Joern 4.0.554

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

PT-2026-46360

That number got my attention. I've cleaned up enough incidents to know what usually happens when a vulnerability becomes public. Attackers don't wait. Right now there are 145 WordPress plugins/themes with publicly disclosed vulnerabilities that still have no available fix. If you're running any o...

CVE-2025-69755

An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted command to the atcommand.asp interface...

PT-2026-46253

A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the component Admin Dashboard Page. The manipulation of the argument ID results in missing authorization...

CVE-2026-36180

CVE-2026-36180 affects GNCC GP5 v7.1.76. The issue is a lack of runtime integrity that lets physically-proximate attackers bypass read-only protections via a bind-mount attack, enabling modification of system files and binaries for the duration of a boot session. Documents consistently describe t...

PT-2026-46363

That number got my attention. I've cleaned up enough incidents to know what usually happens when a vulnerability becomes public. Attackers don't wait. Right now there are 145 WordPress plugins/themes with publicly disclosed vulnerabilities that still have no available fix. If you're running any o...

PT-2026-46180

A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template. save pil image of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A...

PT-2026-46210

Joomla com jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Attackers can send POST requests to the job.savejob task with path traversal sequences in the field 2 parameter to delete...

CVE-2026-36180

A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protections and modify system files and binaries for the duration of a boot session via a bind-mount attack...

Steering LLM Viewpoints through Fabricated Evidence Injection

As chatbots increasingly influence daily decision-making, their potential to produce misleading responses poses substantial risks to users. This paper investigates a critical cognitive vulnerability in LLMs: their tendency to uncritically trust external context when presented with fabricated...

Membrane: A Self-Evolving Contrastive Safety Memory for LLM Agent Defense

Despite advances in safety alignment, large language models remain vulnerable to continuously evolving jailbreaks. Existing fine-tuned safety classifiers cannot adapt to these evolving attacks, while adaptive memory-based guardrails tend to over-refuse benign queries that resemble stored attacks...

PT-2026-46252

Name of the Vulnerable Software and Affected Versions milvus-io milvus versions prior to 2.6.14 Description An issue exists in the Grantee ID Hash Handler component within the file internal/metastore/kv/rootcoord/kv catalog.go. This flaw allows for the use of a weak hash, which can be manipulated...

EUVD-2026-34281

A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protections and modify system files and binaries for the duration of a boot session via a bind-mount attack...

CVE-2026-36182

GNCC GP5 v7.1.76 uses a weak hashing algorithm to protect the root password, which could allow an attacker to brute-force and obtain root credentials and privileges. The CVE-2026-36182 entry shows a high-severity impact (CVSS v3.1: 9.8, NETWORK attack vector, no user interaction) with total poten...

PT-2026-46346

That number got my attention. I've cleaned up enough incidents to know what usually happens when a vulnerability becomes public. Attackers don't wait. Right now there are 145 WordPress plugins/themes with publicly disclosed vulnerabilities that still have no available fix. If you're running any o...

PT-2026-46887

Name of the Vulnerable Software and Affected Versions Shopware versions prior to 6.6.10.18 Shopware versions prior to 6.7.10.1 Description An attacker can enumerate administrator usernames by performing a timing attack. This occurs because the getUserEntityByUserCredentials function in the...

Linux Distros Unpatched Vulnerability : CVE-2026-44393

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when...

PT-2026-46260

Name of the Vulnerable Software and Affected Versions oslo.messaging versions 1.0.0 through 17.3.0 Description The RabbitMQ driver in oslo.messaging fails to perform TLS hostname verification when connecting to the message broker. While the driver enables certificate chain validation when ssl ca...

PT-2026-46189

Name of the Vulnerable Software and Affected Versions MLflow versions prior to 3.10.1 Description A flaw in the Dataset Digest Computation component allows the use of a weak hash. This issue occurs within the mlflow.data.digest utils function located in the mlflow/data/digest utils.py file. An...

PT-2026-46235

A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affected by this issue is the function BufferedReader.peek of the file gptcache/processor/pre.py of the component Cache Key Handler. Performing a manipulation of the argument input data"image" results in use of weak hash. The attac...