parse-server: Malformed `$regex` query leaks database error details in API response

Impact A malformed $regex query parameter e.g. abc causes the database to return a structured error object that is passed unsanitized through the API response. This leaks database internals such as error messages, error codes, code names, cluster timestamps, and topology details. The vulnerabilit...

CVE-2026-30835 Parse Server: Malformed `$regex` query leaks database error details in API response

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.7 and 9.5.0-alpha.6, malformed $regex query parameter e.g. abc causes the database to return a structured error object that is passed unsanitized through the API response...

CVE-2026-30835 Parse Server: Malformed `$regex` query leaks database error details in API response

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.7 and 9.5.0-alpha.6, malformed $regex query parameter e.g. abc causes the database to return a structured error object that is passed unsanitized through the API response...

Fastify 安全漏洞

Fastify is an open-source web framework developed by Fastify. There is a security vulnerability in Fastify, which stems from incorrectly accepting format-errors Content-Type headers. This could allow attackers to send requests that bypass validations and be processed by the server...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005762)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005762 advisory. In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix wrong setting of maxcorrreaderrors There is no input check when echo...

AlmaLinux 8 : container-tools:rhel8 (ALSA-2026:3428)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:3428 advisory. golang: html/template: errors returned from MarshalJSON methods may break template escaping CVE-2024-24785 crypto/x509: golang: Denial of Service due to...

Deep Learning-Driven Friendly Jamming for Secure Multicarrier ISAC under Channel Uncertainty

Integrated sensing and communication ISAC systems promise efficient spectrum utilization by jointly supporting radar sensing and wireless communication. This paper presents a deep learning-driven framework for enhancing physical-layer security in multicarrier ISAC systems under imperfect channel...

Python-Markdown 安全漏洞

Python-Markdown is an open-source Python implementation of a Markdown parser. Version 3.8 of Python-Markdown contains a security vulnerability. This vulnerability stems from malformed HTML sequences, which can lead to unhandled assertion errors, potentially causing remote denial-of-service attack...

CVE-2025-59787

2N Access Commander, affected through version 3.4.2 and earlier, returns HTTP 500 on malformed or manipulated input, indicating improper input validation in the web-facing interface. The description notes potential security or availability impact but does not detail exploitable vectors beyond the...

CLSA-2026-1772631219 python3: Fix of 5 CVEs

CVE-2024-12718: extractall: re-apply the filter at directory-attribute fixup, skip fixup if the entry is no longer a directory - CVE-2025-4138: datafilter: strip .. components from symlink targets in datafilter to prevent traversal via symlinks in the link target - CVE-2025-4330: re-apply filter...

CLSA-2026-1772619878 runc: Fix of 3 CVEs

rebuild with newer golang version 1.25.7-1.el96.tuxcare.els1 to fix the following CVEs - CVE-2025-68121: fix TLS session resumption bypass by preventing shared auto-rotated ticket keys in Config and validating full certificate chain expiry - CVE-2025-61726: limit parsed URL query parameters to...

ROS-20260304-73-0004

A vulnerability in the redchange function of the Linux kernel is related to synchronization errors when using a shared resource. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...

Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 缓冲区错误漏洞

Cisco Secure Firewall Adaptive Security Appliance and Cisco Secure Firewall Threat Defense are products of Cisco, a US company. Cisco Secure Firewall Adaptive Security Appliance is an enterprise-level firewall software. Cisco Secure Firewall Threat Defense is an integrated firewall platform. Both...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005559)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005559 advisory. In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix nilfsemptydir misjudgment and long loop on I/O errors The error handling in...

Cisco IOS XE和Cisco Secure Firewall Threat Defense 缓冲区错误漏洞

Cisco IOS XE and Cisco Secure Firewall Threat Defense are both products of the American company Cisco. Cisco IOS XE is an operating system. It serves as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN operations. Cisco IOS XE reduces the complexity o...

Cisco IOS XE和Cisco Secure Firewall Threat Defense 安全漏洞

Cisco IOS XE and Cisco Secure Firewall Threat Defense are both products of the American company Cisco. Cisco IOS XE is an operating system. It serves as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN operations. Cisco IOS XE reduces the complexity o...

OpenClaw has command injection via Windows shell fallback in Lobster tool execution

Summary The Lobster extension tool execution path used a Windows shell fallback shell: true after spawn failures EINVAL/ENOENT. In that fallback path, shell metacharacters in command arguments can be interpreted by the shell, enabling command injection. Affected Packages / Versions - Package:...

📄 libvips 8.19.0 VIPS Image Extraction Crash / Auditor

This Python script performs a comprehensive security and stability audit of the vips image processing binary. It tests the extractarea function using extreme int32 and uint32 values as well as normal ranges to detect crashes, memory corruption, or buffer overflows. The audit automates setup,...

PT-2026-26240

Summary The Lobster extension tool execution path used a Windows shell fallback shell: true after spawn failures EINVAL/ENOENT. In that fallback path, shell metacharacters in command arguments can be interpreted by the shell, enabling command injection. Affected Packages / Versions - Package:...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005514)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005514 advisory. In the Linux kernel, the following vulnerability has been resolved: icmp: Fix a data-race around sysctlicmperrorsuseinboundifaddr. While reading...