1226 matches found
PT-2026-38941
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A bug exists in the Btrfs file system where the kernel may crash if the file system switches to read-only RO mode during a read-repair operation. This occurs when a critical error, such ...
Linux Distros Unpatched Vulnerability : CVE-2026-43299
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: do not ASSERT when the fs flips RO inside btrfsrepairiofailure BUG There is a bug report that when btrfs hits ENOSPC error in a critical path, btrfs flip...
Root-Cause-Driven Automated Vulnerability Repair
Recent LLM-based systems have made automated vulnerability repair increasingly practical, but two challenges remain. First, without strong signals about where a bug originates, repair agents drift toward shallow edits that silence the observed failure while leaving the underlying defect unresolve...
org.apache.atlas:atlas-catalog (>=0.8-incubating <=0.8.4), org.apache.atlas:atlas-index-repair-tool (>=2.2.0 <=2.4.0) +2 more potentially affected by CVE-2026-40563 via org.apache.atlas:atlas-repository (>=0.8-incubating <=2.4.0)
org.apache.atlas:atlas-repository MAVEN version =0.8-incubating, =0.8-incubating, =2.2.0, =0.8.3, =0.8-incubating, =2.4.0 Source cves: CVE-2026-40563 Source advisory: SNYK:JAVA-ORGAPACHEATLAS-16422860...
VulKey: Automated Vulnerability Repair Guided by Domain-Specific Repair Patterns
The increasing prevalence of software vulnerabilities highlights the need for effective Automatic Vulnerability Repair AVR tools. While LLM-based approaches are promising, they struggle to incorporate structured security knowledge from sources like CWE and NVD. Current methods either use this...
SUSE CVE-2026-33608
An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it...
Linux Distros Unpatched Vulnerability : CVE-2026-33608
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to...
EUVD-2026-24945
An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it...
DEBIAN-CVE-2026-33608
An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it...
CVE-2026-33608
An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it...
CVE-2026-33608
An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it...
CVE-2026-33608 Incomplete domain name sanitization during
An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it...
CVE-2026-33608 Incomplete domain name sanitization during
An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it...
CVE-2026-33608
An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it...
PT-2026-34445
An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it...
Towards Secure Logging: Characterizing and Benchmarking Logging Code Security Issues with LLMs
Logging code plays an important role in software systems by recording key events and behaviors, which are essential for debugging and monitoring. However, insecure logging practices can inadvertently expose sensitive information or enable attacks such as log injection, posing serious threats to...
ARES: Adaptive Red-Teaming and End-To-End Repair of Policy-Reward System
Reinforcement Learning from Human Feedback RLHF is central to aligning Large Language Models LLMs, yet it introduces a critical vulnerability: an imperfect Reward Model RM can become a single point of failure when it fails to penalize unsafe behaviors. While existing red-teaming approaches...
Lenovo Software Fix 安全漏洞
Lenovo Software Fix is a system repair tool developed by the Chinese company Lenovo. Lenovo Software Fix has a security vulnerability, which stems from improper permission verification. This vulnerability may allow locally authenticated users to execute arbitrary code with elevated privileges...
CVE-2026-36947
Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/services/viewservice.php...
CVE-2026-36946
Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/inquiries/viewdetails.php...