Hidden in Memory: Sleeper Memory Poisoning in LLM Agents

Large language models are increasingly augmented with persistent memory, allowing assistants to store user-specific information across sessions for personalization and continuity. This statefulness introduces a new security risk: adversarial content can corrupt what an assistant remembers and...

PT-2026-37102

Name of the Vulnerable Software and Affected Versions Incus versions prior to 7.0.0 Description Broken TLS validation logic in the OVN database connection logic allows connections to an attacker's OVN database. The OVN client implementations disable standard Go TLS server verification and use a...

summary-awi-poc

summary-awi-poc Public proof-of-concept repository for valida...

Langflow has Authenticated Code Execution in Agentic Assistant Validation

Description 1. Summary The Agentic Assistant feature in Langflow executes LLM-generated Python code during its validation phase. Although this phase appears intended to validate generated component code, the implementation reaches dynamic execution sinks and instantiates the generated class...

EUVD-2023-2456

Malicious code in bioql PyPI...

PsiTransfer: File integrity violation

Summary The absence of restrictions on the endpoint, which is designed for uploading files, allows an attacker who received the id of a file distribution to change the files that are in this distribution. Details Vulnerable endpoint: PATCH /files/id PoC 1. Create a file distribution. 2. Go to the...

amd: Return Address Predictor vulnerability leading to information disclosure

A side channel vulnerability was found in hw amd. Some AMD CPUs may allow an attacker to influence the return address prediction. This issue may result in speculative execution at an attacker-controlled instruction pointer register, potentially leading to information disclosure...

CVE-2023-4154

A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users possessing the GETCHANGES right to access all attributes, including sensitive...

MuteBond.sol: price discount can be manipulated which undermines its purpose of reflecting demand

Lines of code Vulnerability details Impact The bondPrice in the MuteBond contract increases linearly during the epochDuration from startPrice in the beginning to maxPrice in the end. The bondPrice determines how many MUTE tokens a user receives for bonding his LP tokens. The higher the bondPrice...

Staking: Attacker can stake very few tokens for others to increase the lock time of others' tokens.

Lines of code Vulnerability details Impact In the stake function of the Staking contract, anyone can stake tokens for others. And each time a token is staked, the lock time of all tokens is increased. This allows an attacker to stake few tokens for others to increase the lock time of others'...

CVE-2021-45907

An issue was discovered in gif2apng 1.9. There is a stack-based buffer overflow involving a for loop. An attacker has little influence over the data written to the stack, making it unlikely that the flow of control can be subverted...

UBUNTU-CVE-2021-45908

An issue was discovered in gif2apng 1.9. There is a stack-based buffer overflow involving a while loop. An attacker has little influence over the data written to the stack, making it unlikely that the flow of control can be subverted...

St. Jude Patches Additional Cardiac Device

St. Jude Medical has patched a vulnerability in another Merlin@home Transmitter medical device vulnerable to a man-in-the-middle attack. The medical device maker issued an update on Monday for its Merlin@home Transmitter “inductive” models, expanding the number of devices impacted by a...

LinPHA 0.9.x/1.0 forth_stage_install.php language Variable POST Method Local File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/16592/info LinPHA is prone to multiple local file-inclusion and PHP code-injection vulnerabilities. The local file-inclusion issues are due to insecure use of the 'includeonce' PHP function in multiple scripts. The PHP...

Kietu 2/3 - 'index.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/9499/info A flaw exists in the Kietu 'index.php' script that may permit remote attackers to include malicious remote files. Remote users may influence the include path for the 'config.php' configuration file, which may result in execution of arbitrary...