Astra Linux - уязвимость в libxslt

In numbers.c in libxslt before version 1.1.43, there is a use-after-free issue. This occurs because, in nested XPath evaluations, an XPath context node can be modified but cannot be restored. This issue is related to the functions xsltNumberFormatGetValue, xsltEvalXPathPredicate,...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the Object.assign process. An attacker can gain unauthorized access to and control over evaluation data across different...

FlowiseAI: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the Evaluation entity - cross-workspace data takeover and IDOR. File: packages/server/src/services/evaluations/index.ts Root cause: The Evaluation controller/service...

PT-2026-41214

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the Evaluation entity - cross-workspace data takeover and IDOR. File: packages/server/src/services/evaluations/index.ts Root cause: The Evaluation controller/service...

PT-2026-38849

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

BIT-JAVA-2025-24855

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

What Security and Privacy Transparency Users Need from Consumer-Facing Generative AI

Users increasingly rely on consumer-facing generative AI GenAI for tasks ranging from everyday needs to sensitive use cases. Yet, it remains unclear whether and how existing security and privacy S&P communications in GenAI tools shape users' adoption decisions and subsequent experiences...

CVE-2026-32930

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the gradebook evaluation edit page allows any authenticated teacher to view and modify the settings name, max score, weight of evaluations belonging to any other...

EUVD-2026-21529

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the gradebook evaluation edit page allows any authenticated teacher to view and modify the settings name, max score, weight of evaluations belonging to any other...

CVE-2026-32930 Chamilo LMS has an IDOR in Gradebook Allows Cross-Course Evaluation Edit Without Ownership Check

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the gradebook evaluation edit page allows any authenticated teacher to view and modify the settings name, max score, weight of evaluations belonging to any other...

PT-2026-32009

Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 1.11.38 and prior to 2.0.0-RC.3 Description Chamilo LMS contains an Insecure Direct Object Reference IDOR issue in the gradebook evaluation edit page. An authenticated teacher can view and modify evaluation settin...

System Card: Claude Mythos Preview

This System Card describes Claude Mythos Preview, a large language model from Anthropic. Mythos Preview is their most capable frontier model to date, and shows a striking leap in scores on many evaluation benchmarks compared to their previous frontier model, Claude Opus 4.6. This System Card...

MLflow 信息泄露漏洞

MLFlow is an open-source platform that simplifies machine learning development. It includes features for tracking experiments, packaging code for reproducible runs, and sharing and deploying models. However, MLFlow has a vulnerability related to information leakage. This vulnerability stems from...

Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&CK Evaluation with TrendAI Vision One™

This blog discusses notable modern TTPs observed from SHADOW-AETHER-015 and Earth Preta, from TrendAI Research™ monitoring and TrendAI Vision One™ intelligence. These findings support the performance of TrendAI™ in the 2025 MITRE ATT&CK Evaluations...

HoneyTrap: Deceiving Large Language Model Attackers to Honeypot Traps with Resilient Multi-Agent Defense

Jailbreak attacks pose significant threats to large language models LLMs, enabling attackers to bypass safeguards. However, existing reactive defense approaches struggle to keep up with the rapidly evolving multi-turn jailbreaks, where attackers continuously deepen their attacks to exploit...

Trend Vision One™ Stacks Up Against Scattered Spider and Mustang Panda in 2025 MITRE ATT&CK® Evaluations

Enterprise 2025 introduces the first full cloud adversary emulation and expanded multi-platform testing, focusing on two advanced threat areas: Scattered Spider’s cloud-centric attacks and Mustang Panda’s long-term espionage operations...

EUVD-2024-48393

Malicious code in bioql PyPI...

EUVD-2024-41284

Malicious code in bioql PyPI...

EUVD-2024-17465

Malicious code in bioql PyPI...

EUVD-2025-7659

Malicious code in bioql PyPI...