CVE-2026-49185

The CVE-2026-49185 entry concerns FieldX MDM where the adb messaging topic passes unverified payloads directly into Runtime.exec(), enabling command/instruction injection. Affected component: adb messaging topic within FieldX MDM; root cause is unverified payloads executed via Runtime.exec(). Imp...

CVE-2026-49185 Instruction Injection via FieldX MDM

The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec, allowing command/instruction injection...

CVE-2026-46082

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Inject UD for INVLPGA if EFER.SVME=0 INVLPGA should cause a UD when EFER.SVME is not set. Add a check to properly inject UD when EFER.SVME=0. sean: tag for stable@...

Linux Distros Unpatched Vulnerability : CVE-2026-41675

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 an...

Reverse CAPTCHA: Evaluating LLM Susceptibility to Invisible Unicode Instruction Injection

We introduce Reverse CAPTCHA, an evaluation framework that tests whether large language models follow invisible Unicode-encoded instructions embedded in otherwise normal-looking text. Unlike traditional CAPTCHAs that distinguish humans from machines, our benchmark exploits a capability gap: model...

Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2020-10878)

Perl before 5.30.3 has an integer overflow related to mishandling of a PLregkindOPn == NOTHING situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. This plugin only works with Tenable.ot. Please visit...

EUVD-2020-3284

Malware in sbrugna...

EUVD-2023-34956

Malicious code in bioql PyPI...

CVE-2023-30575

Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data...

Rocky Linux 8 : perl (RLSA-2021:1678)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:1678 advisory. - Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow...

Indirect Instruction Injection in Multi-Modal LLMs

Interesting research: "Abusing Images and Sounds for Indirect Instruction Injection in Multi-Modal LLMs": Abstract: We demonstrate how images and sounds can be used for indirect prompt and instruction injection in multi-modal LLMs. An attacker generates an adversarial perturbation corresponding t...

UBUNTU-CVE-2023-30575

Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data...

PT-2023-22796 · Apache +1 · Apache Guacamole +1

Name of the Vulnerable Software and Affected Versions: Apache Guacamole versions 1.5.1 and older Description: The issue arises from incorrect calculations of instruction element lengths during the Guacamole protocol handshake. This could allow an attacker to inject Guacamole instructions through...

K40508224: Perl vulnerability CVE-2020-10878

Security Advisory Description Perl before 5.30.3 has an integer overflow related to mishandling of a "PLregkindOPn == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. CVE-2020-10878 Impact An attacker may be able to...

SUSE CVE-2020-10878

Perl before 5.30.3 has an integer overflow related to mishandling of a "PLregkindOPn == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection...

AlmaLinux 8 : perl (ALSA-2021:1678)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:1678 advisory. - Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow...

NewStart CGSL MAIN 6.02 : perl Multiple Vulnerabilities (NS-SA-2021-0134)

The remote NewStart CGSL host, running version MAIN 6.02, has perl packages installed that are affected by multiple vulnerabilities: - Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. CVE-2020-10543 ...

perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS

Perl before 5.30.3 has an integer overflow related to mishandling of a "PLregkindOPn == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection...

Oracle Linux 8 : perl (ELSA-2021-1678)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-1678 advisory. - Fix CVE-2020-10543 bug 1839273 - Fix CVE-2020-10878 bug 1839276 Tenable has extracted the preceding description block directly from the Oracle Linux...

perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS

Perl before 5.30.3 has an integer overflow related to mishandling of a "PLregkindOPn == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection...