CVE-2026-41713

A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns...

MAL-2026-3692 Malicious code in guan (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e04a9a658bc7616e72a5edf276dd049e5b697f2492c46929caf2e01fac95d84 The top-level src/guan/init.py unconditionally calls statisticsofguanpackage on every import guan. That function in src/guan/others.py opens a raw TC...

PT-2026-40007

A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns...

PT-2026-40301

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

Malicious code in @mimecast-ui/components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e59a7d55636b02d0a28954889c22f021de5b4f33c525ce7712706df60cd9af3 The package @mimecast-ui/components was found to contain malicious code. Source: ossf-package-analysis...

Incorrect Behavior Order

Overview @github/copilot is a GitHub Copilot CLI brings the power of Copilot coding agent directly to your terminal. Affected versions of this package are vulnerable to Incorrect Behavior Order that enables code execution via the core.fsmonitor configuration key in a nested bare git repository. A...

Incorrect Behavior Order: Validate Before Canonicalize

Overview Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize in the parsing of Git objects with malformed or ambiguous commit or tag objects. An attacker can cause inconsistent interpretation of object metadata or signature validation by...

Incorrect Behavior Order: Validate Before Canonicalize

Overview Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize in the parsing of Git objects with malformed or ambiguous commit or tag objects. An attacker can cause inconsistent interpretation of object metadata or signature validation by...

Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017577)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017577 advisory. A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior i...

Malicious code in pp-react-v5 (npm)

pp-react-v5 is a dependency confusion package published at the inflated version 10.0.0 to win npm resolution over any internally-hosted package of the same name. The package contains only a package.json with no functional source code. On installation the preinstall script executes a wget command...

GhostLock: SMB Deny-Share Handles As a Zero-Privilege Availability Weapon

GhostLock demonstrates that a low-privileged Windows domain user with standard read access to an SMB share can produce ransomware-equivalent organizational availability impact with zero writes, zero encryption, and zero signals in every behavioral defense the modern enterprise security stack...

When Prompts Become Payloads: A Framework for Mitigating SQL Injection Attacks in Large Language Model-Driven Applications

Natural language interfaces to structured databases are becoming increasingly common, largely due to advances in large language models LLMs that enable users to query data using conversational input rather than formal query languages such as SQL. While this paradigm significantly improves usabili...

MAL-2026-3509 Malicious code in pp-react-v5 (npm)

pp-react-v5 is a dependency confusion package published at the inflated version 10.0.0 to win npm resolution over any internally-hosted package of the same name. The package contains only a package.json with no functional source code. On installation the preinstall script executes a wget command...

Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017608)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017608 advisory. A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form...

Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017569)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017569 advisory. A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick...

Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017620)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017620 advisory. A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined...

Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017592)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017592 advisory. A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form...

Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017602)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017602 advisory. A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in...

Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017563)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017563 advisory. A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior...