PT-2026-41011

Pode is a Cross-Platform PowerShell web framework for creating REST APIs, Web Sites, and TCP/SMTP servers. From 2.4.0, to before 2.13.0, when requesting content from a Static Route, it was possible to request paths such as http://localhost:8080/c:/Windows/System32/drivers/etc/hosts and have the...

Veritas: A Semantically Grounded Agentic Framework for Memory Corruption Vulnerability Detection in Binaries

Detecting memory corruption vulnerabilities in stripped binaries requires recovering object semantics, interprocedural propagation, and feasible triggers from low-level, lossy representations. Recent LLM-based approaches improve code understanding, but reliable detection still requires grounding ...

EUVD-2026-29963

When Bidirectional Forwarding Detection BFD is configured in Static and Dynamic routing protocols, undisclosed traffic can cause the Traffic Management Microkernel TMM to stop processing BFD packets and cause the configured routing protocol to fail over. Note: Software versions which have reached...

CVE-2026-44295

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum,...

CVE-2026-34019

When Bidirectional Forwarding Detection BFD is configured in Static and Dynamic routing protocols, undisclosed traffic can cause the Traffic Management Microkernel TMM to stop processing BFD packets and cause the configured routing protocol to fail over. Note: Software versions which have reached...

CVE-2026-44295 protobufjs-cli: Code injection in pbjs static output from crafted schema names

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum,...

CVE-2026-44295

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum,...

CVE-2026-44295 protobufjs-cli: Code injection in pbjs static output from crafted schema names

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum,...

CVE-2026-34019

CVE-2026-34019 affects F5 BIG-IP when BFD is enabled with Static/Dynamic routing; crafted traffic can cause TMM to stop processing BFD and trigger routing protocol failover. Impact: DoS to the configured routing protocol (data plane issue). Remediation per F5 advisory K000150508: disclose vulnera...

CVE-2026-34019 BIG-IP BFD vulnerability

When Bidirectional Forwarding Detection BFD is configured in Static and Dynamic routing protocols, undisclosed traffic can cause the Traffic Management Microkernel TMM to stop processing BFD packets and cause the configured routing protocol to fail over. Note: Software versions which have reached...

CVE-2026-34019

When Bidirectional Forwarding Detection BFD is configured in Static and Dynamic routing protocols, undisclosed traffic can cause the Traffic Management Microkernel TMM to stop processing BFD packets and cause the configured routing protocol to fail over. Note: Software versions which have reached...

CVE-2026-34019 BIG-IP BFD vulnerability

When Bidirectional Forwarding Detection BFD is configured in Static and Dynamic routing protocols, undisclosed traffic can cause the Traffic Management Microkernel TMM to stop processing BFD packets and cause the configured routing protocol to fail over. Note: Software versions which have reached...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: rust: cargo-1.95.0-5.hum1 aarch64, x8664 clippy-1.95.0-5.hum1 aarch64, x8664 rust-1.95.0-5.hum1 aarch64, x8664 rust-analyzer-1.95.0-5.hum1 aarch64, x8664 rust-debugger-common-1.95.0-5.hum1 noarch...

Security Incentivization: An Empirical Study of How Micropayments Impact Code Security

Security often receives insufficient developer attention because it does not directly generate visible value, leading to underinvestment in practice. We evaluate a countermeasure by team-level incentives tied to measurable security improvements over time. Our semi-automated mechanism aggregates...

protobuf.js 代码注入漏洞

protobuf.js is an open-source implementation of the Protocol Buffers format, written entirely in JavaScript. It supports Node.js and browsers running TypeScript. It’s easy to use, extremely fast, and can be used out of the box with.proto files! Versions of protobuf.js prior to 1.2.1 and 2.0.2 had...

PT-2026-40637

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3 F5 BIG-IP versions prior to 17.5.1 Description When Bidirectional Forwarding Detection BFD, a network protocol used to quickly detect faults in the bidirectional path between two forwarding engines, is...

angr 9.2.215

angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic "concolic" analysis, providing tools to solve a variety of tasks...

NPM: protobuf.js: Code injection in pbjs static output from crafted schema names

NPM: protobuf.js: Code injection in pbjs static output from crafted schema names vulnerability discovered by ? in WordPress Npm protobufjs-cli versions = 1.2.0...

protobuf.js: Code injection in pbjs static output from crafted schema names

Summary pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum, service, or derived full names could be written into the generated output without...

GHSA-6R35-46G8-JCW9 protobuf.js: Code injection in pbjs static output from crafted schema names

Summary pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum, service, or derived full names could be written into the generated output without...