Unity Linux 20.1060e / 20.1070e Security Update: git (UTSA-2026-017428)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017428 advisory. gitconnectgit in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as...

PT-2026-38792

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,...

JLSEC-2026-428 When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross...

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

Astra Linux - уязвимость в git

In connect.c, the gitconnectgit function in Git before version 2.30.1 allows a repository path to contain a newline character. This may lead to unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring...

Astra Linux - уязвимость в curl

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

Astra Linux - уязвимость в vsftpd

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers that implement different protocols but use compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker, who has access to the victim’s traffic at the TCP/IP layer, can redirect...

Automation-Exploit: A Multi-Agent LLM Framework for Adaptive Offensive Security with Digital Twin-Based Risk-Mitigated Exploitation

The offensive security landscape is highly fragmented: enterprise platforms avoid memory-corruption vulnerabilities due to Denial of Service DoS risks, Automatic Exploit Generation AEG systems suffer from semantic blindness, and Large Language Model LLM agents face safety alignment filters and...

Security Bulletin: Vulnerability impacts AIX due to cURL libcurl (CVE-2025-14524)

Summary Vulnerability in cURL libcurl might wrongly pass on an OAuth2 bearer token CVE-2025-14524. AIX uses cURL libcurl as part of rsyslog, LV/PV encryption integration with HPCS and in Live Update for interacting with HMC. Vulnerability Details CVEID:CVE-2025-14524 DESCRIPTION: When an OAuth2...

Vulnerability impacts AIX due to cURL libcurl (CVE-2025-14524)

IBM SECURITY ADVISORY First Issued: Wed Apr 15 15:24:39 CDT 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/curladvisory9.asc Security Bulletin: Vulnerability impacts AIX due to cURL libcurl CVE-2025-14524...

SigCorr 0.1.0

SigCorr detects cross-protocol attack chains spanning SS7/MAP, Diameter S6a, and GTPv2-C interfaces in mobile core networks. It performs unified subscriber identity correlation across protocol boundaries to detect multi-stage attacks that single-interface monitors miss. It is written in Java 17 a...

macOS 15.x < 15.7.5 Multiple Vulnerabilities (126795)

The remote host is running a version of macOS / Mac OS X that is 15.x prior to 15.7.5. It is, therefore, affected by multiple vulnerabilities: - A path handling issue was addressed with improved logic. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, mac...

AgentRFC: Security Design Principles and Conformance Testing for Agent Protocols

AI agent protocols -- including MCP, A2A, ANP, and ACP -- enable autonomous agents to discover capabilities, delegate tasks, and compose services across trust boundaries. Despite massive deployment MCP alone has 97M+ monthly SDK downloads, no systematic security framework for these protocols...

macOS 26.x < 26.4 Multiple Vulnerabilities (126794)

The remote host is running a version of macOS / Mac OS X that is 26.x prior to 26.4. It is, therefore, affected by multiple vulnerabilities: - A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. A user may be able to elevate privileges. CVE-2026-20631 - When...

EulerOS Virtualization 2.10.1 : curl (EulerOS-SA-2026-1532)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that...

EulerOS Virtualization 2.10.0 : curl (EulerOS-SA-2026-1552)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2026-1331)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP12 : curl (EulerOS-SA-2026-1386)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When doing multi-threaded LDAPS transfers LDAP over TLS with libcurl, changing TLS options in one thread would inadvertently change them globally an...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2026-1305)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2026-1552)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : curl (EulerOS-SA-2026-1331)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP,...