PT-2026-42695

Impact - Key: challenger/src/multi field challenger.rs | MultiField32Challenger::duplexing | transcript malleability - Affected files: challenger/src/multi field challenger.rs, field/src/helpers.rs - Violated invariant: The Fiat-Shamir sponge must bind challenges to the exact sequence of observed...

Malicious code in ethers-wallet-packages (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector beda1480a40189cc8177ace4e3d6fd9773ad81f4cbe5a6c07e3004427846dc8d The package impersonates the legitimate @ethersproject/wallet source files are otherwise verbatim copies, including the internal version string...

Toward Securing AI Agents like Operating Systems

Autonomous agents based on large language models LLMs are rapidly emerging as a general-purpose technology, with recent systems such as OpenClaw extending their capabilities through broad tool use, third-party skills, and deeper integration into user environments. At the same time, these agentic...

SUSE CVE-2014-0598

Directory traversal vulnerability in iPrint in Novell Open Enterprise Server OES 11 SP1 before Maintenance Update 9151 on Linux has unspecified impact and remote attack vectors...

AI Native Asset Intelligence

Modern security environments generate fragmented signals across cloud resources, identities, configurations, and third-party security tools. Although AI-native security assistants improve access to this data, they remain largely reactive: users must ask the right questions and interpret...

On the Security of Research Artifacts

Research artifacts are widely shared to support reproducibility, and artifact evaluation AE has become common at many leading conferences. However, AE mainly checks whether artifacts work as claimed and can be reproduced. It largely overlooks potential security risks. Since these artifacts are...

Oracle MySQL Server 安全漏洞

Oracle MySQL Server is an open source relational database management system for storing, managing and retrieving data. A denial of service vulnerability exists in Oracle MySQL Server. The vulnerability stems from a failure of the Server: Optimizer component to properly handle a specific request a...

📄 Microsoft Malware Protection Engine Type Confusion

Microsoft Malware Protection Engine type confusion vulnerability proof of concept exploit for an older vulnerability from 2017. ================================================================================================================================== | Title : Microsoft Malware Protection...

You have to invite them in

Welcome to this week's edition of the Threat Source newsletter. I found myself watching the Oscars ceremony in its entirety for the first time in a few years. I'm in the U.K., so I watched it the following day. With next week's Year in Review launch looming and several pieces of content still to...

Poisoning the Pixels: Revisiting Backdoor Attacks on Semantic Segmentation

Semantic segmentation models are widely deployed in safety-critical applications such as autonomous driving, yet their vulnerability to backdoor attacks remains largely underexplored. Prior segmentation backdoor studies transfer threat settings from existing image classification tasks, focusing...

Improved Leakage Abuse Attacks in Searchable Symmetric Encryption with EBPF Monitoring

Searchable Symmetric Encryption SSE allows users to search over encrypted data stored on untrusted servers, like cloud providers. While SSE hides the content of queries and documents, it still leaks patterns, such as how often a query is made. These leakages have been shown to enable leakage abus...

Robust Vision Systems for Connected and Autonomous Vehicles: Security Challenges and Attack Vectors

This article investigates the robustness of vision systems in Connected and Autonomous Vehicles CAVs, which is critical for developing Level-5 autonomous driving capabilities. Safe and reliable CAV navigation undeniably depends on robust vision systems that enable accurate detection of objects,...

PT-2026-5724

Name of the Vulnerable Software and Affected Versions OpenList versions prior to 4.1.10 Description The OpenList application disables TLS certificate verification by default for all outgoing storage driver communications, creating a risk of Man-in-the-Middle MitM attacks. This allows attackers to...

CVE-2026-23876 Heap buffer overflow with attacker-controlled data in XBM parser

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder ReadXBMImage allows an attacker to write controlled data past the allocated heap buffer when...

MiracleLinux 4 : java-1.6.0-openjdk-1.6.0.0-1.56.1.11.8.AXS4 (AXSA:2013-99:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-99:01 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2013-0424 Unspecified vulnerability in the Java Runtime Environment JRE...

CVE-2009-4740

Directory traversal vulnerability in the Webesse E-Card wsecard extension 1.0.2 and earlier for TYPO3 has unspecified impact and remote attack vectors...

CVE-2010-0612

Unspecified vulnerability in DocumentManager before 4.0 has unknown impact and attack vectors, related to file rights...

CVE-2007-4147

Multiple unspecified vulnerabilities in Interspire ArticleLive NX before 1.7.1.2 have unknown impact and attack vectors, possibly related to 1 ALSANITIZE and 2 "Calling the constructor to make sure things are checked, safe mode, etc."...

CVE-2008-7230

Unspecified vulnerability in Small Footprint CIM Broker SFCB before 1.2.5 has unknown impact and attack vectors...

CVE-2008-6110

Unspecified vulnerability in SemanticScuttle before 0.90 has unknown impact and attack vectors related to improper validation of parameters to profile.php...