Linux Distros Unpatched Vulnerability : CVE-2026-22005

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and...

Linux Distros Unpatched Vulnerability : CVE-2026-22004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0...

PT-2026-34591

A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math equal of the file prime math/grader.py. The manipulation leads to sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be...

PT-2026-34722

@node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchange path accepts RFC7636-invalid code verifier values including one-character strings for S256 PKCE flows. Because short/weak verifiers are accepted and failed verifier attempts do not consume the...

PT-2026-34758

Name of the Vulnerable Software and Affected Versions Microsoft Power Apps affected versions not specified Description An uncontrolled search path element allows an unauthorized attacker to execute code over a network. Recommendations At the moment, there is no information about a newer version...

PT-2026-34764

OpenClaw before 2026.3.31 contains an authentication rate limiting bypass vulnerability that allows attackers to circumvent shared authentication protections using fake device tokens. Attackers can exploit the mixed WebSocket authentication flow to bypass rate limiting controls and conduct brute...

Joern 4.0.526

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

AutoRISE: Agent-Driven Strategy Evolution for Red-Teaming Large Language Models

Automated red-teaming methods for large language models typically optimize attack prompts within a fixed, human-designed strategy, leaving the attack strategy itself unchanged. We instead optimize the strategy. We propose AutoRISE, a method that searches over executable attack programs rather tha...

CVE-2025-70994

CVE-2025-70994 affects Yadea T5 Electric Bicycles (models manufactured in/after 2024). The keyless-entry system uses the EV1527 fixed-code RF protocol without rolling codes or cryptographic challenge-response, enabling a local attacker who intercepts a legitimate fob transmission to perform a rep...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw from 2026.2.26 to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from the system’s ability to execute pending pairing requests based on channel files rather than...

Yadea T5 Electric Bicycles 安全漏洞

Yadea T5 Electric Bicycles is a lightweight electric bicycle designed for urban commuting by Yadea Company. The Yadea T5 Electric Bicycles have a security vulnerability, which stems from a weak authentication mechanism in the keyless entry system. By using the fixed code RF protocol, local...

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack due to insecure handling of Process ID PID files. When an application uses the ApplicationPidFileWriter, it writes its PID to a predictable file system path. A local attacker with write access to the PID file's directory...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack in DevTool due to comparing the user-provided "remote secret" against the actual secret using standard string comparison logic like String.equals or ==. Standard string comparisons are not constant-time. They evaluate...

CVE-2026-41313

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to long runtimes. This requires loading a PDF with a large trailer /Size value in incremental mode. This has been fixed in pypdf 6.10.2. As...

SUSE-SU-2026:21382-1 Security update for python-Pillow

This update for python-Pillow fixes the following issue: - CVE-2026-40192: Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks bsc1262184...

Exploit for Improper Input Validation in Microsoft

Overview Python exploit for CVE-2026-32201 - improper input va...

CVE-2026-40937

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-alpha.94, all four notification target admin API endpoints in rustfs/src/admin/handlers/event.rs use a checkpermissions helper that validates authentication only access key + session token, without performing any...

Origin Validation Error

Overview locize is a This package adds the incontext editor to your i18next setup. Affected versions of this package are vulnerable to Origin Validation Error in the window.addEventListener message handler due to missing validation of the event.origin property. An attacker can execute arbitrary...

CVE-2026-34068 nimiq-transaction: UpdateValidator transactions allows voting key change without proof-of-knowledge

nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, the staking contract accepts UpdateValidator transactions that set newvotingkey=Some... while omitting newproofofknowledge. this skips the proof-of-knowledge requirement that is...

CVE-2026-34068

Summary (CVE-2026-34068) Nimiq-transaction’s staking contract (Rust) prior to v1.3.0 accepts UpdateValidator transactions that set new_voting_key=Some(...) without including new_proof_of_knowledge, bypassing the PoK requirement used to prevent BLS rogue-key attacks in aggregated signatures. Since...