AMD Server Software and Embedded Chipset Driver Vulnerabilities Identified in Windows® Environments

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2026-0432| Incorrect default permissions in the installation directory for the AMD chipset driver could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.|...

PgBouncer buffer overflow in SCRAM

...

Security Risks in Tool-Enabled AI Agents: A Systematic Analysis of Privileged Execution Environments

Tool-enabled AI agents are increasingly deployed in cloud-hosted environments and offered as services, where they perform side-effecting operations through privileged tools within execution environments. While such agents enable powerful automation, the security implications of hosting autonomous...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CopyFail – CVE-2026-31431 Examples of PoCs and payloads for...

Before the Breach, There Was a Test Environment

Key Takeaways Most security failures do not begin where they are discovered. By the time risk becomes visible in production, the decisions that created it are often already sitting in test environments. “Temporary” test infrastructure often becomes permanent, creating persistent misconfigurations...

DecodingTrust-Agent Platform (DTap): A Controllable and Interactive Red-Teaming Platform for AI Agents

AI agents are increasingly deployed across diverse domains to automate complex workflows through long-horizon and high-stakes action executions. Due to their high capability and flexibility, such agents raise significant security and safety concerns. A growing number of real-world incidents have...

PT-2026-38297

Name of the Vulnerable Software and Affected Versions Scramble versions 0.13.2 through 0.13.21 Description When documentation endpoints are publicly accessible and validation rules reference user-controlled input, request supplied data may be evaluated during documentation generation. This can le...

Beyond Collection: Measuring the Detection Efficacy of Modern Security Logging Standards

Effective security logging is crucial for the timely and accurate detection of cyber threats; however, the relative effectiveness of various industry-standard logging frameworks remains understudied. This paper addresses this critical gap by presenting the first systematic evaluation of modern...

Important: Red Hat Security Advisory: multicluster engine for Kubernetes v2.11.0 General Availability

The multicluster engine for Kubernetes 2.11 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. The multicluster engine for Kubernetes v2.11 images The multicluster engine for Kubernetes provides the foundational components that a...

Practical Package Security: The Unofficial Guide

Get actionable best practices to shrink your attack surface, protect execution environments, control package ingestion, and catch compromises early...

cve-deep-dive

Report Bug · Request Feature Table of Contents a...

KingsGuard: Enclave Data Protection under Real-World TEE Vulnerabilities

Trusted Execution Environments TEEs have emerged as a cornerstone for securing sensitive computations by providing isolated enclaves protected from untrusted software. However, their security guarantees are undermined by vulnerabilities in both the enclave code and the underlying hardware design,...

Medium: cifs-utils

Issue Overview: A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentia...

Amazon Linux 2023 : cifs-utils, cifs-utils-devel, cifs-utils-info (ALAS2023-2026-1597)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1597 advisory. A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. Thi...

EUVD-2026-26053

GNU nano creates the user’s /.local directory with overly permissive permissions when the directory does not exist yet. On first use of features requiring Cross-Desktop Group XDG data storage, nano explicitly requests directory mode 0777, making the directory world‑writable in environments where...

EUVD-2026-26012

In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

The Security Cost of Intelligence: AI Capability, Cyber Risk, and Deployment Paradox

Firms are deploying more capable AI systems, but organizational controls often have not kept pace. These systems can generate greater productivity gains, but high-value uses require broader authority exposure -- data access, workflow integration, and delegated authority -- when governance control...

EUVD-2026-24988

The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions typically 0755 before subsequently changing them to the requested mode via a separate chmod system call. In multi-user environments, this introduces ...

CVE-2026-35367

The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file 0644. In multi-user environments, this allows any user on the...

GHSA-HX6P-XPX3-JVVV vulnerabilities

Vulnerabilities for packages: yara-x, wizer, zed, wasmcloud...