GHSA-HFFM-XVC3-VPRC vulnerabilities

Vulnerabilities for packages: renovate...

USN-8307-1: ONNX vulnerability

It was discovered that ONNX did not properly validate paths when extracting tar archives during model downloads. An attacker could possibly use this issue to overwrite arbitrary files on the system...

CVE-2026-48864

A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within .solv files due to insufficient input validation. An attacker can provide a specially crafted .solv file, which, when processed by a vulnerable application, can lea...

CVE-2026-4480

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by...

GHSA-WG65-39GG-5WFJ vulnerabilities

Vulnerabilities for packages: prometheus, minio...

CVE-2026-42151 vulnerabilities

Vulnerabilities for packages: prometheus, minio...

CVE-2026-32933 vulnerabilities

Vulnerabilities for packages: promitor...

GHSA-RVV3-G6HJ-G44X vulnerabilities

Vulnerabilities for packages: promitor...

CVE-2026-8376

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perlstudychunk in regcompstudy.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a lar...

Lessons from Penetration Tests on Large-Scale Agent Systems

As AI systems gain increasing autonomy and execution capability, the number of discovered security vulnerabilities continues to rise. However, many of these vulnerabilities are not fundamentally novel, but instead reflect recurring classes of weaknesses long observed in prior computing systems...

Backdoor Attacks on Fault Detection and Localization in Cyber-Physical Systems

Cyber-Physical Systems CPS integrate sensing, communication, computation, and control to support critical infrastructure, including smart grids, industrial automation, and control systems. In the electrical utility domain, various controllers are used in CPS to ensure the system detects and...

Linux Distros Unpatched Vulnerability : CVE-2026-5091

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison...

USN-8289-2: Linux kernel (NVIDIA) vulnerabilities

It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...

Malicious code in @gbrlxvii/ts-env-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a87c7356d89cd5eab9c271d10f1a74e288d09e5cf9333a9ee102ef8a532b31dd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in auth0-sample-dus-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e11085e4f685d863ed2e5196febd3ade6b5b64e18d19bb57d779d04e27a360df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Security of OpenClaw Agents: Fundamentals, Attacks, and Countermeasures

The rapid evolution of large language model LLM-driven autonomous agents has given rise to OpenClaw, a new class of open-source agent frameworks that operate as continuously running, skill-augmented systems with persistent memory, multi-channel interaction, and high degrees of autonomy. Such...

Linux Distros Unpatched Vulnerability : CVE-2026-41149

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and earlier, as well as 11.0.0-alpha.1...

Linux Distros Unpatched Vulnerability : CVE-2026-32175

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could writ...

Linux Distros Unpatched Vulnerability : CVE-2026-46597

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs. CVE-2026-46597 Note that Nessu...

Linux Distros Unpatched Vulnerability : CVE-2026-8631

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of...