnerability of the microprogrammed software of D-Link DIR-823-Pro wireless routers allows a intruder to gain unauthorized access to Telnet services.

The vulnerability of D-Link DIR-823-Pro wireless routers’ microprogramming software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain unauthorized access to Telnet services...

7.5CVSS5.4AI score0.00349EPSS
Exploits1References2Affected Software1
Packet Storm News
Packet Storm News
added 2025/07/23 12:0 a.m.5 views

An Empirical Study on Virtual Reality Software Security Weaknesses

Virtual Reality VR has emerged as a transformative technology across industries, yet its security weaknesses, including vulnerabilities, are underinvestigated. This study investigates 334 VR projects hosted on GitHub, examining 1,681 software security weaknesses to understand: what types of...

6.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/07/16 12:0 a.m.4 views

PT-2025-29824

Name of the Vulnerable Software and Affected Versions Plack-Middleware-Session versions prior to 0.35 Description The default session ID generator in Plack-Middleware-Session for Perl uses a SHA-1 hash seeded with the built-in rand function, the epoch time, and the process ID PID. The PID...

7.3CVSS5.7AI score0.00329EPSS
Exploits0References19
Vulnrichment
Vulnrichment
added 2025/07/15 7:27 p.m.4 views

CVE-2025-30744

...

8.1CVSS7.6AI score0.00322EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/07/11 12:0 a.m.6 views

AlmaLinux 9 : libxml2 (ALSA-2025:10699)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:10699 advisory. libxml: Heap use after free UAF leads to Denial of service DoS CVE-2025-49794 libxml: Type confusion leads to Denial of service DoS CVE-2025-49796 libxml...

9.1CVSS6.7AI score0.01437EPSS
Exploits1References5
CVE
CVE
added 2025/07/09 3:16 p.m.20 views

CVE-2025-7381

CVE-2025-7381 affects Mautic-related Docker images and the PHP base image: an information-disclosure flaw where the X-Powered-By header reveals the PHP version, enabling server fingerprinting. Root cause is PHP’s expose_php behavior; attack surface is the header exposure rather than code executio...

5.3CVSS6.2AI score0.00237EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/07/07 12:0 a.m.8 views

The vulnerability of the Oracle Solaris operating system’s file system allows a perpetrator to gain full control over the application.

The vulnerability of the Oracle Solaris operating system’s file system is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain full control over the application...

7.2CVSS7.2AI score0.00187EPSS
Exploits0References2Affected Software1
Packet Storm News
Packet Storm News
added 2025/07/05 12:0 a.m.4 views

Can Large Language Models Automate the Refinement of Cellular Network Specifications?

Cellular networks serve billions of users globally, yet concerns about reliability and security persist due to weaknesses in 3GPP standards. However, traditional analysis methods, including manual inspection and automated tools, struggle with increasingly expanding cellular network specifications...

6.9AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/07/02 12:0 a.m.6 views

The vulnerability of Notepad++ installer allows a hacker to elevate their privileges and write arbitrary files.

The vulnerability of the Notepad++ text editor is related to deficiencies in access control, resulting from uncontrolled access to search paths. Exploiting this vulnerability can allow attackers to enhance their privileges and write arbitrary files...

7.3CVSS7.6AI score0.00419EPSS
Exploits4References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/02 12:0 a.m.8 views

The vulnerability of the Mattermost instant messaging application, related to deficiencies in authentication procedures, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Mattermost instant messaging application is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

4.3CVSS5.7AI score0.00169EPSS
Exploits0References2Affected Software1
Wallarm Lab
Wallarm Lab
added 2025/06/26 7:6 a.m.8 views

Beyond Traditional Threats: The Rise of AI-Driven API Vulnerabilities

AI has had dramatic impacts on almost every facet of every industry. API security is no exception. Up until recently, defending APIs meant guarding against well-understood threats. But as AI proliferates, automated adversaries, AI-crafted exploits, and business logic abuse have complicated matter...

8.1AI score
Exploits0
Rows per page
Query Builder