Strengthening Polymorphic Prompt Assembling: Dynamic Separator Generation against Emerging Prompt Injection Attacks

Polymorphic Prompt Assembling PPA defends LLM agents against prompt injections by randomly selecting separator pairs from a fixed pool to isolate user input from system instructions. Although effective, static pool reuse exposes a blast-radius vulnerability: once a separator leaks, it can be...

CVE-2026-46033

In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject short ahash digests during instance creation authencesn requires either a zero authsize or an authsize of at least 4 bytes because the ESN encrypt/decrypt paths always move 4 bytes of high-order sequen...

CVE-2026-46033

CVE-2026-46033 affects the Linux kernel crypto/authencesn path. The flaw allowed authenc esn instances to inherit an invalid default authsize (digest sizes 1–3) because crypto_authenc_esn_create() copied digestsize into inst->alg.maxauthsize without validation, while setauthsize() already reje...

CVE-2026-46033

crypto: authencesn - reject short ahash digests during instance creation...

MAL-2026-4677 Malicious code in swift-optimizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c54f35da6df5cef65715d49fb7942aff442ee9a0cb486862031e5009277db3a On npm install, [email protected] runs scripts/install-binary.js as a postinstall hook. The script is a hand-rolled JavaScript bytecode VM 123 KB...

CVE-2026-43859

A flaw was found in mutt, an email client, where it mishandles cryptographic digests used for IMAP Internet Message Access Protocol authentication. This incorrect handling could lead to a low integrity impact, potentially allowing a remote attacker to subtly affect the authentication process...

Linux Distros Unpatched Vulnerability : CVE-2026-5194

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant ke...

Improper Certificate Validation

Overview wolfssl is a None Affected versions of this package are vulnerable to Improper Certificate Validation. due to missing hash/digest size and OID checks in the certificate verification process. An attacker can bypass signature verification by providing digests smaller than allowed when...

CVE-2026-5194 wolfSSL ECDSA Certificate Verification

Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced security of ECDSA certificate-based authentication...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the verifyBlob in the Model Pull API that improperly verifies manifest containing both config and layer digests. An attacker can access internal resources or services by sending crafted requests...

GHSA-2CGV-28VR-RV6J libcrux incorrectly calculates on aarch64

On platforms without the core::arch::aarch64::vxarqu64 intrinsic, an unverified fallback in libcrux-intrinsics v0.0.3 passed incorrect arguments and produced wrong results. This corrupted SHA-3 digests and caused libcrux-ml-kem and libcrux-ml-dsa to sample incorrectly, yielding incorrect shared...

Incorrect calculation on aarch64

On platforms without the core::arch::aarch64::vxarqu64 intrinsic, an unverified fallback in libcrux-intrinsics v0.0.3 passed incorrect arguments and produced wrong results. This corrupted SHA-3 digests and caused libcrux-ml-kem and libcrux-ml-dsa to sample incorrectly, yielding incorrect shared...

DEBIAN-CVE-2025-12889

With TLS 1.2 connections a client can use any digest, specifically a weaker digest that is supported, rather than those in the CertificateRequest...

CVE-2025-12889

With TLS 1.2 connections a client can use any digest, specifically a weaker digest that is supported, rather than those in the CertificateRequest...

GHSA-HX2H-VJW2-8R54 DragonFly has weak integrity checks for downloaded files

Impact The DragonFly2 uses a variety of hash functions, including the MD5 hash. This algorithm does not provide collision resistance; it is secure only against preimage attacks. While these security guarantees may be enough for the DragonFly2 system, it is not completely clear if there are any...

BIT-KYVERNO-2023-47630 Attacker can cause Kyverno user to unintentionally consume insecure image

Kyverno is a policy engine designed for Kubernetes. An issue was found in Kyverno that allowed an attacker to control the digest of images used by Kyverno users. The issue would require the attacker to compromise the registry that the Kyverno users fetch their images from. The attacker could then...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix potential memory corruption in nvmetcprecvpdu nvmetcprecvpdu doesn't check the validity of the header length. When header digests are enabled, a target might send a packet with an invalid header length e.g. 255,...

kernel: nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()

An unchecked buffer bounds flaw was found in the Linux kernel's NVMe TCP Fabrics driver. An attacker with the ability to send a crafted packet to an affected NVMe host could exploit this flaw to alter kernel memory, leading to an escalation of privileges or a compromise of system integrity or...

kernel: nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()

An unchecked buffer bounds flaw was found in the Linux kernel's NVMe TCP Fabrics driver. An attacker with the ability to send a crafted packet to an affected NVMe host could exploit this flaw to alter kernel memory, leading to an escalation of privileges or a compromise of system integrity or...

RockyLinux 9 : libssh (RLSA-2024:2504)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2504 advisory. libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname CVE-2023-6004 libssh: Missing checks for return values for...