2026-05 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB5087538)

2026-05 Cumulative Update for Windows 10 Version 1809 for x86-based Systems KB5087538...

2026-05 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 for x64 (KB5088860)

2026-05 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 for x64 KB5088860...

2026-05 Cumulative Update for Windows Server 2022 Datacenter: Azure Edition for x64-based Systems (KB5087545)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

2026-05 .NET 9.0.16 Security Update for x64 Client (KB5093448)

2026-05 .NET 9.0.16 Security Update for x64 Client KB5093448...

2026-05 .NET 10.0.8 Security Update for x64 Client (KB5093446)

2026-05 .NET 10.0.8 Security Update for x64 Client KB5093446...

2026-05 .NET 8.0.27 Security Update for x64 Client (KB5093447)

2026-05 .NET 8.0.27 Security Update for x64 Client KB5093447...

CVE-2026-31223

The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability CWE-502 in the BaseLabeler.load method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load function on user-supplied file paths without any validation or...

CVE-2026-5089 YAML::Syck versions before 1.38 for Perl has an out-of-bounds read

YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 sexagesimal parsing code in perlsyck.h has a buffer underflow bug in both intbase60 and floatbase60 handlers. When processing the leftmost segment of a colon-separated value e.g., the 1 in 1:30:45, the inner while loop...

EUVD-2026-29468

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and...

CVE-2026-33603

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and...

CVE-2026-33603

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and...

CVE-2026-31223

The snorkel library up to v0.10.0 has a CWE-502 insecure deserialization in BaseLabeler.load() that uses unsafe pickle.load() on user-supplied file paths, enabling a remote attacker to deliver a malicious pickle and achieve arbitrary code execution when loaded. Affected component: BaseLabeler (sn...

Open-Xchange OX Dovecot Pro 安全漏洞

Open-Xchange OX Dovecot Pro is a mail storage and delivery system provided by the German company Open-Xchange. Open-Xchange OX Dovecot Pro has a security vulnerability. This vulnerability arises from the possibility for attackers to use specially crafted Base64-encoded exchanges to forge SCRAM TL...

Snorkel 安全漏洞

Snorkel is an open-source system developed by Snorkel that uses weak supervision to quickly generate training data. Versions of Snorkel prior to v0.10.0 contain security vulnerabilities. These vulnerabilities stem from the BaseLabeler class’s BaseLabeler.load method, which uses the unsafe...

CVE-2026-31223

The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability CWE-502 in the BaseLabeler.load method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load function on user-supplied file paths without any validation or...

PT-2026-40062

The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability CWE-502 in the BaseLabeler.load method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load function on user-supplied file paths without any validation or...

When LLMs Team Up: A Coordinated Attack Framework for Automated Cyber Intrusions

Automated intrusion-style workflows require LLM agents to reason over partial observations, tool outputs, and executable artifacts under bounded budgets. A single LLM instance often compresses evidence extraction, planning, execution, and validation into one context, which increases the risk of...

Langflow 路径遍历漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow prior to 1.9.0 contained a path traversal vulnerability. This vulnerability stemmed from the path traversal in the knowledge base API, which could allow...

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +347 more potentially affected by CVE-2026-2614 via mlflow (>=0.8.2 <=3.0.1)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2026-2614 Source advisory: OSV:GHSA-42H5-H8QH-VV9V...

Command Injection

Overview automagik-genie is a Self-evolving AI agent orchestration framework with Model Context Protocol support Affected versions of this package are vulnerable to Command Injection via the readTranscriptFromCommit function. An attacker can execute arbitrary system commands by supplying crafted...