PT-2026-34120

Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain component: Product Quality Management. The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006999)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006999 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/i915/gvt: fix vgpu debugfs clean in remove Check carefully on root debugfs available when...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010704)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010704 advisory. In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix fault in reweightentity Syzbot found a GPF in reweightentity. This has been...

PT-2026-34037

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.5, ClearanceKit incorrectly treats a process with an empty Team ID and a non-empty Signing ID as an Apple platform binary. This bug allows a malicious software to impersonate an apple...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006933)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006933 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible descptr out-of-bounds accesses Sanitize possible descptr out-of-bounds...

PT-2026-34108

Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware component: Human workflow 11g+. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011273)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011273 advisory. In the Linux kernel, the following vulnerability has been resolved: riscv: process: fix kernel info leakage threadstruct's s12 may contain random kernel memory...

Oracle Agile Product Lifecycle Management for Process 安全漏洞

Oracle Agile Product Lifecycle Management for Process is a product lifecycle management system designed for the process industry by Oracle Corporation. Version 6.2.4 of Oracle Agile Product Lifecycle Management for Process contains a security vulnerability. This vulnerability stems from issues wi...

ClearanceKit 安全漏洞

ClearanceKit is a macOS file system access control tool developed by Craig J. Bass. Versions of ClearanceKit prior to 5.0.6 contained security vulnerabilities. These vulnerabilities stemmed from the opfilter Endpoint Security system extension, which could be suspended or terminated by the root...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011393)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011393 advisory. In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free bug of nilfsroot in nilfsevictinode During unmount process of nilfs2,...

AgentScope vulnerable to Server-Side Request Forgery

A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function processaudioblock of the file src/agentscope/agent/agentbase.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attack...

CVE-2026-6606 modelscope agentscope _agent_base.py _process_audio_block server-side request forgery

A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function processaudioblock of the file src/agentscope/agent/agentbase.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attack...

Enhancing Anomaly-Based Intrusion Detection Systems with Process Mining

Anomaly-based Intrusion Detection Systems IDSs ensure protection against malicious attacks on networked systems. While deep learning-based IDSs achieve effective performance, their limited trustworthiness due to black-box architectures remains a critical constraint. Despite existing explainable...

PT-2026-33712

A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function process audio block of the file src/agentscope/agent/ agent base.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the...

PT-2026-33862

OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to execute during built-in channel setup and login. Attackers can clone a workspace with a malicious plugin claiming a bundled channel id to achieve unintended in-process code...

PureRAT: A Multi-Stage, Fileless RAT Utilizing Image Steganography and Process Hollowing

PureRAT: A Multi-Stage, Fileless RAT Utilizing Image Steganography and Process Hollowing By Prashanth A N and Mallikarjun Wali · April 20, 2026 PureRAT is an advanced remote access trojan RAT characterized by its complex infection stages. The intrusion sequence is initiated by a malicious .LNK fi...

CVE-2026-33516

xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occurs when memory is accessed before validating the remaining buffer length. A remote, unauthenticated attacker can trigger this vulnerabilit...

OESA-2026-1914 systemd security update

systemd is a system and service manager that runs as PID 1 and starts the rest of the system. Security Fixes: systemd, a system and service manager, as PID 1 hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is...

OESA-2026-1911 systemd security update

systemd is a system and service manager that runs as PID 1 and starts the rest of the system. Security Fixes: systemd, a system and service manager, as PID 1 hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is...

SUSE CVE-2026-6304

Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...