3543 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-43337
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amd/display: Fix NULL pointer dereference in dcn401inithw dcn401inithw assumes that updatebwboundingbox is valid when entering the update path. However, the...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the conditional judgment in the AMD display driver’s dcn401inithw function. This judgment does no...
GPAC 资源管理错误漏洞
GPAC is an open-source multimedia framework developed by GPAC. Versions of GPAC prior to 26.02.0 contain a resource management vulnerability. This vulnerability arises from the function sidxboxread in the file src/isomedia/boxcodebase.c, which involves resource allocation and requires a local...
Gray-Box Poisoning of Continuous Malware Ingestion Pipelines
Modern malware detection pipelines rely on continuous data ingestion and machine learning to counter the high volume of novel threats. This work investigates a realistic gray-box poisoning threat model targeting these pipelines. Using the secmlmalware framework, we generate problem-space...
Black_Box-Penetration-Testing
BlackBox-Penetration-Testing Black-box penetration test again...
EUVD-2023-60574
AmazCart CMS 3.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search functionality. Attackers can enter script tags in the search box to execute arbitrary JavaScript that fires when...
CVE-2023-54349
AmazCart CMS 3.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search functionality. Attackers can enter script tags in the search box to execute arbitrary JavaScript that fires when...
PT-2026-37004
AmazCart CMS 3.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search functionality. Attackers can enter script tags in the search box to execute arbitrary JavaScript that fires when...
AmazCart CMS 跨站脚本漏洞
AmazCart CMS is an e-commerce content management system developed by the AmazCart company. Version 3.4 of AmazCart CMS has a cross-site scripting vulnerability. This vulnerability stems from a reflective cross-site scripting flaw, allowing unauthenticated attackers to inject malicious scripts...
CVE-2026-3120
Improper Control of Generation of Code 'Code Injection' vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This issue affects SambaBox: from 5.1 before 5.3...
Attention Is Where You Attack
Safety-aligned large language models rely on RLHF and instruction tuning to refuse harmful requests, yet the internal mechanisms implementing safety behavior remain poorly understood. We introduce the Attention Redistribution Attack ARA, a white-box adversarial attack that identifies...
Secret Stealing Attacks on Local LLM Fine-Tuning through Supply-Chain Model Code Backdoors
Local fine-tuning datasets routinely contain sensitive secrets such as API keys, personal identifiers, and financial records. Although ''local offline fine-tuning'' is often viewed as a privacy boundary, we reveal that compromised model code is sufficient to steal them. Current passive...
EUVD-2026-25873
A security flaw has been discovered in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master. Affected by this vulnerability is the function elngboxread of the file src/isomedia/boxcodebase.c of the component MP4Box. Performing a manipulation of the argument elng results in out-of-bounds read. The attack...
CVE-2026-7135 GPAC MP4Box box_code_base.c elng_box_read out-of-bounds
A security flaw has been discovered in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master. Affected by this vulnerability is the function elngboxread of the file src/isomedia/boxcodebase.c of the component MP4Box. Performing a manipulation of the argument elng results in out-of-bounds read. The attack...
CVE-2026-7135 GPAC MP4Box box_code_base.c elng_box_read out-of-bounds
A security flaw has been discovered in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master. Affected by this vulnerability is the function elngboxread of the file src/isomedia/boxcodebase.c of the component MP4Box. Performing a manipulation of the argument elng results in out-of-bounds read. The attack...
GPAC 缓冲区错误漏洞
GPAC is an open-source multimedia framework developed by GPAC. Versions of GPAC such as 26.03-DEV-rev105-g8f39a1eb3-master and earlier have a buffer error vulnerability. This vulnerability stems from the function elngboxread in the MP4Box component’s file src/isomedia/boxcodebase.c, which process...
PT-2026-35423
https://t.co/pupgsVuh70 CVE-2026-39468 meta-box CVSS Score 8.1 WordPress plugin vulnerability cybersecurity wordpressfirewall wordpresssecurity hacking wpsecurity atomicedge...
PT-2026-35448
A security flaw has been discovered in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master. Affected by this vulnerability is the function elng box read of the file src/isomedia/box code base.c of the component MP4Box. Performing a manipulation of the argument elng results in out-of-bounds read. The...
security-audit
security-audit A Claude Code skill + plugin marketplace for a...
CVE-2026-4088
The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppwctabox' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user-supplied post meta values including 'ctaboxbuttonlink',...