3716 matches found
CVE-2026-53069 net, bpf: fix null-ptr-deref in xdp_master_redirect() for down master
In the Linux kernel, the following vulnerability has been resolved: net, bpf: fix null-ptr-deref in xdpmasterredirect for down master syzkaller reported a kernel panic in bondrrgenslaveid reached via xdpmasterredirect. Full decoded trace: https://syzkaller.appspot.com/bug?extid=80e046b8da2820b6ba...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed the stackmap overflow check in bpfgetstackid Syzkaller reported a KASAN vulnerability related to out-of-bounds write operations in bpfgetstackid, when copying stack trace data. This issue occurs when the perf trace...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: Fixed a heap buffer overflow in ioam6fillTraceData. In the receive path, ioam6fillTraceData uses trace-nodelen to determine how much data to write for each node. It relies on this field directly from the incoming...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: perf: sched: Fixed a crash in perf when using the new isusertask helper. To obtain a user space stacktrace, the current task must be a user task that has executed in user space. It was previously possible to determine whether a...
PT-2026-51963
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A null-pointer dereference exists in the xdp master redirect function. This occurs when the function attempts to call the master's ndo xdp get xmit slave while the master device is not u...
CVE-2026-12823
A security flaw has been discovered in Browserbase Skills up to 20260526. This impacts an unknown function of the component Autobrowse Trace Artifact Handler. The manipulation results in incorrect default permissions. The attack requires a local approach. The exploit has been released to the publ...
CVE-2026-12823 Browserbase Skills Autobrowse Trace Artifact default permission
A security flaw has been discovered in Browserbase Skills up to 20260526. This impacts an unknown function of the component Autobrowse Trace Artifact Handler. The manipulation results in incorrect default permissions. The attack requires a local approach. The exploit has been released to the publ...
CVE-2026-12823 Browserbase Skills Autobrowse Trace Artifact default permission
A security flaw has been discovered in Browserbase Skills up to 20260526. This impacts an unknown function of the component Autobrowse Trace Artifact Handler. The manipulation results in incorrect default permissions. The attack requires a local approach. The exploit has been released to the publ...
CVE-2026-12823
Technical details about CVE-2026-12823 (affected product, vulnerable component, impact, remediation) are not publicly provided in the supplied documents. Monitor for updates.
PT-2026-51265
Name of the Vulnerable Software and Affected Versions Browserbase versions prior to 20260526 Description An issue exists in the Autobrowse Trace Artifact Handler component where a flaw in an unknown function allows for the manipulation of default permissions, resulting in incorrect permission...
ghidra-12.1.2-rce-ace-calc-poc
Ghidra 12.1.2 Conditional ACE/RCE Calc PoCs This repository p...
GHSA-F4XH-W4CJ-QXQ8 LangSmith SDK TracingMiddleware: Arbitrary server-side file read
Summary An attacker who can send an HTTP request to a server running the LangSmith SDK's TracingMiddleware can cause that server to read an arbitrary file from its local filesystem and upload the contents to LangSmith as a trace attachment. Depending on how the distributed trace system is deploye...
GHSA-GX93-M64W-5M6H Allure Report: Stored XSS via unescaped ANSI helper in status message/trace rendering
Summary The ansi.js Handlebars helper in allure-generator passes user-controlled statusMessage and statusTrace values from test result files through the ansi-to-html library and wraps the output in Handlebars SafeString without HTML escaping. Since ansi-to-html does not escape HTML entities by...
PT-2026-55945
Name of the Vulnerable Software and Affected Versions LangSmith Client SDKs versions prior to 0.8.18 Description An issue exists in the TracingMiddleware where an attacker can send an HTTP request to a server to force the reading of an arbitrary file from the local filesystem. The contents of the...
GHSA-W5CV-PW74-4RXC opentelemetry-collector-contrib: githubreceiver silently ignores configured required_headers authentication
githubreceiver Silently Ignores Configured requiredheaders Authentication Summary The githubreceiver webhook handler does not enforce the requiredheaders configuration. Headers are validated at startup config rejects empty keys/values but never checked on incoming requests. This follows the same...
Runtime Skill Audit: Targeted Runtime Probing for Agent Skill Security
Agent skills let LLM agents reuse instructions, resources, tools, and workflows, but they also create a new place for malicious behavior to hide. A skill may look benign in its documentation or code while becoming harmful only when it is invoked with particular user requests, local assets,...
CVE-2025-52611
HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to an undefined property being accessed in the application's JavaScript code. Specifically, the code attempts to read the property dashboard key from an object that is undefined...
CVE-2026-41004
A flaw was found in Spring Cloud Config Server. When trace logging is enabled, sensitive information is inadvertently written in plain text to the logs. A highly privileged local user could exploit this vulnerability to gain unauthorized access to confidential data, leading to information...
CVE-2026-2652
A flaw was found in mlflow. When the mlflow server is configured with basic authentication and served via uvicorn, an architectural mismatch in the FastAPI permission middleware allows unauthenticated remote attackers to bypass authentication on specific routes. This bypass enables attackers to...
EUVD-2025-210059
HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to an undefined property being accessed in the application's JavaScript code. Specifically, the code attempts to read the property dashboard key from an object that is undefined...