Linux Distros Unpatched Vulnerability : CVE-2026-31394

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mac80211: fix crash in ieee80211chanbwchange for APVLAN stations ieee80211chanbwchange iterates all stations and accesses link-reserved.oper via...

PT-2026-30450

A security vulnerability has been detected in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /my-profile.php of the component Parameter Handler. The manipulation of the argument fullname leads to sql injection. It is possible to initiate the attack remotel...

SkillAttack: Automated Red Teaming of Agent Skills through Attack Path Refinement

LLM-based agent systems increasingly rely on agent skills sourced from open registries to extend their capabilities, yet the openness of such ecosystems makes skills difficult to thoroughly vet. Existing attacks rely on injecting malicious instructions into skills, making them easily detectable b...

CVE-2026-5526

A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been...

CVE-2026-5527 Tenda 4G03 Pro ECDSA P-256 Private Key server.key hard-coded key

A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key . It is possible t...

CVE-2026-5527 Tenda 4G03 Pro ECDSA P-256 Private Key server.key hard-coded key

A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key . It is possible t...

CVE-2026-5527

CVE-2026-5527 affects Tenda 4G03 Pro (versions 1.0/1.0re/01.bin/04.03.01.53). The issue resides in the ECDSA P-256 Private Key Handler, specifically the /etc/www/pem/server.key, where a hard-coded private key is used. This allows a remote attacker to exploit the vulnerability over the network wit...

MAL-2026-2489 Malicious code in databaserobooms (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 193ce4e29885d967183910228ce00d02b4380d25ff1a9b342b1fb5b4c124e3ca During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

CVE-2026-5473

A vulnerability has been found in NASA cFS up to 7.0.0. The impacted element is the function pickle.load of the component Pickle Module. Such manipulation leads to deserialization. The attack needs to be performed locally. The attack requires a high level of complexity. The exploitability is...

CVE-2026-5468

A security flaw has been discovered in Casdoor 2.356.0. This affects the function dangerouslySetInnerHTML. Performing a manipulation of the argument formCss/formCssMobile/formSideHtml results in cross site scripting. The attack can be initiated remotely. The exploit has been released to the publi...

EUVD-2018-21738

Microsoft One Search 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting excessively long input strings to the search functionality. Attackers can paste a buffer of 950 or more characters into the search bar to trigger an unhandled...

CVE-2018-25243

FastTube 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 1900 characters into the search bar and trigger a crash when the search operation ...

CVE-2018-25253

Termite 3.4 contains a buffer overflow vulnerability in the User interface language settings field that allows local attackers to cause a denial of service by supplying an excessively long string. Attackers can paste a 2000-byte payload into the Settings User interface language field to crash the...

CVE-2026-5453

A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the file br/com/rico/mobile/di/SegmentSettingsModule.java of the component br.com.rico.mobile. Such manipulation of the argument SEGMENTWRITEKEY leads ...

CVE-2026-33105

Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network...

Prototype Pollution

Overview @stablelib/cbor is a CBOR encoder and decoder Affected versions of this package are vulnerable to Prototype Pollution via the CBOR decoding process. An attacker can manipulate the prototype of decoded objects by supplying specially crafted map keys, such as proto, which can lead to...

Out-of-bounds Read

Overview mesop is a Build UIs in Python Affected versions of this package are vulnerable to Out-of-bounds Read through the WebSocket handler. An attacker can exhaust system resources and cause service outages by sending a rapid succession of WebSocket messages, which forces the server to spawn an...

PT-2026-30370

MyBB Last User's Threads in Profile Plugin 1.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by crafting thread subjects with script tags. Attackers can create threads with script payloads in the subject field that execute when users...

PT-2026-30324

Name of the Vulnerable Software and Affected Versions libp2p-rendezvous versions prior to 0.56.1 Description The libp2p-rendezvous server is susceptible to an Out-of-Memory OOM Denial of Service DoS condition. The server does not limit the number of namespaces a single peer can register. A...

Explainability-Guided Adversarial Attacks on Transformer-Based Malware Detectors Using Control Flow Graphs

Transformer-based malware detection systems operating on graph modalities such as control flow graphs CFGs achieve strong performance by modeling structural relationships in program behavior. However, their robustness to adversarial evasion attacks remains underexplored. This paper examines the...