CVE-2026-53674

CVE-2026-53674 affects BuddyPress 14.4.0. A regular expression injection in the activity mention resolver occurs when username compatibility mode is enabled, allowing an attacker to craft @mentions with regex metacharacters that pass esc_sql and are inserted into an unprepared REGEXP query on the...

CVE-2026-53674 BuddyPress 14.4.0 REGEXP Injection via @Mention Username Resolution

BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a REGEXP database clause by crafting mention names containing regex metacharacters. Attackers can submit...

CVE-2026-53674 BuddyPress 14.4.0 REGEXP Injection via @Mention Username Resolution

BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a REGEXP database clause by crafting mention names containing regex metacharacters. Attackers can submit...

PT-2026-48336

BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a REGEXP database clause by crafting mention names containing regex metacharacters. Attackers can submit...

PT-2026-48313

Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher STARTING, ENDING, or CONTAINING in Query By Example QBE. An attacker can supply wildcard characters to perform boolean-based blind data inference. Affected versions: Spring Data...

A Bayesian Network Approach for Enhancing Security-Focused Decision Support Systems

The adoption and integration of heterogeneous stacks in most of today's open-source based networks brings clear benefits like interoperability and availability of advanced features. Yet, on the other hand the increasing number of interconnecting components and moving parts requires maintaining an...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via Query By Example QBE StringMatcher handling. An attacker can perform boolean-based blind data inference by supplying wildcard characters in externally controlled input used to populate a QBE probe. When...

Important: Red Hat Security Advisory: Red Hat AI Inference 3.4.1 (cuda)

Red Hat AI Inference 3.4.1 cuda is now available. Red Hat AI Inference...

Important: Red Hat Security Advisory: Red Hat AI Inference Model Optimization Tools 3.4.1 (cuda)

Red Hat AI Inference Model Optimization Tools 3.4.1 cuda is now available. Red Hat AI Inference Model Optimization Tools...

Important: Red Hat Security Advisory: Red Hat AI Inference 3.4.1 (spyre)

Red Hat AI Inference 3.4.1 spyre is now available. Red Hat AI Inference...

Important: Red Hat Security Advisory: Red Hat AI Inference 3.4.1 (cpu)

Red Hat AI Inference 3.4.1 cpu is now available. Red Hat AI Inference...

RadKey: An LLM-Guided RF Backscatter System for Through-Wall Keystroke Inference

In today's digitally connected world, keyboards remain the primary interface for inputting sensitive information, making them a persistent target for eavesdropping attacks. While prior keystroke inference techniques have exploited side-channel signals such as acoustics and vibrations, they...

CVE-2026-41659

Admidio is an open-source user management solution. Prior to version 5.0.9, the member assignment DataTables endpoint membersassignmentdata.php includes hidden profile fields BIRTHDAY, STREET, CITY, POSTCODE, COUNTRY in its SQL search condition regardless of field visibility settings. While the...

CVE-2026-10300

A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched...

CVE-2026-44223

vLLM is an inference and serving engine for large language models LLMs. From to before 0.20.0, the extracthiddenstates speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the EngineCore process. The crash ...

CVE-2026-24214

NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, or denial of service...

CVE-2026-24173

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request to the server. A successful exploit of this vulnerability might lead to denial of service...

CVE-2026-24210

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to denial of service...

CVE-2026-24209

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a path traversal issue. A successful exploit of this vulnerability might lead to denial of service...

CVE-2026-24207

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure...