EUVD-2026-38982

In the Linux kernel, the following vulnerability has been resolved: perf/amd/ibs: Avoid calling perfallowkernel from the IBS NMI handler Calling perfallowkernel from the NMI context is unsafe and could be fatal. Capture the permission at event-initialization time by storing it in event-hw.flags,...

CVE-2026-54235

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.23.1rc0, ll temperature validation gates use comparison operators , which silently evaluate to False for NaN and for positive Infinity in Python's IEEE 754 float semantics. Both values pass every guard and propagat...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iio: proximity: hx9023s: Protect against division by zero in setsampfreq Avoid division by zero when the sampling frequency is not specified...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: perf: Fixed the issue with sample generation versus doexit. Baisheng Gao reported a crash in ARM64 mode. Mark interpreted this as a synchronous external abort—most likely due to attempting to access MMIO in a faulty way. The...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iio: imu: stlsm6dsx: Set buffer sampling frequency for accelerometer only The stlsm6dsxhwfifoodrstore function, which is called when the user space writes the buffer sampling frequency sysfs attribute, calls stlsm6dsxcheckodr. Th...

Improper Validation of Specified Type of Input

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input due to improper validation of the temperature parameter while sampling. An attacker can cause the...

CVE-2026-44223

vLLM is an inference and serving engine for large language models LLMs. From to before 0.20.0, the extracthiddenstates speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the EngineCore process. The crash ...

SUSE SLES15 Security Update : xen (SUSE-SU-2026:2102-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2102-1 advisory. This update for xen fixes the following issues - CVE-2025-54505: Floating Point Divider State Sampling on AMD CPUs AMD-SN-7053...

SUSE SLES12 Security Update : xen (SUSE-SU-2026:2066-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2066-1 advisory. This update for xen fixes the following issues - CVE-2025-54505: Floating Point Divider State Sampling on AMD CPUs AMD-SN-7053 bsc1262428. -...

SUSE-SU-2026:2102-1 Security update for xen

This update for xen fixes the following issues - CVE-2025-54505: Floating Point Divider State Sampling on AMD CPUs AMD-SN-7053 bsc1262428. - CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264066. - CVE-2026-23557: Xenstored DoS via XSRESETWATCHES command bsc1262178. - CVE-2026-23558:...

Evolving Skill-Structured Attack Memory Enhances LLM Jailbreaking

Jailbreak attacks on large language models LLMs aim to induce LLMs to produce content that they are expected to refuse. Automated black-box jailbreak generation is especially important for safety evaluation, where the attacker observes only model outputs and needs to automatically search for...

Security update for xen

This update for xen fixes the following issues CVE-2025-54505: Floating Point Divider State Sampling on AMD CPUs AMD-SN-7053 bsc1262428. CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264066. CVE-2026-23557: Xenstored DoS via XSRESETWATCHES command bsc1262178. CVE-2026-23558: grant tabl...

SUSE-SU-2026:2066-1 Security update for xen

This update for xen fixes the following issues - CVE-2025-54505: Floating Point Divider State Sampling on AMD CPUs AMD-SN-7053 bsc1262428. - CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264066. - CVE-2026-23557: Xenstored DoS via XSRESETWATCHES command bsc1262178. - CVE-2026-23558:...

python: Python: Information disclosure and arbitrary code execution via remote debugging with a malicious process.

A flaw was found in Python. A malicious Python process could exploit the "profiling.sampling" module and "asyncio introspection capabilities" to read and write memory addresses within a privileged process. This vulnerability occurs when the privileged process connects to the malicious process via...

python: Python: Information disclosure and arbitrary code execution via remote debugging with a malicious process.

A flaw was found in Python. A malicious Python process could exploit the "profiling.sampling" module and "asyncio introspection capabilities" to read and write memory addresses within a privileged process. This vulnerability occurs when the privileged process connects to the malicious process via...

SAGE: Scalable Automatic Gating Ensemble for Confident Negative Harvesting in Fraud Detection

Music streaming fraud, where bad actors artificially inflate stream counts to manipulate chart rankings and royalty payments, poses a significant threat to streaming services and legitimate content creators. Traditional fraud detection approaches struggle with a critical challenge: many legitimat...

Babel: Jailbreaking Safety Attention Via Obfuscation Distribution Optimized Sampling

Despite rigorous safety alignment, Large Language Models LLMs remain vulnerable to jailbreak attacks. Existing black-box methods often rely on heuristic templates or exhaustive trials, lacking mechanistic interpretability and query efficiency. In this study, we investigate an intrinsic...

Fedora 42 : xen (2026-0c9aff64a5)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-0c9aff64a5 advisory. oxenstored keeps quota related use counts across domain destruction XSA-483, CVE-2026-23556 Xenstored DoS via XSRESETWATCHES command XSA-484,...

SUSE CVE-2026-43354

In the Linux kernel, the following vulnerability has been resolved: iio: proximity: hx9023s: Protect against division by zero in setsampfreq Avoid division by zero when sampling frequency is unspecified...

PYSEC-2026-145

vLLM is an inference and serving engine for large language models LLMs. From to before 0.20.0, the extracthiddenstates speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the EngineCore process. The crash ...