PT-2026-4546

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description The iccDEV library contains a flaw in the CIccXmlArrayType function that can lead to a Null Pointer Dereference and Undefined Behavior. This happens when user-controlled input is used in ICC profile...

PT-2026-4558

Name of the Vulnerable Software and Affected Versions iccDEV versions 2.3.1.1 and below Description iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below contain Undefined Behavior and a Null Pointer Deferenc...

iccDEV security vulnerability

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.1 contained security vulnerabilities. These vulnerabilities stemmed from undefined behavior in icSigCalcOp, which could lead to denial-of-service attacks,...

iccDEV security vulnerability

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.1 contained security vulnerabilities. These vulnerabilities stemmed from undefined behavior and null pointer dereferencing in the CIccTagXmlFloatNum::ParseX...

From runtime risk to real‑time defense: Securing AI agents

AI agents, whether developed in Microsoft Copilot Studio or on alternative platforms, are becoming a powerful means for organizations to create custom solutions designed to enhance productivity and automate organizational processes by seamlessly integrating with internal data and systems. From a...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004894)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004894 advisory. In the Linux kernel, the following vulnerability has been resolved: capabilities: fix undefined behavior in bit shift for CAPTOMASK Shifting signed 32-bit value by 3...

GHSA-273P-M2CW-6833 Rekor's COSE v0.0.1 entry type nil pointer dereference in Canonicalize via empty Message

Summary Rekor’s cose v0.0.1 entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message. validate returns nil success when message is empty, leaving sign1Msg uninitialized, and Canonicalize later dereferences v.sign1Msg.Payload. Impa...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38277)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38277 advisory. - In the Linux kernel, the following vulnerability has been resolved: mtd: nand: ecc-mxic: Fix use of...

AZL-75231 CVE-2025-12781 affecting package python3 3.12.9-9

When passing data to the b64decode, standardb64decode, and urlsafeb64decode functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" parameter, typically used to establish an "alternative base64 alphabet" such as the URL safe alphabet. Th...

CVE-2025-12781

When passing data to the b64decode, standardb64decode, and urlsafeb64decode functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" parameter, typically used to establish an "alternative base64 alphabet" such as the URL safe alphabet. Th...

PSF-2026-7

When passing data to the b64decode, standardb64decode, and urlsafeb64decode functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" parameter, typically used to establish an "alternative base64 alphabet" such as the URL safe alphabet. Th...

CVE-2025-12781

CVE-2025-12781 concerns the base64 module in Python, where b64decode(), standard_b64decode(), and urlsafe_b64decode() historically accept the characters "+/" regardless of the altchars parameter. The connected sources confirm this behavior and note that newer RFCs recommend restricting to the spe...

`DynFuture` drop can construct a dangling reference

DynFuture is unsound because its Drop implementation transmutes a trait-object reference into unrelated reference types, which constructs an invalid reference from trait object metadata. This issue was reproduced against dyn-future 3.0.4 under Miri. And the crate is unmaintained...

PT-2026-3852

EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for terminate connection on failed response is False, which leaves the responsibility for session and connection termination to the EV. In this configuration, any errors encountered by the...

CLSA-2026-1768110920 kernel: Fix of 16 CVEs

crypto: lzo - Fix compression buffer overrun CVE-2025-38068 - wifi: brcmfmac: fix use-after-free when rescheduling brcmfbtcoexinfo work CVE-2025-39863 - NFSD: Protect against send buffer overflow in NFSv2 READ CVE-2022-43945 - tcp: Clear tcpsksk-fastopenrsk in tcpdisconnect. CVE-2025-40186 - can:...

MiracleLinux 8 : systemd-239-68.el8.4 (AXSA:2023-5147:05)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5147:05 advisory. systemd: local information leak due to systemd-coredump not respecting fs.suiddumpable kernel setting CVE-2022-4415 Tenable has extracted the preceding...

AI-Powered Surveillance in Schools

It all sounds pretty dystopian: Inside a white stucco building in Southern California, video cameras compare faces of passersby against a facial recognition database. Behavioral analysis AI reviews the footage for signs of violent behavior. Behind a bathroom door, a smoke detector-shaped device...

Multiple soundness issues in `scaly` safe APIs

Affected versions contain multiple safe APIs that can trigger undefined behavior: - Array::index can perform an out-of-bounds read. - String::getlength can perform an out-of-bounds read. - String::appendcharacter can perform an invalid write. - String::tocstring can perform an out-of-bounds write...

CVE-2026-22816

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these...

CVE-2026-22865

CVE-2026-22865 affects Gradle (Gradle native-platform tool) for versions before 9.3.0. During dependency resolution, certain exceptions (e.g., NoHttpResponseException) were not treated as fatal, causing Gradle to continue to the next repository and potentially fetch from a malicious one. The issu...