CVE-2026-41697

Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher STARTING, ENDING, or CONTAINING in Query By Example QBE. An attacker can supply wildcard characters to perform boolean-based blind data inference. Affected versions: Spring Data...

CVE-2026-41697

Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher STARTING, ENDING, or CONTAINING in Query By Example QBE. An attacker can supply wildcard characters to perform boolean-based blind data inference. Affected versions: Spring Data...

CVE-2026-41697

CVE-2026-41697 affects Spring Data Relational/JDBC/R2DBC across multiple versions (4.0.0–4.0.5; 3.5.0–3.5.11; 3.4.0–3.4.14; 3.3.0–3.3.16; 3.2.0–3.2.15; 3.1.0–3.1.14; 3.0.0–3.0.15; 2.4.0–2.4.19). The root cause is improper escaping of binding values for StringMatcher (STARTING, ENDING, CONTAINING)...

CVE-2026-41697 Spring Data Relational Parameter not Escaped for Query By Example LIKE Pattern

Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher STARTING, ENDING, or CONTAINING in Query By Example QBE. An attacker can supply wildcard characters to perform boolean-based blind data inference. Affected versions: Spring Data...

CVE-2026-41659

Admidio is an open-source user management solution. Prior to version 5.0.9, the member assignment DataTables endpoint membersassignmentdata.php includes hidden profile fields BIRTHDAY, STREET, CITY, POSTCODE, COUNTRY in its SQL search condition regardless of field visibility settings. While the...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001603)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001603 advisory. System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from...

kernel: information leak via transient execution vulnerability in some AMD processors

A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information...

CVE-2025-64492

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 8.9.0 and below contain a time-based blind SQL Injection vulnerability. This vulnerability allows an authenticated attacker to infer data from the database by measuring response times,...

USN-7848-1: AMD Microcode vulnerabilities

Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores. A local attacker could possibly use this issue to expose sensitive information. This update provides the updat...

USN-7848-1 amd64-microcode vulnerabilities

Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores. A local attacker could possibly use this issue to expose sensitive information. This update provides the updat...

EUVD-2018-15519

Malware in sbrugna...

EUVD-2025-20522

Malicious code in bioql PyPI...

PT-2025-45525

Name of the Vulnerable Software and Affected Versions SuiteCRM versions 8.0.0 through 8.9.0 Description SuiteCRM is an open-source Customer Relationship Management CRM software application. A time-based blind SQL Injection flaw exists in versions 8.9.0 and below. This issue allows an authenticate...

Zero Trust + AI: Privacy in the Age of Agentic AI

We used to think of privacy as a perimeter problem: about walls and locks, permissions, and policies. But in a world where artificial agents are becoming autonomous actors — interacting with data, systems, and humans without constant oversight — privacy is no longer about control. It's about trus...

kernel: information leak via transient execution vulnerability in some AMD processors

A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information...

"Is It Always Watching? Is It Always Listening?" Exploring Contextual Privacy and Security Concerns toward Domestic Social Robots

Equipped with artificial intelligence AI and advanced sensing capabilities, social robots are gaining interest among consumers in the United States. These robots seem like a natural evolution of traditional smart home devices. However, their extensive data collection capabilities, anthropomorphic...

Entangled Threats: a Unified Kill Chain Model for Quantum Machine Learning Security

Quantum Machine Learning QML systems inherit vulnerabilities from classical machine learning while introducing new attack surfaces rooted in the physical and algorithmic layers of quantum computing. Despite a growing body of research on individual attack vectors - ranging from adversarial poisoni...

SUSE CVE-2024-36350

A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information...

ALPINE-CVE-2024-36350

A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information...

CVE-2025-3648

A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization. Under certain conditional access control list ACL configurations, this vulnerability could enable unauthenticated and authenticated users to use range query requests to infer...