Joern 4.0.532

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

Astra Linux - уязвимость в libde265

Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the readcodingunit function at slice.cc...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix aqvec index out of range error The final update statement of the for loop exceeds the array range, the dereference of self-aqveci is not checked and then leads to the index out of range error. Also fixed this...

Astra Linux - уязвимость в gst-plugins-bad1.0

A flaw was discovered in the gstreamer H.264 component of gst-plugins-bad before v1.18.1. When parsing an H.264 header, an attacker could cause the stack to be corrupted, leading to memory corruption and potentially code execution...

Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: batman-adv: fixed OOB read/write in network-coding decode. batadvncskbdecodepacket relies on codedlen and only checks against skb-len. The XOR operation starts at sizeofstruct batadvunicastpacket, which reduces the payload...

CVE-2026-7588

Summary (CVE-2026-7588) : In the ggerve coding-standards-mcp project, the vulnerability affects the get_style_guide/get_best_practices function in server.py. The issue arises from manipulating the Language argument, which enables a path traversal condition. This can be exploited remotely over a n...

CVE-2026-7588 ggerve coding-standards-mcp server.py get_best_practices path traversal

A vulnerability was found in ggerve coding-standards-mcp. This issue affects the function getstyleguide/getbestpractices of the file server.py. The manipulation of the argument Language results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and...

EUVD-2026-26704

A vulnerability was found in ggerve coding-standards-mcp. This issue affects the function getstyleguide/getbestpractices of the file server.py. The manipulation of the argument Language results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and...

Coding Standards MCP Server 路径遍历漏洞

Coding Standards MCP Server is a coding specifications and best practices query tool for gerve individual developers. A path traversal vulnerability exists in Coding Standards MCP Server, which stems from a misbehavior of the getstyleguide/getbestpractices function with the parameter Language in...

PT-2026-36531

A vulnerability was found in ggerve coding-standards-mcp. This issue affects the function get style guide/get best practices of the file server.py. The manipulation of the argument Language results in path traversal. It is possible to launch the attack remotely. The exploit has been made public a...

Misconfigured Server Run by Hackers Leaks 345,000 Stolen Credit Cards

A misconfigured server linked to the carding marketplace Jerry’s Store exposed 345,000 stolen credit cards after an AI coding error caused a major security flaw...

CVE-2026-37555

An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path line 241 was fixed with sfcountt cast, but the WAV code path line 235 and close path line 167 were not. When samplesperblock int blocks int exceeds INTMAX, the 32-bit multiplication overflows before being assigned to...

[SECURITY] Fedora 44 Update: goose-1.23.2-8.fc44

Goose is your on-machine AI agent, capable of automating complex development tasks from start to finish. More than just code suggestions, goose can build entire projects from scratch, write and execute code, debug failures, orchestrate workflows, and interact with external APIs - autonomously...

USN-8205-1: GStreamer Bad Plugins vulnerabilities

It was discovered that multiple plugins in GStreamer contained arithmetic overflows. An attacker could possibly use this issue to cause applications using the plugins to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2023-37329, CVE-2023-40474, CVE-2023-40475,...

Joern 4.0.526

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007027)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007027 advisory. In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix OOB read/write in network-coding decode batadvncskbdecodepacket trusts codedlen a...

OpenClaude 安全漏洞

OpenClaude is an open-source coding assistant CLI developed by Gitlawb. Versions of OpenClaude prior to 0.5.1 contained security vulnerabilities. These vulnerabilities stemmed from logical flaws in the bashToolHasPermission function, which could allow for path traversal sequences to bypass...

Hack the AI agent: Build agentic AI security skills with the GitHub Secure Code Game

I was scrolling through my feed one evening when I came across OpenClaw, an open source personal AI assistant that people were calling everything from "Jarvis" to "a portal to a new reality." The idea is beautiful: an AI that lives on your machine or in the cloud, talks to you over WhatsApp or...

RRC Steganography

This is a proof of concept tool called Rotation Range-Coding RRC Steganography - an efficient and provably secure linguistic steganographic method that embeds secret messages into natural-language text generated by large language models. Included is the whitepaper discussing this tool called...

Maestro 0.15.3

Maestro is a cross-platform desktop app for orchestrating your fleet of AI agents and projects. It's a high-velocity solution for hackers who are juggling multiple projects in parallel. Designed for power users who live on the keyboard and rarely touch the mouse. Collaborate with AI to create...