When Prompts Become Payloads: A Framework for Mitigating SQL Injection Attacks in Large Language Model-Driven Applications

Natural language interfaces to structured databases are becoming increasingly common, largely due to advances in large language models LLMs that enable users to query data using conversational input rather than formal query languages such as SQL. While this paradigm significantly improves usabili...

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017439)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017439 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.26 and prior. Easily exploitable...

Unity Linux 20.1060e / 20.1070e Security Update: mutt (UTSA-2026-017546)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017546 advisory. Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. Tenable has extracted the preceding description block directly from t...

MiracleLinux 8 : corosync-3.1.8-1.el8_10.1 (AXSA:2026-593:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-593:02 advisory. corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet CVE-2026-35091 corosync: Corosync: Denial of Service via...

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017763)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017763 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.21 and prior. Easily exploitable...

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017729)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017729 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.21 and prior. Easily exploitable...

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017441)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017441 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.26 and prior. Easily exploitable...

Linux Distros Unpatched Vulnerability : CVE-2026-6986

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mgaesgcmdecrypt of the file /src/tlsaes128.c of the...

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017678)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017678 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior...

Context-Aware Spear Phishing: Generative AI-Enabled Attacks against Individuals Via Public Social Media Data

We demonstrate how publicly available social-media data and generative AI GenAI can be misused to automate and scale highly personalized, context-aware spear-phishing campaigns. With minimal attacker effort, a small amount of public activity per target is sufficient for GenAI models to extract...

CVE-2026-8254 Devs Palace ERP Online sales_save cross site scripting

A security flaw has been discovered in Devs Palace ERP Online up to 4.0.0. Affected by this issue is some unknown functionality of the file /inventory/salessave. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the...

CVE-2026-8253 Devs Palace ERP Online purchase_save cross site scripting

A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. Affected by this vulnerability is an unknown functionality of the file /inventory/purchasesave. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available a...

CVE-2026-8248 Open5GS SMF npcf-handler.c update_authorized_pcc_rule_and_qos denial of service

A vulnerability was detected in Open5GS up to 2.7.7. The affected element is the function updateauthorizedpccruleandqos of the file /src/smf/npcf-handler.c of the component SMF. The manipulation results in denial of service. The attack may be launched remotely. The exploit is now public and may b...

EUVD-2021-34809

CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to...

CVE-2021-47949

CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to...

CVE-2021-47953 OpenCart 3.0.3.7 Cross-Site Request Forgery via account/password

OpenCart 3.0.3.7 contains a cross-site request forgery vulnerability that allows attackers to change user passwords by sending crafted requests to the account/password endpoint. Attackers can trick authenticated users into submitting hidden forms with new password values in the 'password' and...

CVE-2021-47953

OpenCart 3.0.3.7 is affected by a cross-site request forgery (CSRF) vulnerability in the account/password endpoint. An attacker can lure an authenticated user into submitting a hidden form with new password values (password and confirm), enabling account takeover. The vulnerability is documented ...

CVE-2021-47949 CyberPanel 2.1 Authenticated Remote Code Execution via Symlink Attack

CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to...

CVE-2021-47949 CyberPanel 2.1 Authenticated Remote Code Execution via Symlink Attack

CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to...

CVE-2021-47949

CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to...