CVE-2026-23409

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix differential encoding verification Differential encoding allows loops to be created if it is abused. To prevent this the unpack should verify that a diff-encode chain terminates. Unfortunately the differential encod...

UBUNTU-CVE-2026-23406

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix side-effect bug in matchchar macro usage The matchchar macro evaluates its character parameter multiple times when traversing differential encoding chains. When invoked with str++, the string pointer advances on eac...

CVE-2026-23406

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix side-effect bug in matchchar macro usage The matchchar macro evaluates its character parameter multiple times when traversing differential encoding chains. When invoked with str++, the string pointer advances on eac...

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials through and exposed /loadIG endpoint in ca.uhn.hapi.fhir:org.hl7.fhir.validation. An attacker can obtain authentication credentials for external FHIR servers by submitting a crafted URL that exploits...

CVE-2018-25223

Crashmail 1.6 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending malicious input to the application. Attackers can craft payloads with ROP chains to achieve code execution in the application context, with failed attempts...

UBUNTU-CVE-2018-25223

Crashmail 1.6 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending malicious input to the application. Attackers can craft payloads with ROP chains to achieve code execution in the application context, with failed attempts...

CVE-2018-25223

CVE-2018-25223 : Crashmail 1.6 has a stack-based buffer overflow that allows remote code execution by sending crafted input to the application. Attackers can use payloads with ROP chains to run code in the application context, with failing attempts potentially causing a denial of service. Root ca...

CVE-2026-32037

OpenClaw versions prior to 2026.2.22 fail to consistently validate redirect chains against configured mediaAllowHosts allowlists during MSTeams media downloads. Attackers can supply or influence attachment URLs to force redirects to non-allowlisted targets, bypassing SSRF boundary controls...

Masters of Imitation: How Hackers and Art Forgers Perfect the Art of Deception

Unmasking impostors is something the art world has faced for decades, and there are valuable lessons from the works of Elmyr de Hory that can apply to the world of defensive cybersecurity. During the 1960s, de Hory gained infamy as a premier forger, passing off counterfeit masterworks of Picasso,...

Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in Recent Mass Attacks

The kernel exploit for two security vulnerabilities used in the recently uncovered Apple iOS exploit kit known as Coruna is an updated version of the same exploit that was used in the Operation Triangulation campaign back in 2023, according to new findings from Kaspersky. "When Coruna was first...

GHSA-CV4X-93XX-WGFJ vulnerabilities

Vulnerabilities for packages: tkn, tekton-chains-fips, tekton-pipelines, tkn-fips, tekton-pipelines-fips, tekton-chains...

CVE-2026-33022 vulnerabilities

Vulnerabilities for packages: tkn, tekton-chains-fips, tekton-pipelines, tkn-fips, tekton-pipelines-fips, tekton-chains...

GHSA-CV4X-93XX-WGFJ vulnerabilities

Vulnerabilities for packages: tekton-pipelines, tekton-chains, tkn...

CVE-2026-33022 vulnerabilities

Vulnerabilities for packages: tekton-pipelines, tekton-chains, tkn...

PT-2026-28254

PDF Explorer 1.5.66.2 contains a structured exception handler SEH overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH records with malicious data. Attackers can craft a payload with buffer overflow, NSEH jump, and ROP gadget chains that execute when the...

SUSE CVE-2026-30247

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, the application's "Import document via URL" feature is vulnerable to Server-Side Request Forgery SSRF through HTTP redirects. While the backend implements comprehensive UR...

Towards Remote Attestation of Microarchitectural Attacks: The Case of Rowhammer

Microarchitectural vulnerabilities increasingly undermine the assumption that hardware can be treated as a reliable root of trust. Prevention mechanisms often lag behind evolving attack techniques, leaving deployed systems unable to assume continued trustworthiness. We propose a shift from...

Malicious code in chai-as-chains (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector abf6eaadbaedff56f824c4c68f8af9138c01d40189e0225051d35c52dee1adc9 The package chai-as-chains was found to contain malicious code...

MAL-2026-2339 Malicious code in chai-as-chains (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector abf6eaadbaedff56f824c4c68f8af9138c01d40189e0225051d35c52dee1adc9 The package chai-as-chains was found to contain malicious code...

CVE-2026-28455

Rejected reason: This CVE ID has been rejected...