CVE-2026-27354

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebCodingPlace WooCommerce Coming Soon Product with Countdown woo-coming-soon-product allows Stored XSS.This issue affects WooCommerce Coming Soon Product with Countdown: from n/a through = 5.0...

Phishing Attacks Against People Seeking Programming Jobs

This is new. North Korean hackers are posing as company recruiters, enticing job candidates to participate in coding challenges. When they run the code they are supposed to work on, it installs malware on their system. News article...

CVE-2026-26284

A flaw was found in ImageMagick, a free and open-source software used for editing and manipulating digital images. When processing Huffman-coded data from Photo CD PCD files, the image decoder contains an incorrect initialization that could lead to an out-of-bounds read. This vulnerability could...

Structure AG Libde265 安全漏洞

Structure AG Libde265 is a h.265 video codec developed by the German company Structure AG. There is a security vulnerability in Structure AG Libde265, which stems from a segmentation violation in the decoder context::computeframedroptable component...

H.265/HEVC Video Steganalysis Based on CU Block Structure Gradients and IPM Mapping

Existing H.265/HEVC video steganalysis research mainly focuses on statistical feature modeling at the levels of motion vectors MV, intra prediction modes IPM, or transform coefficients. In contrast, studies targeting the coding-structure level - especially the analysis of block-level steganograph...

Siemens SCALANCE and RUGGEDCOM Improper Input Validation (CVE-2025-39839)

In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix OOB read/write in network-coding decode batadvncskbdecodepacket trusts codedlen and checks only against skb-len. XOR starts at sizeofstruct batadvunicastpacket, reducing payload headroom, and the source skb length...

openclaw-security-quiz

🔒 Security & Best Practices Quiz A mobile-friendly quiz app w...

PT-2026-6187

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.0.74 Description Claude Code is an agentic coding tool affected by a Bash command validation flaw when parsing ZSH clobber syntax. This flaw allowed bypassing directory restrictions and writing files outside the...

AI Coding Assistants Secretly Copying All Code to China

There's a new report about two AI coding assistants, used by 1.5 million developers, that are surreptitiously sending a copy of everything they ingest to China. Maybe avoid using them...

Secure Integrated Sensing and Communication against Communication and Sensing Eavesdropping

Sensing privacy and communication confidentiality play fundamentally different but interconnected roles in adversarial wireless environments. Capturing this interplay within a single physical-layer framework is particularly challenging in integrated sensing and communication ISAC systems, where t...

Malicious Package

Overview magento-coding-standard-eslint-plugin is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

CVE-2026-21980

Vulnerability in the Oracle Life Sciences Central Coding product of Oracle Health Sciences Applications component: Platform. The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life...

EUVD-2026-3532

Vulnerability in the Oracle Life Sciences Central Coding product of Oracle Health Sciences Applications component: Platform. The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life...

CVE-2026-21980

Vulnerability in the Oracle Life Sciences Central Coding product of Oracle Health Sciences Applications component: Platform. The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life...

CVE-2026-21980

Vulnerability in the Oracle Life Sciences Central Coding product of Oracle Health Sciences Applications component: Platform. The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life...

CVE-2026-21980

Vulnerability in the Oracle Life Sciences Central Coding product of Oracle Health Sciences Applications component: Platform. The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life...

PT-2026-3727

Name of the Vulnerable Software and Affected Versions Oracle Life Sciences Central Coding version 7.0.1.0 Description An easily exploitable issue exists in the Oracle Life Sciences Central Coding product, specifically within the Platform component. An unauthenticated attacker with network access...

CVE-2023-49468

Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the readcodingunit function at slice.cc...

PT-2026-23767

GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...

EUVD-2025-205074

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix peer HE MCS assignment In ath11kwmisendpeerassoccmd, peer's transmit MCS is sent to firmware as receive MCS while peer's receive MCS sent as transmit MCS, which goes against firmwire's definition. While connecti...