CVE-2026-52937

CVE-2026-52937 details a stack information leak in the Linux kernel related to the macvtap mac address path. In tap_ioctl() for SIOCGIFHWADDR, the code copies 16 bytes from an uninitialized on-stack sockaddr_storage to userspace via ifr_hwaddr. The implementation only writes sa_family and dev-&gt...

PT-2026-49772

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.2 Description An inline-eval bypass allows authenticated operators to weaken strict allowlist checks using shell positional parameters. By combining allowlisted tools with shell positional arguments, attackers...

CVE-2026-50628 Apache CXF: OAuth2: Inverted IP Binding Check Defeats Security Control

A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any other IP address. Enabling this security feature inadvertently creates an inverse security check. Users are recommended to upgrade to versions 4.2.2 or...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, if the IMA appraisal method is used with the “imaappraiselog” boot parameter, lockdown can be circumvented using kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents the “imaappraiselog” parameter from being set during boot, but this does not cover...

As the US Midterms Approach, AI Is Going to Emerge as a Key Issue Concerning Voters

In December, the Trump administration signed an executive order that neutered states' ability to regulate AI by ordering his administration to both sue and withhold funds from states that try to do so. This action pointedly supported industry lobbyists keen to avoid any constraints and consequenc...

Stella_JRPG_POC

Stella JRPG POC Goal: a small proof-of-concept for a 4-phase J...

EUVD-2009-1254

Malware in sbrugna...

EUVD-2009-1890

Malware in sbrugna...

China Is About to Show Off Its New High-Tech Weapons to the World

On September 3, China will hold a “Victory Day” military parade in Tiananmen Square to celebrate the 80th anniversary of its victory over Japan—and to send the West a message...

Linux Distros Unpatched Vulnerability : CVE-2022-21505

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the linux kernel, if IMA appraisal is used with the imaappraise=log boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabl...

Cap Dev. Better red teaming with continuous Capability Development

TL;DR What Capability Development Cap Dev is in this context The big Cap Dev benefits for red teaming Operations and Development, sharing and improving Improvements to TTPs, hardware, and developing strategies Benefits of using a DevSecOps model for offensive security The essence of Cap Dev Cap D...

Defeat Web Shell WSO-NG

...

CAPTCHA-Breaking Services with Human Solvers Helping Cybercriminals Defeat Security

Cybersecurity researchers are warning about CAPTCHA-breaking services that are being offered for sale to bypass systems designed to distinguish legitimate users from bot traffic. "Because cybercriminals are keen on breaking CAPTCHAs accurately, several services that are primarily geared toward th...

accept() can be delayed or gas-griefed by burning a governance NFT

Lines of code Vulnerability details Impact Rage quitting or burning a token will set the lastBurnTimestamp to the current block's timestamp. This disables accept for the rest of the transactions in the block. This bug can be abused to either gas-grief or delay acceptance of proposals long enough...

CVE-2021-3923

A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdmacm device node. While this access is unlikely to leak sensitive user information, it can be...

SUSE CVE-2008-2316

Integer overflow in hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to "partial hashlib hashing of data exceeding 4GB."...

SUSE CVE-2014-0492

Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to defeat the ASLR protection...

SUSE CVE-2021-38205

drivers/net/ethernet/xilinx/xilinxemaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer i.e., the real IOMEM pointer...

Researchers Detail Emerging Cross-Platform BianLian Ransomware Attacks

.jpg The operators of the emerging cross-platform BianLian ransomware have increased their command-and-control C2 infrastructure this month, a development that alludes to an increase in the group's operational tempo. BianLian, written in the Go programming language, was first discovered in mid-Ju...

Votes which guarantee a majority for-vote can still result in a defeated proposal

Lines of code Vulnerability details Impact The current quorum logic in NounsDAOLogicV2.sol and NounsDAOLogicV1.sol seems undesirable. High, even complete, voter turnout may still not favour a majority for-vote, while a majority against-vote always wins, no matter how low the turnout is even zero...