PT-2026-43416

A security flaw has been discovered in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This affects an unknown function. Performing a manipulation results in cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been released ...

BAIT: Boundary-Guided Disclosure Escalation Via Self-Conditioned Reasoning

In this work, we propose BAIT Boundary-Aware Iterative Trap, a three-step jailbreak framework that approaches malicious goals through internal disclosure. BAIT first asks the model to identify the protection boundary, then requires it to refine that boundary, and finally requests a detailed...

CVE-2025-68710

Easyelife App lock aka Fingerprint,Applock or locker.app.safe.applocker 1.9.2 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows -...

Backdoor Attacks on Fault Detection and Localization in Cyber-Physical Systems

Cyber-Physical Systems CPS integrate sensing, communication, computation, and control to support critical infrastructure, including smart grids, industrial automation, and control systems. In the electrical utility domain, various controllers are used in CPS to ensure the system detects and...

Pear Archive_Tar 安全漏洞

Pear ArchiveTar is a PHP-based software developed by the PEAR team that allows for creating and extracting tar packages. Prior to version 3.08, Pear ArchiveTar had a security vulnerability. This vulnerability stemmed from the makespecialfile function, which passed the linkname of the tar header t...

Bitsery 安全漏洞

Bitsery is a C++ binary serialization library developed by Mindaugas Vinkelis. Versions of Bitsery 5.2.4 and earlier contained a security vulnerability. This vulnerability stemmed from improper validation of specified input types in the loadFromSharedState function within the...

Snipe-IT 输入验证错误漏洞

Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT prior to 8.4.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from the unauthorized storage of HTTP Referer headers in session variables,...

CVE-2026-48688

FastNetMon Community Edition through 1.2.9 contains multiple out-of-bounds reads in the BGP MPREACHNLRI IPv6 attribute decoder. The function decodempreachipv6 in src/bgpprotocol.cpp contains a TODO comment at line 156 explicitly acknowledging 'we should add sanity checks to avoid reads after...

CVE-2026-48693

FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' src/fastnetmon.cpp line 159. The printscreencontentsintofile function src/fastnetmonlogic.cpp line 2186 opens this path...

CVE-2026-48693

CVE-2026-48693 concerns the FastNetMon Community Edition up to 1.2.9. The issue is a local symlink attack due to predictable file paths in /tmp, notably the default statistics file at '/tmp/fastnetmon.dat'. The vulnerable code path opens this path with std::ios::trunc without following symlinks o...

Linux Distros Unpatched Vulnerability : CVE-2026-42502

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications...

Important: docker

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

Important: amazon-ecr-credential-helper

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

Hitachi Energy ITT600 Explorer

SUMMARY Hitachi Energy is aware of vulnerabilities that affect ITT600 Explorer product versions listed in this document. These vulnerabilities can be exploited to carry out Denial of Service DoS attack on the product. The vulnerabilities only affect Hitachi Energy Integrated Testing Tool ITT600...

Malicious code in bandkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 687dcebaf30461a2325de226851b84abfb6db6359a12c9392ece9c5ff02a620d bandkit ships a React component BandPanel that, when rendered without an explicit strategyWalletAddress prop — the configuration shown in the package...

CVE-2026-9504

A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bitconvertTU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public...

EUVD-2026-31762

A security flaw has been discovered in Totolink CA750-PoE 6.2c.510. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument admuser/admpass results in os command injection. The attack can b...

CVE-2026-9504 GNU LibreDWG Dwggrep Utility dwggrep.c bit_convert_TU out-of-bounds

A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bitconvertTU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public...

EUVD-2026-31745

A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bitconvertTU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public...

CVE-2026-9504 GNU LibreDWG Dwggrep Utility dwggrep.c bit_convert_TU out-of-bounds

A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bitconvertTU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public...