Label-Efficient Training Updates for Malware Detection over Time

Machine Learning ML-based detectors are becoming essential to counter the proliferation of malware. However, common ML algorithms are not designed to cope with the dynamic nature of real-world settings, where both legitimate and malicious software evolve. This distribution drift causes models...

CVE-2026-30082

Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...

CVE-2026-30082

CVE-2026-30082 describes multiple stored cross-site scripting (XSS) vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 . The issue allows an attacker to inject crafted payloads via the About application, What’s new, or Release note parameters to exe...

CVE-2026-30082

Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...

Linux Distros Unpatched Vulnerability : CVE-2026-27876

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in...

Exploit for Code Injection in Openwebui Open_Webui

CVE-2026-0766: OpenWebUI Remote Code Execution Educational...

[SECURITY] Fedora 43 Update: bcftools-1.23.1-1.fc43

BCFtools is a set of utilities that manipulate genomic variant calls in the Variant Call Format VCF and its binary counterpart BCF. All commands work transparently with both VCFs and BCFs, both uncompressed and BGZF-compressed. This BCFtools includes the polysomy subcommand, which is implemented...

[SECURITY] Fedora 44 Update: bcftools-1.23.1-1.fc44

BCFtools is a set of utilities that manipulate genomic variant calls in the Variant Call Format VCF and its binary counterpart BCF. All commands work transparently with both VCFs and BCFs, both uncompressed and BGZF-compressed. This BCFtools includes the polysomy subcommand, which is implemented...

Context-Aware Phishing Email Detection Using Machine Learning and NLP

Phishing attacks remain among the most prevalent cybersecurity threats, causing significant financial losses for individuals and organizations worldwide. This paper presents a machine learning-based phishing email detection system that analyzes email body content using natural language processing...

CVE-2026-27880

A flaw was found in Grafana. A remote attacker can exploit the feature toggle evaluation endpoint by sending unbounded values, causing the system to read excessive data into memory. This can lead to out-of-memory crashes, resulting in a Denial of Service DoS for the affected service. Mitigation...

CVE-2026-33955 Notesnook vulnerable to RCE via stored XSS in Note History diff viewer

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop, a cross-site scripting vulnerability stored in the note history comparison viewer can escalate to remote code execution in a desktop application. The issue is triggered when an attacker-controlled note header is displayed usi...

CVE-2026-33955 Notesnook vulnerable to RCE via stored XSS in Note History diff viewer

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop, a cross-site scripting vulnerability stored in the note history comparison viewer can escalate to remote code execution in a desktop application. The issue is triggered when an attacker-controlled note header is displayed usi...

EUVD-2026-16872

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop, a cross-site scripting vulnerability stored in the note history comparison viewer can escalate to remote code execution in a desktop application. The issue is triggered when an attacker-controlled note header is displayed usi...

Server-side Request Forgery (SSRF)

Overview @clerk/backend is a Clerk Backend SDK - REST Client for Backend API & JWT verification utilities Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the clerkFrontendApiProxy function. An attacker can obtain secret keys by crafting a request path that...

Authorization Bypass Through User-Controlled Key

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the querycollectionhandler function. An attacker can access other users' private documents, metadata, and personal memories by submitting crafted requests t...

Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memories

Summary Any authenticated user can read other users' private memories via /api/v1/retrieval/query/collection Details Vulnerability 1: Missing authorization in collection querying In backend/openwebui/routers/retrieval.py, the querycollectionhandler function accepts a list of collectionnames but...

EUVD-2026-16598

The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes...

CVE-2026-27880

The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes...

CVE-2026-27876

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the...

CVE-2026-27876

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the...