CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2 days ago•9 views

PT-2026-48235

21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. The autonomous agent discovered vulnerabilities spanning the TS demuxer, VP9 decoder, RTP...

Positive Technologies•added 2 days ago•5 views

PT-2026-48237

Positive Technologies•added 2 days ago•6 views

PT-2026-48234

Positive Technologies•added 2 days ago•6 views

PT-2026-48239

The Hacker News•added 5 days ago•16 views

AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs

Two things landed within days of each other this week. A security startup reported 21 previously unknown vulnerabilities in FFmpeg, the media library inside almost everything that touches video, all of them found by an autonomous AI agent. The same week, Google shipped Chrome 149 with patches for...

9.6CVSS5.9AI score0.00086EPSS

The Hacker News•added 2026/05/28 1:53 p.m.•18 views

Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal

Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure CVD, urging the research community to share their findings and give affected vendors an opportunity to better understand the impact and address them before they are publicly disclosed. The development comes after a...

7.8CVSS6.6AI score0.08207EPSS

Exploits6

MSRC•added 2026/05/27 12:0 a.m.•8 views

A shared responsibility: Protecting customers through Coordinated Vulnerability Disclosure

In recent weeks several zero-day vulnerabilities have been publicly disclosed. The details of these vulnerabilities were not shared with Microsoft prior to release, and the disclosures put our customers at unnecessary risk...

5.8AI score

Packet Storm News•added 2026/05/20 12:0 a.m.•6 views

FuzzingBrain V2: A Multi-Agent LLM System for Automated Vulnerability Discovery and Reproduction

Software vulnerabilities pose critical security threats, with nearly 50,000 CVEs reported in 2025. While Large Language Models LLMs show promise for automated vulnerability detection, three key challenges remain. First, LLM-generated vulnerability reports suffer from high false positive rates and...

5.9AI score

GithubExploit•added 2026/05/16 5:23 a.m.•83 views

darksword-Exploit

🗡️ DarkSword — iOS Full-Chain Exploit Analysis Reference:...

8.8CVSS7.3AI score0.00455EPSS

Exploits16

Packet Storm News•added 2026/05/07 12:0 a.m.•3 views

Demystifying and Detecting Agentic Workflow Injection Vulnerabilities in GitHub Actions

GitHub Actions is increasingly used to deploy LLM-based agents for repository-centric tasks such as issue triage, pull-request review, code modification, and release assistance. These agentic workflows extend traditional CI/CD automation with agentic capabilities but also create a new injection...

5.9AI score

Positive Technologies•added 2026/04/23 12:0 a.m.•3 views

PT-2026-34831

@HaifeiLi Zero days are numbered, as in CVE-2026-0001, CVE-2026-0002, CVE-2026-0003...

5.7AI score

Packet Storm News•added 2026/04/22 12:0 a.m.•4 views

Synthesizing Multi-Agent Harnesses for Vulnerability Discovery

LLM agents have begun to find real security vulnerabilities that human auditors and automated fuzzers missed for decades, in source-available targets where the analyst can build and instrument the code. In practice the work is split among several agents, wired together by a harness: the program...

8.8CVSS5.8AI score0.00072EPSS

Malwarebytes•added 2026/04/20 7:2 a.m.•3 views

A week in security (April 13 – April 19)

Last week on Malwarebytes Labs: This old-school scam is still working "Your shipment has arrived" email hides remote access software Browser Guard gets even better with Access Control "iCloud storage is full" scam is back, and now it wants your payment details A fake Slack download is giving...

5.8AI score

Packet Storm News•added 2026/04/20 12:0 a.m.•2 views

TitanCA: Lessons from Orchestrating LLM Agents to Discover 100+ CVEs

Software vulnerabilities remain one of the most persistent threats to modern digital infrastructure. While static application security testing SAST tools have long served as the first line of defense, they suffer from high false-positive rates. This article presents TitanCA, a collaborative proje...

5.8AI score

GithubExploit•added 2026/04/14 10:57 a.m.•359 views

darksword-Exploit

🗡️ DarkSword — iOS Full-Chain Exploit Analysis Reference:...

8.8CVSS6.1AI score0.00455EPSS

Exploits16

Packet Storm News•added 2026/04/07 12:0 a.m.•0 views

Argus: Reorchestrating Static Analysis Via a Multi-Agent Ensemble for Full-Chain Security Vulnerability Detection

Recent advancements in Large Language Models LLMs have sparked interest in their application to Static Application Security Testing SAST, primarily due to their superior contextual reasoning capabilities compared to traditional symbolic or rule-based methods. However, existing LLM-based approache...

6AI score

Packet Storm News•added 2026/04/06 12:0 a.m.•2 views

A Multi-Agent Framework for Automated Exploit Generation with Constraint-Guided Comprehension and Reflection

Open-source libraries are widely used in modern software development, introducing significant security vulnerabilities. While static analysis tools can identify potential vulnerabilities at scale, they often generate overwhelming reports with high false positive rates. Automated Exploit Generatio...