CVE
No mentions found
This entity hasn't been tracked yet, or Iris is still building its knowledge base.
Related Articles from SNS
CVE-Factory: Scaling Expert-Level Agentic Tasks for Code Security Vulnerability
Announce Type: replace Abstract: Evaluating and improving the security capabilities of code agents requires high-quality, executable vulnerability tasks. However, existing works rely on costly, unscalable manual reproduction and suffer from outdated data distributions. To address these, we present CVE-Factory, the first multi-agent framework to achieve expert-level quality in automatically transforming sparse CVE metadata into fully executable agentic tasks.
AI Code Sandboxes: A Comparative Security Study. Part 1 of 2 -- Engine-Level Properties (Attack Surface, Leakage, Stackability, CVE History, Patch Cadence, Fuzzing)
arXiv:2606.08433v1 Announce Type: new Abstract: This paper reads six engine-level measurements together -- 1.1 host attack surface, 1.2 information leakage, 1.3 defense-in-depth stackability, 1.4 public CVE history, 1.5 patch cadence, and 1.6 upstream fuzzing posture -- to describe how five AI-sandbox products isolate guest code from the host kernel. No single axis is a sufficient basis for a comparative judgement; the cross-axis reading is the load-bearing analysis. Three high-level...
CVE-Bench: testing LLM agents on real-world vulnerability patches
Summary: The article discusses the development of CVE-Bench, a tool designed to test large language model (LLM) agents on real-world vulnerability patches. The tool aims to evaluate the effectiveness of LLM agents in identifying and mitigating vulnerabilities in software systems. The article highlights the importance of testing LLM agents on real-world scenarios to ensure their reliability and accuracy in detecting and fixing vulnerabilities.
Yet another Cisco SD-WAN 0-day under attack, and no patch in sight
Unknown miscreants are exploiting a high-severity, zero-day bug in Cisco’s SD-WAN management software, and the networking giant hasn’t said when it will patch the flaw. Cisco issued an advisory on Thursday for the Catalyst SD-WAN Manager vulnerability, tracked as CVE-2026-20245, and it sounds like attackers have been exploiting this security failure for at least the last week. It’s due to a validation error - the software fails to properly validate user-supplied input - and an authenticated,...
Chrome's zero-day Whac-A-Mole continues with fifth exploited bug of the year
Google has fixed its fifth actively exploited Chrome zero-day of 2026, and this one earned its finder a $55,000 bounty. The flaw, tracked as CVE-2026-11645, is an out-of-bounds memory access bug in Chrome's V8 JavaScript engine. Google confirmed that the vulnerability is being exploited in the wild, but has disclosed little beyond the bare technical details.
Ransomware crims got a month-long head start on Check Point VPN 0-day that now has a fix
Check Point released an emergency fix on Monday for a critical authentication bypass vulnerability affecting its Remote Access VPN and Mobile Access deployments - but attackers, including ransomware criminals, got a month-long head start. Attacks against the bug, tracked as CVE-2026-50751, began on May 7, according to Check Point VP of research Lotem Finkelstein, and picked up in early June. The security software vendor spotted suspicious activity and began investigating the zero-day on June...
Ivanti tells Sentry customers to patch now as critical bugs hit 10.0 and 9.9
It's patch time for Ivanti customers again after the security shop disclosed another two critical vulnerabilities in one of its products. Both bugs affect Ivanti Sentry, a mobile gateway that forms part of its broader unified endpoint management platform. The first and worst of the two is CVE-2026-10520 (10.0), a max-severity vulnerability that allows a remote, unauthenticated attacker to execute code with root privileges.
Palo Alto VPN bug graduates from advisory to active exploitation
Palo Alto customers are being been told to patch yet another internet-facing security flaw after researchers caught attackers bypassing GlobalProtect authentication and gaining unauthorized VPN access. The flaw, tracked as CVE-2026-0257, affects PAN-OS deployments using GlobalProtect authentication override cookies under specific configurations. Palo Alto disclosed the bug on May 13 and initially assigned it a medium-severity rating, saying it was aware of attempts to exploit it but had not...