SUSE-SU-2026:0896-1 Security update for glibc

This update for glibc fixes the following issues: - CVE-2026-0861: memalign: reinstate alignment overflow check bsc1256766 - CVE-2026-0915: resolv: Fix NSS DNS backend for getnetbyaddr bsc1256822 - CVE-2025-15281: posix: Reset wordexpt fields with WRDEREUSE bsc1257005 - CVE-2025-8058: posix: Fix...

FreeRDP 数字错误漏洞

FreeRDP is an open-source implementation of the Remote Desktop Protocol RDP by the FreeRDP team. Versions of FreeRDP prior to 3.24.0 contained a numerical error vulnerability. This vulnerability occurred when nBlockAlign was set to 0, resulting in a zero overflow error in the MS-ADPCM and IMA-ADP...

From Shadow Models to Audit-Ready AI Security: A Practical Path with Qualys TotalAI

Key Takeaways AI security demands a paradigm shift, treating models, endpoints, and integrations as dynamic attack surfaces requiring continuous governance. Inventory-driven visibility is foundational to managing AI sprawl, uncovering hidden assets, and aligning security with innovation velocity...

Learning the APT Kill Chain: Temporal Reasoning over Provenance Data for Attack Stage Estimation

Advanced Persistent Threats APTs evolve through multiple stages, each exhibiting distinct temporal and structural behaviors. Accurate stage estimation is critical for enabling adaptive cyber defense. This paper presents StageFinder, a temporal graph learning framework for multi-stage attack...

CVE-2026-21385

Memory corruption while using alignments for memory allocation...

CVE-2026-21385

Memory corruption while using alignments for memory allocation...

EUVD-2026-9202

Memory corruption while using alignments for memory allocation...

CVE-2026-21385 Integer Overflow or Wraparound in Graphics

Memory corruption while using alignments for memory allocation...

CVE-2026-21385 Integer Overflow or Wraparound in Graphics

Memory corruption while using alignments for memory allocation...

CVE-2026-21385

Memory corruption while using alignments for memory allocation...

CVE-2026-21385

CVE-2026-21385 is a memory corruption vulnerability in the Qualcomm Display component (graphics) used by Qualcomm chipsets, caused by memory alignment handling during allocation. Exploitation has been observed in the wild in a limited, targeted manner, with attackers able to push malicious data t...

CLSA-2026-1772463357 glibc: Fix of CVE-2026-0861

CVE-2026-0861: fix alignment overflow in memalign/posixmemalign/alignedalloc that could lead to heap corruption...

VulnCheck KEV: CVE-2026-21385

Memory corruption while using alignments for memory allocation...

Qualcomm Chipsets 缓冲区错误漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. There are security vulnerabilities in Qualcomm Chipsets, and these vulnerabilities stem from memory corruption that occurs during memory allocation using alignment techniques...

CVE-2026-27015 FreeRDP: Smartcard NDR Alignment Padding Triggers Reachable WINPR_ASSERT Abort (Client DoS)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a missing bounds check in smartcardunpackreadsizealign libfreerdp/utils/smartcardpack.c:1703 allows a malicious RDP server to crash the FreeRDP client via a reachable WINPRASSERT → abort. The crash occurs in...

Autonomous Endpoint Management Isn’t Just Efficiency, It’s a Security Imperative

Autonomous Endpoint Management cuts exposure time by matching patch speed to attacker breakout timelines, reducing risk, workload delays, and breach costs...

Caddy: Unicode case-folding length expansion causes incorrect split_path index in FastCGI transport

Summary Caddy's FastCGI path splitting logic computes the split index on a lowercased copy of the request path and then uses that byte index to slice the original path. This is unsafe for Unicode because strings.ToLower can change UTF-8 byte length for some characters. As a result, Caddy can deri...

CIBER: A Comprehensive Benchmark for Security Evaluation of Code Interpreter Agents

LLM-based code interpreter agents are increasingly deployed in critical workflows, yet their robustness against risks introduced by their code execution capabilities remains underexplored. Existing benchmarks are limited to static datasets or simulated environments, failing to capture the securit...

wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon()

...

SUSE CVE-2025-71229

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: Fix alignment fault in rtwcoreenablebeacon rtwcoreenablebeacon reads 4 bytes from an address that is not a multiple of 4. This results in a crash on some systems. Do 1 byte reads/writes instead. Unable to handle kern...