646 matches found
PT-2026-40841
Four CVEs CVE-2026-29103, CVE-2026-29104, CVE-2026-29892, CVE-2026-30441 shared the same root cause. An MCP server's response to the client includes free-form text fields — tool descriptions, resource summaries, prompt argument hints. These fields are surfaced into the…...
EUVD-2026-29050
A vulnerability was determined in Open5GS up to 2.7.7. This affects the function gsmhandlepdusessionmodificationqosflowdescriptions of the file src/smf/gsm-handler.c of the component SMF. Executing a manipulation of the argument n1SmMsg can lead to denial of service. The attack may be launched...
CVE-2026-8288 Open5GS SMF gsm-handler.c denial of service
A vulnerability was determined in Open5GS up to 2.7.7. This affects the function gsmhandlepdusessionmodificationqosflowdescriptions of the file src/smf/gsm-handler.c of the component SMF. Executing a manipulation of the argument n1SmMsg can lead to denial of service. The attack may be launched...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the operation of the...
Skill Description Deception Attack against Task Routing in Internet of Agents
A new paradigm, Internet of Agents IoA, is transforming networked systems into LLM-driven service networks, where heterogeneous agents collaborate through task routing based on their self-declared skill descriptions. Although this promising paradigm enables agentic, distributed, and advanced...
GHSA-GF5M-WCRH-7928 open-webui Vulnerable to Stored XSS via Model Description
!IMPORTANT Relationship to CVE-2024-7990 CVE-2024-7990 issued by huntr.dev, March 2025 describes a stored XSS in the same field — the model description — but exploits a different bypass mechanism: a second-order injection through the sanitizeResponseContent function's video-tag placeholder...
open-webui Vulnerable to Stored XSS via Model Description
!IMPORTANT Relationship to CVE-2024-7990 CVE-2024-7990 issued by huntr.dev, March 2025 describes a stored XSS in the same field — the model description — but exploits a different bypass mechanism: a second-order injection through the sanitizeResponseContent function's video-tag placeholder...
CVE-2025-71299
In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing The recent refactoring of where runtime PM is enabled done in commit f1eb4e792bb1 "spi: spi-cadence-quadspi: Enable pm runtime earlier to avoid imbalance"...
PT-2026-38924
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the spi: cadence-quadspi driver where a runtime PM Power Management disable operation in the probe function error paths can trigger duplicate clock disables. This occu...
YARA-X 1.16.0
YARA-X is a re-incarnation of YARA, a pattern matching tool designed with malware researchers in mind. This new incarnation intends to be faster, safer and more user-friendly than its predecessor. The ultimate goal of YARA-X is replacing YARA as the default pattern matching tool for malware...
MINI-726W-CPRX-PMV6
Bulletin has no description...
CVE-2026-2828
REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...
April 30, 2026—KB5083806 (OS Build 28000.1896) Preview
April 30, 2026—KB5083806 OS Build 28000.1896 Preview This non-security update for Windows 11, version 26H1 KB5083806, includes production-quality improvements. To learn more about differences between security updates, optional non-security preview updates, out-of-band OOB updates, and...
SUSE CVE-2026-41079
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory i...
Generation of Error Message Containing Sensitive Information
Overview Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information due to the raw message of every server-side AuthenticationException being returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker...
CVE-2026-41134
Kiota is an OpenAPI based HTTP Client code generator. Versions prior to 1.31.1 are affected by a code-generation literal injection vulnerability in multiple writer sinks for example: serialization/deserialization keys, path/query parameter mappings, URL template metadata, enum/property metadata,...
CVE-2026-41079
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory i...
EUVD-2026-25574
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory i...
PT-2026-35029
Name of the Vulnerable Software and Affected Versions OpenPrinting CUPS versions prior to 2.4.17 Description A network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend, leading to an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory is convert...
OpenPrinting CUPS 缓冲区错误漏洞
OpenPrinting CUPS is an open-source printing system developed by OpenPrinting Inc., suitable for Linux® and other Unix®-based operating systems. Versions of OpenPrinting CUPS prior to 2.4.17 contained a buffer overflow vulnerability. This vulnerability was exploited by network-related attackers w...