Microsoft Office PowerPoint 访问控制错误漏洞

Microsoft Office PowerPoint is a software tool developed by the American company Microsoft for creating presentation documents PPTs. Microsoft Office PowerPoint has a security vulnerability related to access control. Attackers can exploit this vulnerability to carry out deceptive attacks...

Attacks and Mitigations for Distributed Governance of Agentic AI under Byzantine Adversaries

Agentic AI governance is a critical component of agentic AI infrastructure ensuring that agents follow their owner's communication and interaction policies, and providing protection against attacks from malicious agents. The state-of-the-art solution, SAGA, assumes a logically centralized point o...

Microsoft Word 访问控制错误漏洞

Microsoft Word is a word processing software within the Office suite developed by the American company Microsoft. There is an access control error vulnerability in Microsoft Word. Attackers exploit this vulnerability to carry out deceptive attacks...

Open-WebSearch 代码问题漏洞

Open-WebSearch is a multi-engine web search and content retrieval tool developed by Aasee’s individual developers, without the need for an API key. Versions of Open-WebSearch prior to 2.1.7 had code vulnerabilities. These vulnerabilities stemmed from URL security checks not recognizing IPv6...

Microsoft Azure Machine Learning 注入漏洞

Microsoft Azure Machine Learning is a machine learning service provided by Microsoft Corporation in the United States. There is an injection vulnerability present in Microsoft Azure Machine Learning. Attackers utilize this vulnerability to carry out phishing attacks...

Ivanti Xtraction 安全漏洞

Ivanti Xtraction is a data analysis and visualization reporting platform developed by the American company Ivanti, designed for IT operations and service management scenarios. Versions of Ivanti Xtraction prior to 2026.2 contained security vulnerabilities. These vulnerabilities stemmed from...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability. This vulnerability stemmed from insufficient policy execution in the IFrame Sandbox component, which could allow remote attackers to bypass navigation...

Microsoft Edge for Android 安全漏洞

Microsoft Edge for Android is a browser in the Android operating system developed by the American company Microsoft. There are security vulnerabilities in Microsoft Edge for Android. Attackers use these vulnerabilities to carry out phishing attacks...

Microsoft Teams 安全漏洞

Microsoft Teams is a software product developed by the American company Microsoft, used for online meetings, chatting, and cloud storage functions. There is a security vulnerability in Microsoft Teams. Attackers have exploited this vulnerability to carry out phishing attacks...

Microsoft M365 Copilot 访问控制错误漏洞

Microsoft M365 Copilot is an AI-driven productivity tool developed by the American company Microsoft. There is a security access control vulnerability in Microsoft M365 Copilot. Attackers exploit this vulnerability to carry out phishing attacks...

Microsoft M365 Copilot 访问控制错误漏洞

Microsoft M365 Copilot is an AI-driven productivity tool developed by the American company Microsoft. There is a security access control vulnerability in Microsoft M365 Copilot. Attackers exploit this vulnerability to carry out phishing attacks...

PT-2026-40388

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network SMN access, potentially resulting in arbitrary code execution in AMD Secure Processor ASP and loss of the SEV-SNP guest's confidentiality and integrity...

PT-2026-40387

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest integrity...

Security of Decoy-State Quantum Key Distribution with Correlated Bit-And-Basis Encoders

Practical quantum key distribution QKD modulators inevitably introduce correlations, causing the state emitted in a given round to depend on the setting choices made in previous rounds. These correlations break the round-by-round independence structure on which many widely used security proof...

Five Attacks on X402 Agentic Payment Protocol

The x402 protocol revives the HTTP 402 Payment Required status code to enable web-native micropayments across APIs, content, and agents. It combines synchronous HTTP authorization with asynchronous blockchain settlement and introduces a cross-layer attack surface absent from conventional web and...

Reconstruction of Personally Identifiable Information from Supervised Finetuned Models

Supervised Finetuning SFT has become one of the primary methods for adapting a large language model LLM with extensive pre-trained knowledge to domain-specific, instruction-following tasks. SFT datasets, composed of instruction-response pairs, often include user-provided information that may...

EUVD-2026-27657

Keylime has a hardcoded attestation challenge nonce that allows replay attacks...

SUSE CVE-2026-43383

In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

Link Preview JS 代码问题漏洞

Link Preview JS is an open-source tool developed by op-engineering for extracting information about web links. Versions of Link Preview JS prior to 4.0.1 contained code vulnerabilities. These vulnerabilities stemmed from the library’s failure to detect IPv6 loop attacks, and DNS attacks that coul...

Microsoft Edge 安全漏洞

Microsoft Edge is a web browser included with Windows 10 and later versions from Microsoft. There are security vulnerabilities in Microsoft Edge. Attackers use these vulnerabilities to carry out phishing attacks...