5453 matches found
CVE-2026-31472
CVE-2026-31472 concerns the Linux kernel, specifically the xfrm/ IPTFS path. A crafted ESP packet with an inner IPv4 header can cause an infinite loop in __input_process_payload() if the inner header has tot_len=0 or malformed ihl. The fix adds validation to reject inner packets where tot_len <...
USN-8196-1 strongswan vulnerabilities
Haruto Kimura discovered that strongSwan incorrectly handled the supportedversions extension in TLS. A remote attacker could possibly use this issue to cause strongSwan to stop responding, resulting in a denial of service. CVE-2026-35328 Haruto Kimura discovered that strongSwan incorrectly handle...
Text Steganography with Dynamic Codebook and Multimodal Large Language Model
With the popularity of the large language models LLMs, text steganography has achieved remarkable performance. However, existing methods still have some issues: 1 For the white-box paradigm, this steganography behavior is prone to exposure due to sharing the off-the-shelf language model between...
Threat Detection and Resilience Techniques in PRS-Assisted OTDOA 5G Positioning Systems
Precise positioning is a key enabler for emerging 5G applications, from autonomous transport to industrial automation. Yet the open physical layer PL leaves standard positioning reference signals PRSs vulnerable to manipulation. This work addresses the security of downlink observed time differenc...
PT-2026-35583
USN-8196-1 fixed vulnerabilities in strongSwan. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: Haruto Kimura discovered that strongSwan incorrectly handled the supported versions extension in TLS. A remote attacker could possibly use this issue to...
PT-2026-35584
USN-8196-1 fixed vulnerabilities in strongSwan. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: Haruto Kimura discovered that strongSwan incorrectly handled the supported versions extension in TLS. A remote attacker could possibly use this issue to...
PT-2026-35580
USN-8196-1 fixed vulnerabilities in strongSwan. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: Haruto Kimura discovered that strongSwan incorrectly handled the supported versions extension in TLS. A remote attacker could possibly use this issue to...
CVE-2026-41192
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the reply and draft flows trust client-supplied encrypted attachment IDs. Any IDs present in attachmentsall but omitted from retained lists are decrypted and passed directly to Attachment::deleteByIds. Because...
EUVD-2026-24221
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the reply and draft flows trust client-supplied encrypted attachment IDs. Any IDs present in attachmentsall but omitted from retained lists are decrypted and passed directly to Attachment::deleteByIds. Because...
CVE-2026-41192 FreeScout's client-controlled attachment IDs allow deletion of existing conversation attachments
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the reply and draft flows trust client-supplied encrypted attachment IDs. Any IDs present in attachmentsall but omitted from retained lists are decrypted and passed directly to Attachment::deleteByIds. Because...
CVE-2026-41192 FreeScout's client-controlled attachment IDs allow deletion of existing conversation attachments
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the reply and draft flows trust client-supplied encrypted attachment IDs. Any IDs present in attachmentsall but omitted from retained lists are decrypted and passed directly to Attachment::deleteByIds. Because...
PT-2026-34039
Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.215 Description The reply and draft flows trust encrypted attachment IDs supplied by the client. Any IDs included in the attachments all variable but omitted from retained lists are decrypted and passed to the...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013323)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013323 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Use onlinevcpus, not createdvcpus, to iterate over vCPUs Use the kvmforeachvcpu helper ...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013285)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013285 advisory. A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State SEV-ES. A KVM guest using SEV-ES can trigger out-of-bounds...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010854)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010854 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak For some sev ioctl...
FreeScout 安全漏洞
FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.215 contained security vulnerabilities. These vulnerabilities stemmed from the reliance on encrypted attachment IDs provided b...
Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007007)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007007 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Flush pages under kvm-lock to fix UAF in svmregisterencregion Do the cache flush of...
MAL-2026-2949 Malicious code in pathjoin (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a94ee2403006fa62b8cfd3e6ac5a3ae32f316ab9b32fd0dc47fefdca52cf5899 During import, the code downloads and executes encrypted payload from remote location. During analysis, remote code was prepared to download the next stage...
Malicious code in pathjoin (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a94ee2403006fa62b8cfd3e6ac5a3ae32f316ab9b32fd0dc47fefdca52cf5899 During import, the code downloads and executes encrypted payload from remote location. During analysis, remote code was prepared to download the next stage...
Malicious code in leavemealone (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5628eb1d01e8eb7de8a582cd9ea85dff68eafde06f4e1164ae92842354db0bf7 During building the package, it executes encrypted code. The content is unclear as the decryption key bases on the local environment variable. Given leaving a...