Lucene search
K

38444 matches found

Packet Storm News
Packet Storm News
added 2026/03/24 12:0 a.m.5 views

CSTS: A Canonical Security Telemetry Substrate for AI-Native Cyber Detection

AI-driven cybersecurity systems often fail under cross-environment deployment due to fragmented, event-centric telemetry representations. We introduce the Canonical Security Telemetry Substrate CSTS, an entity-relational abstraction that enforces identity persistence, typed relationships, and...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.7 views

GDAL 安全漏洞

GDAL is an open-source geospatial data abstraction library developed by GDAL. Versions of gdal prior to 3.11.0 contain security vulnerabilities. These vulnerabilities stem from improper restrictions on memory buffer operations, which may lead to issues with the program file inftree9.C...

9.4CVSS5.9AI score0.00276EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.6 views

PT-2026-27310

Name of the Vulnerable Software and Affected Versions furnace versions prior to 0.7 Description An out-of-bounds read issue exists in the furnace software within the extern/libsndfile-modified/src modules when processing flac.C program files. Recommendations Update to a version of furnace at or...

9.3CVSS5.8AI score0.00128EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.5 views

PT-2026-27471

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, Wallos endpoints/logos/search.php accepts HTTP PROXY and HTTPS PROXY environment variables without validation, enabling SSRF via proxy hijacking. The server performs DNS resolution on user-supplied sear...

8.3CVSS5.8AI score0.00369EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.7 views

fast-xml-parser 安全漏洞

fast-xml-parser is an open-source library developed by Natural Intelligence. It is used for quickly validating, parsing, and constructing XML files without relying on C/C++-based libraries or callbacks. Versions of fast-xml-parser from 4.0.0-beta.3 to 5.5.7 contained security vulnerabilities. The...

5.9CVSS6.2AI score0.00449EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.6 views

PT-2026-27470

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the patch introduced in commit e8a513591 CVE-2026-30840 added SSRF protection to notification test endpoints but left three additional attack surfaces unprotected: the AI Ollama host parameter, the AI...

8.8CVSS5.8AI score0.00497EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2026/03/23 11:49 p.m.4 views

CVE-2026-33283

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing malformed UL NAS Transport NAS messages without a Request Type. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected...

6.5CVSS5.8AI score0.00365EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/23 11:46 p.m.5 views

CVE-2026-33281 Ella Core panics on invalid PDU Session IDs in NGAP messages

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected...

6.5CVSS6.4AI score0.00393EPSS
Exploits0References3
OSV
OSV
added 2026/03/23 10:38 p.m.3 views

JLSEC-2026-1 In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of se...

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes 2400 individual settings entries over and over again. The attack causes th...

7.5CVSS6.6AI score0.05316EPSS
Exploits0References28
OSV
OSV
added 2026/03/23 8:39 p.m.3 views

GHSA-QR6X-WVXR-8HM9 Connect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User Information

Security Advisory — My Page Profile Update Improper Authorization Summary An improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Affected Versions - 1.x series: = 1.41.0 - 2.x series: = 2.41.0 Patched Versions - 1.41.1 - 2.41.1...

8.1CVSS5.9AI score0.00305EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/03/23 7:51 p.m.5 views

WordPress WP Posts Re-order plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin WP Posts Re-order versions = 1.0...

4.3CVSS5.8AI score0.0014EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/23 7:49 p.m.4 views

Security Bulletin: Vulnerabilities in Quarkus affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Quarkus has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-66560 DESCRIPTION: Quarkus ...

7.5CVSS5.7AI score0.00349EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/23 7:43 p.m.3 views

Security Bulletin: Vulnerabilities in Netty affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Netty has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is a...

6.5CVSS6.5AI score0.00292EPSS
Exploits1Affected Software1
Patchstack
Patchstack
added 2026/03/23 7:23 p.m.9 views

WordPress Schema Shortcode plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Schema Shortcode versions = 1.0...

6.4CVSS5.8AI score0.00156EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/23 7:15 p.m.23 views

CVE-2026-33548 MantisBT has Stored HTML Injection / XSS when displaying Tags in Timeline

Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, improper escaping of tag names retrieved from History in Timeline myviewpage.php allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript, when displaying a tag that has...

8.6CVSS0.00196EPSS
Exploits0References2
CVE
CVE
added 2026/03/23 6:53 p.m.59 views

CVE-2026-26209

The CVE-2026-26209 issue affects the Python library cbor2 (including the C extension _cbor2) prior to version 5.9.0. The root cause is uncontrolled recursion when decoding deeply nested CBOR structures, as the C extension relies on Python’s Py_EnterRecursiveCall rather than a data-driven depth li...

7.5CVSS7.1AI score0.00417EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/23 6:53 p.m.5 views

CVE-2026-26209 cbor2 has a Denial of Service via Uncontrolled Recursion in cbor2.loads

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Versions prior to 5.9.0 are vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding deeply nested CBOR structures. This vulnerability affects both the...

7.5CVSS7.1AI score0.00417EPSS
Exploits1References4
Snyk
Snyk
added 2026/03/23 6:53 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview cbor2 is a CBOR deserializer with extensive tag support Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the decoding of CBOR payloads. An attacker can cause the application to crash by submitting deeply nested input that trigger...

8.7CVSS7.1AI score0.00417EPSS
Exploits1References2
OSV
OSV
added 2026/03/23 6:53 p.m.9 views

CVE-2026-26209 cbor2 has a Denial of Service via Uncontrolled Recursion in cbor2.loads

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Versions prior to 5.9.0 are vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding deeply nested CBOR structures. This vulnerability affects both the...

7.5CVSS5.9AI score0.00417EPSS
Exploits1References6
Patchstack
Patchstack
added 2026/03/23 6:34 p.m.5 views

WordPress Team plugin <= 5.0.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Doan Dinh Van in WordPress Plugin Team versions = 5.0.11...

7.5CVSS5.8AI score0.00278EPSS
Exploits0Affected Software1
Rows per page
Query Builder