Malicious code in robase-library-quick-install (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3655afd9220b8d5df96a51d63e383fd4face5be5f31a2da02bcaf379d6625c6b During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

MAL-2026-3041 Malicious code in robase-library-quick-install (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3655afd9220b8d5df96a51d63e383fd4face5be5f31a2da02bcaf379d6625c6b During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

OpenMage LTS: Customer File Upload Extension Blocklist Bypass → Remote Code Execution

The product custom option file upload in OpenMage LTS uses an incomplete blocklist "forbiddenextensions = php,exe" to prevent dangerous file uploads. This blocklist can be trivially bypassed by using alternative PHP-executable extensions such as ".phtml", ".phar", ".php3", ".php4", ".php5",...

[SECURITY] Fedora 44 Update: python3.13-3.13.13-1.fc44

Python 3.13 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.13 package provides the "python3.13" executable:...

[SECURITY] Fedora 44 Update: qt6-qtscxml-6.10.3-1.fc44

The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...

📄 LuaJIT 2.1.1774638290 FFI Remote Code Execution / Lua Injection

This script is a LuaJIT exploitation tool that attempts to abuse the LuaJIT FFI Foreign Function Interface to execute system commands or arbitrary shellcode on a remote Lua runtime exposed over a TCP socket. It connects to a target service, injects Lua code dynamically, and leverages unsafe FFI...

SUSE CVE-2026-31521

In the Linux kernel, the following vulnerability has been resolved: module: Fix kernel panic when a symbol stshndx is out of bounds The module loader doesn't check for bounds of the ELF section index in simplifysymbols: for i = 1; i shsize / sizeofElfSym; i++ const char name = info-strtab +...

Malicious code in lyrox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a758a1be229d0656a639cd9e76cb14b3224260a08da87b6de28ff2bc4c1d48ba Heavy obfuscate code for extracting further obfuscate binaries and executing them using file less techniques. Some versions contain the executable embedded,...

AutoRISE: Agent-Driven Strategy Evolution for Red-Teaming Large Language Models

Automated red-teaming methods for large language models typically optimize attack prompts within a fixed, human-designed strategy, leaving the attack strategy itself unchanged. We instead optimize the strategy. We propose AutoRISE, a method that searches over executable attack programs rather tha...

CVE-2026-6845

A flaw was found in binutils, specifically within the readelf utility. This vulnerability allows a local attacker to cause a Denial of Service DoS by tricking a user into processing a specially crafted Executable and Linkable Format ELF file. The exploitation of this flaw can lead to the system...

CVE-2026-6844 Binutils: binutils: denial of service vulnerabilities in readelf via crafted elf files

A flaw was found in the readelf utility of the binutils package. A local attacker could exploit two Denial of Service DoS vulnerabilities by providing a specially crafted Executable and Linkable Format ELF file. One vulnerability, a resource exhaustion CWE-400, can lead to an out-of-memory...

CVE-2026-6845 Binutils: binutils: denial of service via crafted elf file

A flaw was found in binutils, specifically within the readelf utility. This vulnerability allows a local attacker to cause a Denial of Service DoS by tricking a user into processing a specially crafted Executable and Linkable Format ELF file. The exploitation of this flaw can lead to the system...

CVE-2026-6845

A flaw was found in binutils, specifically within the readelf utility. This vulnerability allows a local attacker to cause a Denial of Service DoS by tricking a user into processing a specially crafted Executable and Linkable Format ELF file. The exploitation of this flaw can lead to the system...

Red Hat Enterprise Linux 代码问题漏洞

Red Hat Enterprise Linux is a Linux operating system for enterprise users developed by Red Hat, Inc. Red Hat Enterprise Linux 10 contains a code vulnerability that allows local attackers to cause denial-of-service attacks by tricking users into processing specially crafted ELF files. This...

CVE-2026-5789

A flaw was found in CivetWeb. This vulnerability, related to an unquoted search path, allows a local attacker to execute arbitrary code with elevated privileges. By placing a malicious executable in a directory that is scanned before the legitimate CivetWeb application path, an attacker can explo...

USN-8193-1 libcap2 vulnerability

Ali Raza discovered that libcap incorrectly handled file capability updates. A local attacker could possibly use this issue to inject or strip capabilities into arbitrary executables and escalate privileges...

CVE-2026-5789 Search path without quotes in CivetWeb

Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is scanned before the intended application path C:\Program...

CVE-2026-5789

Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is scanned before the intended application path C:\Program...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011208)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011208 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/binfmtelf: Fix memory leak in loadelfbinary There is a memory leak reported by kmemleak:...

SUSE CVE-2026-40527

radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DWTAGformalparameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute...