SUSE-SU-2026:21123-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-38542: RDMA/manaib: boundary check before installing cq callbacks bsc1226591. - CVE-2025-39817: efivarfs: Fix slab-out-of-bounds in...

Amazon Linux 2023 : libde265, libde265-devel (ALAS2023-2026-1585)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1585 advisory. libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in picparameterset::setderivedvalues. Th...

Organizational Security Resource Estimation Via Vulnerability Queueing

We provide an approach that closely estimates an organization's cyber resources directly from vulnerability timestamps, using a non-stationary queueing framework. Traditional attack-surface metrics operate on static snapshots, ignoring the core attack-defense dynamics within information systems,...

Security Bulletin: Segmentation Fault Vulnerability in Rust time crate on Unix Systems (v0.2.7–v0.2.22) affects watsonx.data

Summary A vulnerability in the Rust time crate v0.2.7–v0.2.22 can cause segmentation faults on Unix-like systems when environment variables are set from a different thread. Windows and WebAssembly targets are unaffected. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2020-26235...

CVE-2026-34944

Wasmtime (WebAssembly runtime) prior to versions 24.0.7, 36.0.7, 42.0.2, and 43.0.1 on x86-64 with SSE3 disabled could compile f64x2.splat via Cranelift in a way that loads 8 extra bytes. When signals-based traps are disabled this may cause an uncaught segfault from unmapped guard pages. With gua...

Why Network Segmentation Projects Fail

Network segmentation is a foundational enterprise security control. Despite its recognized benefits, segmentation initiatives frequently fail in practice, and the field lacks a systematic empirical explanation for why these projects do not achieve their intended outcomes. This paper presents an...

PT-2026-31719

Name of the Vulnerable Software and Affected Versions versions not specified Description A remote attacker with low privileges can manipulate Modbus register values used in odorant injection logic, potentially causing over or under-injection of odorant into a gas line. Attackers have exploited th...

RHEL 10 : libtiff (RHSA-2026:7304)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7304 advisory. The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: Segment fault in...

vim: Vim: Denial of service and information disclosure via crafted swap file

A flaw was found in Vim. This vulnerability, a heap-buffer-overflow and a segmentation fault, exists in the swap file recovery logic. A local attacker could exploit this by providing a specially crafted swap file. This could lead to a denial of service DoS or potentially information disclosure...

vim: Vim: Denial of service and information disclosure via crafted swap file

A flaw was found in Vim. This vulnerability, a heap-buffer-overflow and a segmentation fault, exists in the swap file recovery logic. A local attacker could exploit this by providing a specially crafted swap file. This could lead to a denial of service DoS or potentially information disclosure...

vim: Vim: Denial of service and information disclosure via crafted swap file

A flaw was found in Vim. This vulnerability, a heap-buffer-overflow and a segmentation fault, exists in the swap file recovery logic. A local attacker could exploit this by providing a specially crafted swap file. This could lead to a denial of service DoS or potentially information disclosure...

CLSA-2026-1775148022 binutils: Fix of 3 CVEs

CVE-2025-66862: fix heap-buffer-overflow in gnuspecial in cplus-dem.c - CVE-2025-66863: fix SEGV in ddiscriminator in cp-demangle.c - CVE-2025-66865: fix stack overflow in dprintcomp in cp-demangle.c...

binutils: Fix of 3 CVEs

CVE-2025-66862: fix heap-buffer-overflow in gnuspecial in cplus-dem.c - CVE-2025-66863: fix SEGV in ddiscriminator in cp-demangle.c - CVE-2025-66865: fix stack overflow in dprintcomp in cp-demangle.c...

vim: Vim: Denial of service and information disclosure via crafted swap file

A flaw was found in Vim. This vulnerability, a heap-buffer-overflow and a segmentation fault, exists in the swap file recovery logic. A local attacker could exploit this by providing a specially crafted swap file. This could lead to a denial of service DoS or potentially information disclosure...

vim: Vim: Denial of service and information disclosure via crafted swap file

A flaw was found in Vim. This vulnerability, a heap-buffer-overflow and a segmentation fault, exists in the swap file recovery logic. A local attacker could exploit this by providing a specially crafted swap file. This could lead to a denial of service DoS or potentially information disclosure...

AgentWatcher: A Rule-Based Prompt Injection Monitor

Large language models LLMs and their applications, such as agents, are highly vulnerable to prompt injection attacks. State-of-the-art prompt injection detection methods have the following limitations: 1 their effectiveness degrades significantly as context length increases, and 2 they lack...

CVE-2026-34535

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a segmentation fault SEGV in CIccTagArray::Cleanup. The issue is observable under UBSan/ASan as misaligned member access / misaligned pointer...

CVE-2026-34535

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a segmentation fault SEGV in CIccTagArray::Cleanup. The issue is observable under UBSan/ASan as misaligned member access / misaligned pointer...

CVE-2026-34535 iccDEV: SEGV in CIccTagArray::Cleanup()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a segmentation fault SEGV in CIccTagArray::Cleanup. The issue is observable under UBSan/ASan as misaligned member access / misaligned pointer...

CVE-2026-34535

iccDEV is affected by CVE-2026-34535 prior to version 2.3.1.6. A crafted ICC profile can trigger a segmentation fault in CIccTagArray::Cleanup(), observable under UBSan/ASan as misaligned member access and misaligned pointer loads followed by an invalid read, causing a process crash when running ...