PT-2026-35721

mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the application binary and authenticate as an arbitrary user. This issue affects mpGabinet version 23.12.19...

JLSEC-2026-254 Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values...

Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution,...

info-security-portfolio

Information Security Portfolio A curated collection of nine e...

BinExploit-Bench

BinExploit-Bench: Binary Exploitation Capability Benchmark for...

PT-2026-35239

The CVE-2026-9135 patch is out, but what about the next one? If you rely on vendors to tell you when you're hacked, you're already too late. Learn to build your own Linux binary instrumentation tools. Read more- https://t.co/o03RQDZYiC RockyLinux https://t.co/rMgg4cdHh8...

[SECURITY] Fedora 44 Update: python-cbor2-5.6.5-8.fc44

This library provides encoding and decoding for the Concise Binary Object Representation CBOR RFC 7049 serialization format...

CVE-2026-41326

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. From v3.4.0 to v3.28.0, an oversight in the CopyFile policy and perhaps the CopyFile handler allows untrusted hosts to write to arbitrary locations...

CVE-2026-41326

Kata Containers CVE-2026-41326 affects versions v3.4.0–v3.28.0 due to an oversight in the CopyFile policy/handler that allows untrusted hosts to write to arbitrary locations inside the guest workload image. This can overwrite binaries inside the guest and exfiltrate data from containers, includin...

PT-2026-35062

Name of the Vulnerable Software and Affected Versions Kata Containers versions 3.4.0 through 3.28.0 Description An oversight in the CopyFile policy and potentially the CopyFile handler allows untrusted hosts to write to arbitrary locations within the guest workload image. This flaw can be exploit...

Automation-Exploit: A Multi-Agent LLM Framework for Adaptive Offensive Security with Digital Twin-Based Risk-Mitigated Exploitation

The offensive security landscape is highly fragmented: enterprise platforms avoid memory-corruption vulnerabilities due to Denial of Service DoS risks, Automatic Exploit Generation AEG systems suffer from semantic blindness, and Large Language Model LLM agents face safety alignment filters and...

MAL-2026-3015 Malicious code in lyroxcoder (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0aa87cfde7d0b832cd24067a43e94d812a4f5ce64541e219fb6aa6b7388939ab Heavy obfuscate code for extracting further obfuscate binaries and executing them using file less techniques. Some versions contain the executable embedded,...

Exploit for Path Traversal in Jenkins

jenkinsscan Find jenkins environment and checks for CVE-2024-...

SUSE CVE-2026-6846

A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF Extended Common Object File Format object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution,...

Malicious code in lyrox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a758a1be229d0656a639cd9e76cb14b3224260a08da87b6de28ff2bc4c1d48ba Heavy obfuscate code for extracting further obfuscate binaries and executing them using file less techniques. Some versions contain the executable embedded,...

EUVD-2026-24978

The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::fromutf8lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm, whic...

coreutils' comm utility silently corrupts data by performing lossy UTF-8 conversion on all output lines

The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::fromutf8lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm, whic...

CVE-2026-35346

The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::fromutf8lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm, whic...

CVE-2026-35346 uutils coreutils comm Silent Data Corruption via Lossy UTF-8 Normalization

The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::fromutf8lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm, whic...

CVE-2026-35346 uutils coreutils comm Silent Data Corruption via Lossy UTF-8 Normalization

The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::fromutf8lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm, whic...

EUVD-2026-24741

Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This service binary is automatically launched with NT\SYSTEM privileges on boot. This issue affects all...