CVSS
No mentions found
This entity hasn't been tracked yet, or Iris is still building its knowledge base.
Related Articles from SNS
HAVE: Host Active Verification Engine for Closing the Contextual Reality Gap in Security Digital Twins
arXiv:2606.06968v1 Announce Type: new Abstract: Security Digital Twins (SDTs) provide continuously updated virtual replicas of infrastructure for threat simulation, yet they rely on theoretical CVSS scores to assign lateral-movement probabilities -- creating the Contextual Reality Gap: risk is overestimated where unacknowledged mitigations neutralize exploits, and drastically underestimated where logic flaws bypass all memory-safety defenses. We present the Host Active Verification Engine...
Benchmarking Speech-to-Speech Translation Models
arXiv:2606.03241v1 Announce Type: new Abstract: Speech-to-speech translation (S2ST) has advanced rapidly, but offline evaluation lacks a unified protocol: studies report non-overlapping metric subsets, preventing direct comparisons. We introduce COMPASS, a unified and reproducible benchmarking framework integrating 46 metrics across eight dimensions, and deploy it on 1,248 model-language configurations from FLEURS and CVSS, spanning cascaded and end-to-end architectures over ten language...
Cisco serves up yet another perfect 10 bug with Secure Workload admin flaw
Cisco has disclosed a critical vulnerability (CVE-2026-20223) in its Secure Workload platform, which allows unauthenticated attackers to gain Site Admin privileges by sending crafted API requests. This flaw, rated 10.0, permits remote attackers to read sensitive information and alter configurations across tenant boundaries. Customers must install specific fixed releases to remediate the issue, as no workarounds are currently available.
Ivanti tells Sentry customers to patch now as critical bugs hit 10.0 and 9.9
It's patch time for Ivanti customers again after the security shop disclosed another two critical vulnerabilities in one of its products. Both bugs affect Ivanti Sentry, a mobile gateway that forms part of its broader unified endpoint management platform. The first and worst of the two is CVE-2026-10520 (10.0), a max-severity vulnerability that allows a remote, unauthenticated attacker to execute code with root privileges.
AI is making Patch Tuesday (kinda) fun again
Microsoft set a record with its June Patch Tuesday release, addressing 206 CVEs across its products and shipping fixes for them, with 38 deemed critical and the rest important. Three are listed as publicly known, but none (so far) have been exploited in the wild. We have no idea how many of these June bugs were uncovered using AI tools.
FORGE: Multi-Agent Graduated Exploitation and Detection Engineering
arXiv:2606.03453v1 Announce Type: new Abstract: Vulnerability disclosure volumes now far exceed organizational assessment capacity, yet three adjacent research communities (proof-of-concept generation, vulnerability prioritization, and detection rule engineering) operate largely in isolation. Existing automated exploit generation systems report binary pass/fail outcomes, discarding partial progress and producing no signal for the other two communities. This paper presents FORGE, a...
CRESS: Quantifying Vulnerabilities of Attack Scenarios in Hardware Reverse Engineering
arXiv:2606.05459v1 Announce Type: new Abstract: The safety, security, and reliability of microelectronic systems depend on a trustworthy, secured supply chain and design flow. Globally distributed supply chains or unintentional design weaknesses leave the door open for attacks on the hardware level. These scenarios encompass counterfeiting, hardware trojans, or on-device attacks.
India's cyber agency sets clock at 12 hours to tackle exploited bugs as AI turns up the heat
India's CERT-In has issued new guidelines, advising defenders to patch or mitigate exploited vulnerabilities within 12 hours if they affect internet-facing or critical systems. This accelerated timeframe is a response to the increasing threat posed by AI-assisted cyberattacks, which significantly speeds up the exploitation process for adversaries. The agency also provided a more relaxed 24-hour window for less critical internal system flaws.