2488 matches found
[SECURITY] Fedora 44 Update: apptainer-1.5.0-1.fc44
Apptainer provides functionality to make portable containers that can be used across host environments...
PT-2026-41733
Name of the Vulnerable Software and Affected Versions mlflow versions prior to 3.11.0 Description The get or create nfs tmp dir function in mlflow/utils/file utils.py creates temporary directories with world-writable permissions 0o777, and the create model downloading tmp dir function in...
Exploit for CVE-2026-45091
CVE-2026-45091 ⚠️ Security Research & Legal Disclaimer...
Malicious Package
Overview knot-date-utils-rb is a malicious package. This package is part of a malicious cluster of Ruby gems published by the threat actor knot-theory. Designed to impersonate legitimate utilities, it executes a payload upon installation that harvests environment variables, SSH keys, AWS...
GHSA-7G25-3CHF-PPWR vulnerabilities
Vulnerabilities for packages: linux-aws, linux-vmware...
Malicious Package
Overview github.com/BufferZoneCorp/go-envconfig is a malicious package. This package contains malicious code designed to compromise developer systems and CI environments, specifically targeting GitHub Actions. The threat actor, operating under the GitHub account BufferZoneCorp, published a cluste...
CVE-2026-31221
PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...
OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation
OpenAI has launched Daybreak , a new cybersecurity initiative that brings together frontier artificial intelligence AI model capabilities and Codex Security to help organizations identify and patch vulnerabilities before attackers find a way in using the same issues. "Daybreak combines the...
SkillSafetyBench: Evaluating Agent Safety under Skill-Facing Attack Surfaces
Reusable skills are becoming a common interface for extending large language model agents, packaging procedural guidance with access to files, tools, memory, and execution environments. However, this modularity introduces attack surfaces that are largely missed by existing safety evaluations: eve...
AMD Server Software and Embedded Chipset Driver Vulnerabilities Identified in Windows® Environments
CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2026-0432| Incorrect default permissions in the installation directory for the AMD chipset driver could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.|...
PgBouncer buffer overflow in SCRAM
...
Security Risks in Tool-Enabled AI Agents: A Systematic Analysis of Privileged Execution Environments
Tool-enabled AI agents are increasingly deployed in cloud-hosted environments and offered as services, where they perform side-effecting operations through privileged tools within execution environments. While such agents enable powerful automation, the security implications of hosting autonomous...
Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel
CopyFail – CVE-2026-31431 Examples of PoCs and payloads for...
Before the Breach, There Was a Test Environment
Key Takeaways Most security failures do not begin where they are discovered. By the time risk becomes visible in production, the decisions that created it are often already sitting in test environments. “Temporary” test infrastructure often becomes permanent, creating persistent misconfigurations...
DecodingTrust-Agent Platform (DTap): A Controllable and Interactive Red-Teaming Platform for AI Agents
AI agents are increasingly deployed across diverse domains to automate complex workflows through long-horizon and high-stakes action executions. Due to their high capability and flexibility, such agents raise significant security and safety concerns. A growing number of real-world incidents have...
Beyond Collection: Measuring the Detection Efficacy of Modern Security Logging Standards
Effective security logging is crucial for the timely and accurate detection of cyber threats; however, the relative effectiveness of various industry-standard logging frameworks remains understudied. This paper addresses this critical gap by presenting the first systematic evaluation of modern...
PT-2026-38297
Name of the Vulnerable Software and Affected Versions Scramble versions 0.13.2 through 0.13.21 Description When documentation endpoints are publicly accessible and validation rules reference user-controlled input, request supplied data may be evaluated during documentation generation. This can le...
Important: Red Hat Security Advisory: multicluster engine for Kubernetes v2.11.0 General Availability
The multicluster engine for Kubernetes 2.11 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. The multicluster engine for Kubernetes v2.11 images The multicluster engine for Kubernetes provides the foundational components that a...
Practical Package Security: The Unofficial Guide
Get actionable best practices to shrink your attack surface, protect execution environments, control package ingestion, and catch compromises early...
cve-deep-dive
Report Bug · Request Feature Table of Contents a...