Astra Linux - Vulnerability in Golang-1.19

There is a path traversal vulnerability in the filepath.Clean function on Windows. On Windows, the filepath.Clean function could transform an invalid path such as “a/../c:/b” into the valid path “c:\b”. This transformation of a relative if invalid path into an absolute path could enable a directo...

EUVD-2026-37629

Unauthenticated Insecure Direct Object References IDOR in Clean Login = 1.15 versions...

CVE-2026-54184

Unauthenticated Insecure Direct Object References IDOR in Clean Login = 1.15 versions...

CVE-2026-54184

The CVE concerns WordPress plugin Clean Login prior to or up to version 1.15 with an Unauthenticated Insecure Direct Object References (IDOR) vulnerability. The root cause is an IDOR issue in the plugin, potentially exposing object identifiers to unauthenticated users. CVSS 3.1 metrics indicate h...

CVE-2026-54184 WordPress Clean Login plugin <= 1.15 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in Clean Login = 1.15 versions...

WordPress Spam protection, Honeypot, Anti-Spam by CleanTalk plugin < 6.79 - Unauthenticated Stored XSS via Comment Shortcode Bypass vulnerability

Unauthenticated Stored XSS via Comment Shortcode Bypass vulnerability discovered by Matthew Rollings in WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk versions 6.79...

MAL-2026-5609 Malicious code in clean-my-pc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8139d8347bc83b12e276e481509aaca6af69adff21f7df1658a6eeadd31562f6 The package's collect.js imports childprocess, fs, http, https, and os, gathers host identifiers via os.hostname and os.homedir, reads files from the...

MAL-2026-5578 Malicious code in webpack-cache-clean (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f8656d094ec59721c08eb72a1ec8f1530cd07985edf705032926dd9a19461d9 On npm install, the package runs a postinstall hook node -e "require'./loader.js'" that spawns a detached child process. The child decodes an...

PT-2026-48387

Name of the Vulnerable Software and Affected Versions Anti-Spam by CleanTalk. Spam protection WordPress plugin versions prior to 6.79 Description Insufficient sanitization of content within a custom shortcode used in the email-encoding feature allows unauthenticated attackers to perform Stored...

CVE-2026-6579

A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown function of the file blog/views.py of the component Clean Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the...

exploit-validator

$repo Production-grade offensive security tool for Purpose...

PT-2026-49127

This crate provides Rust bindings to ML-DSA FIPS 204 via C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream implementations. As a result, this crat...

Token-Level Generalization in LoRA Adapter Backdoors: Attack Characterization and Behavioral Detection

We show that LoRA adapters, the dominant distribution format for fine-tuned LLMs, can be reliably backdoored through training data poisoning while preserving baseline task performance. On a Qwen 2.5 1.5B prompt-injection classifier, a small fraction of poisoned examples drives a...

CVE-2026-48905

The CVE-2026-48905 entry describes a vulnerability in the Joomla! Framework related to the cleanAttributes filter code, where inadequate input filtering creates an XSS vector in the HTML filtering path. According to the available metrics, this is a CVSS 4.0 base score of 6.9 (Medium) with impact ...

TTPrint: Evidence-Grounded TTP Extraction Via Diverge-Then-Converge Verification

Extracting MITRE ATT&CK techniques from cyber threat intelligence CTI reports is an open-set, multi-label problem requiring both high recall not missing techniques and high precision not hallucinating unsupported ones. Existing methods--rule-based, supervised, and LLM-based--struggle to achieve...

Astra Linux - уязвимость в git

Git is an open-source distributed revision control system. In affected versions of Git, a specially crafted repository containing symbolic links and files processed by clean/smudge filters like Git LFS may cause a just-checked-out script to be executed when cloning to a case-insensitive file syst...

Awakening the Hydra: Stabilizing Multi-Concept Backdoor Injection in Text-To-Image Diffusion Models

Text-to-image diffusion models are increasingly developed through open-source reuse and repeated downstream fine-tuning, where reused checkpoints are difficult to verify and thus more susceptible to hidden backdoor behaviors. In such ecosystems, a single pretrained model may be sequentially adapt...

CVE-2025-56352

In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 2024-02-18, the broker mishandles protocol violations during CONNECT packet parsing. When receiving a CONNECT packet with a zero-length Client ID while CleanSession is set to 0, the broker correctly replies with a CONNACK return code 0x0...

EUVD-2025-209887

In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 2024-02-18, the broker mishandles protocol violations during CONNECT packet parsing. When receiving a CONNECT packet with a zero-length Client ID while CleanSession is set to 0, the broker correctly replies with a CONNACK return code 0x0...

CVE-2025-56352

CVE-2025-56352 affects the tinyMQTT broker. When processing a CONNECT packet with a zero-length Client ID and CleanSession=0, the broker returns CONNACK 0x02 (Identifier Rejected) but fails to explicitly close the TCP connection, leaving the socket open. Repeated invalid CONNECT attempts can exha...