Malicious code in tailwind-effect (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a340be9809f1baa4f0e0ce64286a7d9266ccb49cd82fae68f5ac02b50e193a5f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5081 Malicious code in tailwind-effect (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a340be9809f1baa4f0e0ce64286a7d9266ccb49cd82fae68f5ac02b50e193a5f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview tailwind-effect is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

BELL-CVE-2026-45980 CVE-2026-45980 does not affect BellSoft software

Bulletin has no description...

BELL-CVE-2025-71307 CVE-2025-71307 does not affect BellSoft software

Bulletin has no description...

Unity Linux 20.1050e / 20.1070e Security Update: sox (UTSA-2026-016773)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016773 advisory. An issue was discovered in SoX 14.4.2. lsxmakelpf in effectidsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is...

CVE-2026-44166 Pocketbase: Account pre-hijacking via OAuth2 unverfied->verified autolinking upgrade

Pocketbase is an open source web backend written in go. Prior to 0.22.42 and 0.37.4, in some situations, if an attacker knows the email address of the victim they can create and link an unverified PocketBase user in advance by authenticating with one of the OAuth2 app providers, e.g. "A". When th...

Can You Keep a Secret? Involuntary Information Leakage in Language Model Writing

Language models are deployed in settings that require compartmentalization: system prompts should not be disclosed, chain-of-thought reasoning is hidden from users, and sensitive data passes through shared contexts. We test whether models can keep prompted information out of their writing. We giv...

GHSA-3XJV-PMF2-GF2Q Flight has path traversal in `make:controller` CLI that creates arbitrary directories outside project root

Summary The make:controller CLI command calls mkdir..., recursive: true on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name contains /, but the recursive directory creation side effect...

I Can't Recognize (Yet): Delayed Rendering to Defeat Visual Phishing Detectors

Phishing webpages are continuously polluting the Web. Plenty of countermeasures have been proposed and the most advanced techniques leverage machine-learning methods that infer whether a webpage is benign or not by inspecting its visual representation. Yet, despite the demonstrated effectiveness ...

Alignment Contracts for Agentic Security Systems

Agentic security systems increasingly combine LLM planners with tools that can discover, validate, and report vulnerabilities. This creates an asymmetric control problem: the system should retain strong offensive capability inside an authorized engagement, while the same capabilities must be deni...

Detecting Avalanche Effect in Adversarial Settings: Spotting the Encryption Loops in Ransomware

Spotting encryption loops in binary-only ransomware is a critical reverse engineering task. Since the existence of avalanche effect, an intrinsic characteristic of any secure encryption algorithms, is unavoidable during a victim data encryption attack, it is a very promising direction to spot...

CVE-2026-6835

CVE-2026-6835 concerns the a+HCM product developed by aEnrich, which is vulnerable to an Arbitrary File Upload . The issue allows unauthenticated remote attackers to upload arbitrary files to arbitrary paths, including HTML documents, creating a potential XSS-like effect . The available sources c...

Involuntary In-Context Learning: Exploiting Few-Shot Pattern Completion to Bypass Safety Alignment in GPT-5.4

Safety alignment in large language models relies on behavioral training that can be overridden when sufficiently strong in-context patterns compete with learned refusal behaviors. We introduce Involuntary In-Context Learning IICL, an attack class that uses abstract operator framing with few-shot...

Global Web, Local Privacy? an International Review of Web Tracking

Web tracking by ad networks, social networks, and other third parties is privacy-invasive. To protect users' privacy an increasing number of countries are adopting new privacy laws. However, a major reason why their application on the web is so challenging is that privacy laws are local while the...

CVE-2026-33740 EspoCRM: Email importEml can import and delete another user's attachment by raw fileId

EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/importEml endpoint contains an Insecure Direct Object Reference IDOR vulnerability where the attacker-supplied fileId parameter is used to fetch any attachment directly from...

apparmor: fix side-effect bug in match_char() macro usage

...

CVE-2026-23406

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix side-effect bug in matchchar macro usage The matchchar macro evaluates its character parameter multiple times when traversing differential encoding chains. When invoked with str++, the string pointer advances on eac...

CVE-2026-23406

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix side-effect bug in matchchar macro usage The matchchar macro evaluates its character parameter multiple times when traversing differential encoding chains. When invoked with str++, the string pointer advances on eac...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a side-effect error in the matchchar macro, potentially leading to out-of-bounds reading...