Amazon Linux 2023 : libsolv, libsolv-demo, libsolv-devel (ALAS2023-2026-1798)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1798 advisory. A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffe...

PT-2026-47380

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel where the xe vm madvise ioctl function fails to validate Page Attribute Table PAT indices. Specifically, using the XE COH NONE coherency mode with CPU...

Deserialization of Untrusted Data

Overview org.springframework:spring-jms is a maven plugin for Spring JMS. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via deserialization in MappingJackson2MessageConverter and JacksonJsonMessageConverter within an untrusted JMS environment. An attacker c...

PT-2026-47333

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in wojtekmach Req allows multipart parameter smuggling via attacker-influenced part metadata. Req.Utils.encode form part/2 in lib/req/utils.ex builds the per-part headers by interpolating the caller-supplied name, filename,...

State of Agentic AI Security and Governance

An OWASP white paper analyzing the security, governance, and risk management considerations surrounding agentic AI systems, including autonomous decision-making, tool access, prompt injection, data protection, and organizational oversight. This is version 2.01...

llm-endpoint-vulnerability-poc

LLM Endpoint Vulnerability PoC A proof-of-concept for exposin...

MAL-2026-5292 Malicious code in bittensor-burn-watch (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16180f1609731d35398f11dbfcb328826d2e39a7acf42fc256b563512645e6e5 Package advertises itself as a Bittensor subnet burn-rate monitor but bundles a live TELEGRAMBOTTOKEN and TELEGRAMCHATID in...

Malicious code in clip-logger (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0ee6244e4630a085f305c933f50283a232dda9e0d8e0ba3bab2bb880e53a736d The package contains code to steal clipboard content to a predefined remote location. If run in the right way, the code will periodically check the clipboard a...

MAL-2026-5293 Malicious code in clip-logger (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0ee6244e4630a085f305c933f50283a232dda9e0d8e0ba3bab2bb880e53a736d The package contains code to steal clipboard content to a predefined remote location. If run in the right way, the code will periodically check the clipboard a...

CVE-2026-8901

The Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Form Submission Data in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This make...

CVE-2026-8839

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.96.6. This is due to missing ownership verification in the REST API routes registered via MappressApi::restapiinit, where the GET...

CVE-2026-8502

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the 'returntype' parameter. This makes it possible for unauthenticated attackers to extract sensitive data...

CVE-2026-7566

The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP...

tarfile.data_filter path traversal bypass allows writing outside the extraction directory

...

CVE-2026-11265

An insufficient data validation flaw was found in the Autofill component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=500262869...

CVE-2026-11219

An insufficient data validation flaw was found in the Navigation component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=480074849...

CVE-2026-11161

An insufficient data validation flaw was found in the DataTransfer component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=501920294...

CVE-2026-11134

An insufficient data validation flaw was found in the Media component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=501640084...

SUSE CVE-2026-10944

Insufficient policy enforcement in Autofill in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-10950

Insufficient policy enforcement in Autofill in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...