CVE-2026-11413

A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function setmacfilter of the file /sbin/jdcwebrpc. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been...

EUVD-2026-34968

A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function setmacfilter of the file /sbin/jdcwebrpc. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been...

CVE-2026-11413

CVE-2026-11413 affects JingDong JD Cloud Box AX6600 (version 4.5.3.r4546). The vulnerable component is the function set_macfilter in /sbin/jdcweb_rpc, whose manipulation triggers a stack-based buffer overflow. Exploitation is possible remotely and exploitation details have been publicly disclosed...

CVE-2026-11413 JingDong JD Cloud Box AX6600 jdcweb_rpc set_macfilter stack-based overflow

A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function setmacfilter of the file /sbin/jdcwebrpc. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been...

CVE-2026-11413 JingDong JD Cloud Box AX6600 jdcweb_rpc set_macfilter stack-based overflow

A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function setmacfilter of the file /sbin/jdcwebrpc. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been...

PT-2026-47153

Name of the Vulnerable Software and Affected Versions JingDong JD Cloud Box AX6600 version 4.5.3.r4546 Description A stack-based buffer overflow occurs in the set macfilter function within the /sbin/jdcweb rpc file. This issue allows a remote attacker to initiate an attack by manipulating the...

CVE-2025-15611

The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the addoreditpopupbox function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated admin visits a malicious page, the attacker can create ...

CVE-2026-8124

A security vulnerability has been detected in GPAC up to 26.02.0. This affects the function sidxboxread of the file src/isomedia/boxcodebase.c. The manipulation leads to allocation of resources. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The...

JLSEC-2026-571

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Boxstts::getsampleduration, consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteration limit or timeout and...

EUVD-2026-34321

NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation SOAP implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the...

RedEdit: Agentic Red-Teaming of Image Safety Classifiers Via MCTS-Guided Photo-Editing

Image safety classifiers serve as a critical component of contemporary content moderation systems on the internet. However, their resilience against user-style malicious image editing remains underexplored. Such behaviors are highly prevalent in daily scenarios but difficult to fully reproduce. T...

UBUNTU-CVE-2025-55664

A heap buffer overflow in the m2tsdmxsendpacket function filters/dmxm2ts.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

CVE-2025-60485

A segmentation violation in the gfisomapplesettagex function /isomedia/isomwrite.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

MaskForge: Structure-Aware Adaptive Attacks for Jailbreaking Diffusion Large Language Models

Diffusion large language models dLLMs generate text by iteratively denoising partially masked sequences under bidirectional context, exposing a safety surface distinct from autoregressive LLMs. Because mask tokens are native inputs and tokens are committed by confidence rather than position,...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for May 2026

Summary Multiple vulnerabilities were addressed in IBM Process Mining 2.1.1 IF002 Vulnerability Details CVEID:CVE-2026-41607 DESCRIPTION: Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which...

DEBIAN-CVE-2025-70116

A NULL pointer dereference in GPAC MP4Box: when parsing certain truncated MP4 files, an unknown/invalid stsd entry can result in missing descriptor fields e.g., codec/mime/profile strings. gfmediamapesd then calls strlen on a NULL pointer, triggering a crash ASan SEGV...

CVE-2026-45983

In the Linux kernel, the following vulnerability has been resolved: nfsd: never defer requests during idmap lookup During v4 request compound arg decoding, some ops e.g. SETATTR can trigger idmap lookup upcalls. When those upcall responses get delayed beyond the allowed time limit, cachecheck wil...

PT-2026-44037

Name of the Vulnerable Software and Affected Versions GPAC MP4Box affected versions not specified Description A NULL pointer dereference occurs when parsing certain truncated MP4 files. An unknown or invalid stsd entry can lead to missing descriptor fields, such as codec, mime, or profile strings...

Evolving Skill-Structured Attack Memory Enhances LLM Jailbreaking

Jailbreak attacks on large language models LLMs aim to induce LLMs to produce content that they are expected to refuse. Automated black-box jailbreak generation is especially important for safety evaluation, where the attacker observes only model outputs and needs to automatically search for...

MonitorsFour-Write-UP

MonitorsFour-Write-UP Hack The Box MonitorsFour is an Easy-rat...