minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

sigma-audit

Sigma Stack Audit Full-spectrum security audit combining five...

CVE-2026-6152

A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/StaffAddingFunction.php. This manipulation of the argument STAFFID causes sql injection. The attack can be initiated remotely. The exploit has been...

Important: Red Hat Security Advisory: rhc security update

An update for rhc is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

PT-2026-32506

A vulnerability was identified in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /jobs/job-delete.php of the component Delete Job Posting Handler. Such manipulation of the argument ID leads to improper access controls. The attack can be launched remotely...

PT-2026-32226

A vulnerability has been found in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /checkupdatestatus.php. The manipulation of the argument serviceId leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to t...

PT-2026-32198

A vulnerability was determined in danielmiessler Personal AI Infrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parse url.ts. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly...

CVE-2025-63743

Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScript code is execut...

CVE-2026-31282

Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can be manipulated to reveal the login form. An attacker can chain that with missing rate-limit on the login form to launch a brute force attack. NOTE: this is disputed by the Supplier because 1 local log...

Hardware-Efficient Compound IC Protection with Lightweight Cryptography

Over the years, many techniques have been introduced to protect integrated circuits ICs from hardware security threats that emerged in the globalized IC manufacturing supply chain, such as overproduction and piracy. However, most of these techniques have been rendered inefficient since they do no...

Short Message Service (SMS) Phishing Attacks and Defenses: A Systematic Review

SMS Phishing also known as 'smishing' is a growing deceptive social engineering SE attack that leverages mobile SMS to conduct cybercrimes such as stealing sensitive information or spreading malware by tricking users into interacting with attackers' messages e.g., responding to or clicking URLs...

TEMPLATEFUZZ: Fine-Grained Chat Template Fuzzing for Jailbreaking and Red Teaming LLMs

Large Language Models LLMs are increasingly deployed across diverse domains, yet their vulnerability to jailbreak attacks, where adversarial inputs bypass safety mechanisms to elicit harmful outputs, poses significant security risks. While prior work has primarily focused on prompt injection...

PT-2026-32447

Name of the Vulnerable Software and Affected Versions uclouvain openjpeg versions prior to 2.5.5 Description An integer overflow occurs in the opj pi initialise encode function within the src/lib/openjp2/pi.c library. This issue requires local access to be exploited. Recommendations Install the...

VulnCheck KEV: CVE-2026-25187

Improper link resolution before file access 'link following' in Winlogon allows an authorized attacker to elevate privileges locally...

VulnCheck KEV: CVE-2026-26127

Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network...

PT-2026-32284

A security vulnerability has been detected in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/UpdateVehicleFunction.php. The manipulation of the argument VEHICLE ID leads to sql injection. The attack may be initiated remotely. The...

PT-2026-32260

A vulnerability has been found in code-projects Simple ChatBox up to 1.0. Affected by this vulnerability is an unknown functionality of the file /chatbox/insert.php of the component Endpoint. Such manipulation of the argument msg leads to cross site scripting. The attack may be performed from...

PT-2026-32485

Name of the Vulnerable Software and Affected Versions AC800M System 800xA versions 6.0.0x through 6.0.0303.0 AC800M System 800xA versions 6.1.0x through 6.1.0031.0 AC800M System 800xA versions 6.1.1x through 6.1.1202.0 AC800M System 800xA versions 6.2.0x through 6.2.0006.0 Symphony Plus SD Series...

PT-2026-32274

A vulnerability was identified in code-projects Lost and Found Thing Management 1.0. Affected by this issue is some unknown functionality of the file /catageory.php. Such manipulation of the argument cat leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly...

PT-2026-32335

Sourcecodester Online Reviewer System v1.0 is vulnerale to SQL Injection in the file /system/system/admins/assessments/examproper/exam-update.php...