EUVD-2026-25201

CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their constructors and reuse it without fork detection. A...

CVE-2026-41564

CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their constructors and reuse it without fork detection. A...

CVE-2026-41564

CVE-2026-41564 concerns CryptX for Perl before 0.088, where per-object PRNG state seeded in Crypt::PK::* constructors is not reseeded after fork. A Crypt::PK::* object created before a fork can be inherited by multiple child processes with byte-identical PRNG state, enabling identical outputs in ...

📄 Keras 3.13.0 HDF5 Shape Bomb Denial of Service

This script is a security research tool demonstrating a denial of service vulnerability in Keras model loading through malicious HDF5 shape bombs. It generates .keras model archives containing artificially declared extremely large tensor shapes designed to force excessive memory allocation during...

Keras 3.13.0 Bulk Generator for Large-Scale HDF5 Shape Test Models

This script is a parallel batch generator designed to create multiple .keras model files using a thread pool. Each file is generated with a predefined set of large tensor shapes intended for stress testing or memory-impact evaluation in HDF5/Keras workflows...

ID-Eraser: Proactive Defense against Face Swapping Via Identity Perturbation

Deepfake technologies have rapidly advanced with modern generative AI, and face swapping in particular poses serious threats to privacy and digital security. Existing proactive defenses mostly rely on pixel-level perturbations, which are ineffective against contemporary swapping models that extra...

@headspinio/appium-roku-driver (>=2.6.1 <=2.7.0), @natlibfi/passport-melinda-aleph (=3.0.3-alpha.1) +2 more potentially affected by CVE-2026-41673 via @xmldom/xmldom (=0.9.0)

@xmldom/xmldom NPM version =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on @xmldom/xmldom and may be impacted: - @headspinio/appium-roku-driver =2.6.1, =3.0.0, =1.7.9-beta.3, =1.8.0-beta.2 Source cves: CVE-2026-41673 Source advisory:...

@headspinio/appium-roku-driver (>=2.6.1 <=2.7.0), @natlibfi/passport-melinda-aleph (=3.0.3-alpha.1) +2 more potentially affected by CVE-2026-41674 via @xmldom/xmldom (=0.9.0)

@xmldom/xmldom NPM version =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on @xmldom/xmldom and may be impacted: - @headspinio/appium-roku-driver =2.6.1, =3.0.0, =1.7.9-beta.3, =1.8.0-beta.2 Source cves: CVE-2026-41674 Source advisory:...

@headspinio/appium-roku-driver (>=2.6.1 <=2.7.0), @natlibfi/passport-melinda-aleph (=3.0.3-alpha.1) +2 more potentially affected by CVE-2026-41672 via @xmldom/xmldom (=0.9.0)

@xmldom/xmldom NPM version =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on @xmldom/xmldom and may be impacted: - @headspinio/appium-roku-driver =2.6.1, =3.0.0, =1.7.9-beta.3, =1.8.0-beta.2 Source cves: CVE-2026-41672 Source advisory:...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013795)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013795 advisory. In the Linux kernel, the following vulnerability has been resolved: hwrng: geode - Fix PCI device refcount leak foreachpcidev is implemented by pcigetdevice. The...

DNG File Generator for Security Testing Masked RGB Tables

This Python script is a research-oriented DNG Digital Negative file generator designed to build a specially crafted image file with controlled metadata structures for security testing of DNG processing engines...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013302)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013302 advisory. The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, a...

Exploit for CVE-2026-3462

CVE-2026-3462 Acrobat Reader | Improperly Controlled Modifica...

cap-exploit-poc

cap-exploit-poc This repository contai...

dev.dsf:dsf-fhir-server-jetty (>=1.0.0 <=1.9.0), dev.dsf:dsf-tools-test-data-generator (>=1.0.0 <=1.9.0) potentially affected by CVE-2026-40939 via dev.dsf:dsf-fhir-server (>=1.0.0-M1 <=1.9.0)

dev.dsf:dsf-fhir-server MAVEN version =1.0.0-M1, =1.0.0, =1.0.0, =1.9.0 Source cves: CVE-2026-40939 Source advisory: OSV:GHSA-GJ7P-595X-QWF5...

dev.dsf:dsf-fhir-server-jetty (>=1.0.0 <=1.9.0), dev.dsf:dsf-tools-test-data-generator (>=1.0.0 <=1.9.0) potentially affected by CVE-2026-40939 via dev.dsf:dsf-fhir-server (>=1.0.0-M1 <=1.9.0)

dev.dsf:dsf-fhir-server MAVEN version =1.0.0-M1, =1.0.0, =1.0.0, =1.9.0 Source cves: CVE-2026-40939 Source advisory: SNYK:JAVA-DEVDSF-16540567...

CVE-2026-5088 Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts

Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts. The makesalt and makesaltbcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are unavailable, it will simply...

CORScanner

CORS Exploiter Automated CORS misconfiguration scanner with...

CVE-2026-40180

Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to 2.16.0 and 2.15.0-lts, the unzip method in ApicurioCodegenWrapper.java extracts ZIP entries without validating that the resolved file path stays within the intended output...

Malicious Package

Overview viewer-assets-generator is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...