EUVD-2026-22136

Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timing could be used to guess the secret password...

DEBIAN-CVE-2026-33948

jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin, jq uses strlen to determine buffer length instead of the actual byte...

CVE-2026-33948

jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin, jq uses strlen to determine buffer length instead of the actual byte...

Evaluating Differential Privacy against Membership Inference in Federated Learning: Insights from the NIST Genomics Red Team Challenge

While Federated Learning FL mitigates direct data exposure, the resulting trained models remain susceptible to membership inference attacks MIAs. This paper presents an empirical evaluation of Differential Privacy DP as a defense mechanism against MIAs in FL, leveraging the environment of the 202...

Microsoft Windows Admin Center 跨站脚本漏洞

Microsoft Windows Admin Center is a browser-based, locally deployed application developed by Microsoft. This tool is primarily used for managing servers and clusters. Microsoft Windows Admin Center has a cross-site scripting vulnerability. Attackers can exploit this vulnerability to carry out...

bind security update

9.16.23-34.0.1.el97.2 - Fix warning when changing device file permissions Orabug: 36518580 32:9.16.23-34.2 - Prevent Denial of Service via maliciously crafted DNSSEC-validated zone CVE-2026-1519 32:9.16.23-34.1 - Prevent cache poisoning due to weak PRNG CVE-2025-40780 - Replace downstream fixes...

CVE-2026-5086 Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks

Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timing could be used to guess the secret password...

CVE-2026-5086

CVE-2026-5086 affects Crypt::SecretBuffer

EUVD-2026-22043

Pachno 1.0.6 contains an open redirection vulnerability that allows attackers to redirect users to arbitrary external websites by manipulating the returnto parameter. Attackers can craft malicious login URLs with unvalidated returnto values to conduct phishing attacks and steal user credentials...

Totara LMS 安全漏洞

Totara LMS is an learning management system provided by the Totara company. Versions of Totara LMS prior to v19.1.5 contained security vulnerabilities. These vulnerabilities were due to improper access control, which could allow attackers to manipulate the login page code and launch brute-force...

Short Message Service (SMS) Phishing Attacks and Defenses: A Systematic Review

SMS Phishing also known as 'smishing' is a growing deceptive social engineering SE attack that leverages mobile SMS to conduct cybercrimes such as stealing sensitive information or spreading malware by tricking users into interacting with attackers' messages e.g., responding to or clicking URLs...

HAProxy 安全漏洞

HAProxy is an open-source TCP/HTTP load balancing server developed by the French company HAProxy. This server provides layer-4 and layer-7 proxy services and can support thousands of connections. It features efficiency and stability. Prior to version 3.3.6, HAProxy had security vulnerabilities...

Crypt::SecretBuffer 安全漏洞

Crypt::SecretBuffer is a cryptographic buffer module developed by NERDVANA’s individual developers, designed for secure storage and memory protection of sensitive data. Versions of Crypt::SecretBuffer prior to 0.019 contained security vulnerabilities, which were due to susceptibility to timing...

PT-2026-32548

Perl CPAN CVE-2026-5086: Crypt::SecretBuffer versions before 0.019 is susceptible to timing attacks https://t.co/9mQfUsrqkz For example, if it was used to store and compare plaintext passwords, then discrepancies in timing could be used to guess the secret password...

CVE-2026-40396

Varnish Cache 9 before 9.0.1 allows a "workspace overflow" denial of service daemon panic after timeoutlinger. A malicious client could send an HTTP/1 request, wait long enough until the session releases its worker thread timeoutlinger and resume traffic before the session is closed timeoutidle...

MetaGPT 代码注入漏洞

MetaGPT is a multi-agent framework developed by MetaGPT Inc. Versions of MetaGPT 0.8.1 and earlier contained a code injection vulnerability. This vulnerability stemmed from the generatethoughts function in the Tree-of-Thought Solver component’s metagpt/strategy/tot.py file, which could lead to...

PT-2026-32562

Name of the Vulnerable Software and Affected Versions jq versions prior to commit 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b Description CLI input parsing allows validation bypass via embedded NUL bytes when reading JSON from files or stdin. The software uses strlen to determine buffer length inste...

CowAgent 访问控制错误漏洞

CowAgent is an intelligent assistant and scalable agent framework developed by zhayujie’s individual developer. Versions of CowAgent 2.0.4 and earlier contained a security vulnerability related to access control. This vulnerability stemmed from the absence of authentication in the Agent Mode...

MetaGPT 安全漏洞

MetaGPT is a multi-agent framework developed by MetaGPT Inc. Versions of MetaGPT 0.8.1 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the evaluateCode function in the Mineflayer HTTP API component’s file metagpt/environment/minecraft/mineflayer/index.js, which...

XDG Desktop Portal 安全漏洞

XDG Desktop Portal is a frontend service for the desktop application sandbox environment developed by Flatpak. Versions of XDG Desktop Portal prior to 1.20.4 and 1.21.1 contained security vulnerabilities. These vulnerabilities stemmed from the possibility for any Flatpak application to manipulate...