OPENSUSE-RU-2026:20161-1 Recommended update for hauler

This update for hauler fixes the following issues: Changes in hauler: - Update to version 1.4.1 bsc1256546, CVE-2026-22772: fixed typos for containerd imports 493 fix and support containerd imports of hauls 492 bump github.com/sigstore/fulcio 489 - Update to version 1.4.0: added/updated logging f...

WordPress DesignThemes Core Features plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin DesignThemes Core Features versions = 2.3...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005167)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005167 advisory. In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: always recalculate features after XDP clearing, fix null-deref Recalculate features wh...

CVE-2026-23968

Copier is a library and CLI app for rendering project templates. Prior to version 9.11.2, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it...

GHSA-HX9M-JF43-8FFR seroval affected by Denial of Service via RegExp serialization

Overriding RegExp serialization with extremely large patterns can exhaust JavaScript runtime memory during deserialization. Additionally, overriding RegExp serialization with patterns that trigger catastrophic backtracking can lead to ReDoS Regular Expression Denial of Service. Mitigation: Serova...

A Prompt-Based Framework for Loop Vulnerability Detection Using Local LLMs

Loop vulnerabilities are one major risky construct in software development. They can easily lead to infinite loops or executions, exhaust resources, or introduce logical errors that degrade performance and compromise security. The problem are often undetected by traditional static analyzers becau...

openSUSE 16 Security Update : bind (openSUSE-SU-2026:20039-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20039-1 advisory. - Upgrade to release 9.20.15 Security Fixes: CVE-2025-40778: Fixed cache poisoning attacks with unsolicited RRs bsc1252379 CVE-2025-40780: Fixed...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000691)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000691 advisory. The Human Interface Device HID subsystem in the Linux kernel through 3.11, when CONFIGLOGITECHFF, CONFIGLOGIG940FF, or CONFIGLOGIWHEELSFF is enabled, allows physical...

MiracleLinux 4 : libxml2-2.7.6-17.1.0.1.AXS4 (AXSA:2014-724:04)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2014-724:04 advisory. Description : This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includ...

Important: Red Hat Security Advisory: Moderate: Red Hat Advanced Cluster Management for Kubernetes v2.13.5 security update

Red Hat Advanced Cluster Management for Kubernetes 2.13 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. Red Hat Advanced Cluster Management for Kubernetes 2.13 images Red Hat Advanced Cluster Management for Kubernetes provides...

VulnCheck KEV: CVE-2025-63387

Dify v1.9.1 is vulnerable to Insecure Permissions. An unauthenticated attacker can directly send HTTP GET requests to the /console/api/system-features endpoint without any authentication credentials or session tokens. The endpoint fails to implement proper authorization checks, allowing anonymous...

Malware Classification Using Diluted Convolutional Neural Network with Fast Gradient Sign Method

Android malware has become an increasingly critical threat to organizations, society and individuals, posing significant risks to privacy, data security and infrastructure. As malware continues to evolve in terms of complexity and sophistication, the mitigation and detection of these malicious...

Microsoft Windows Secure Boot 安全漏洞

Microsoft Windows Secure Boot is a secure boot from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows Secure Boot. An attacker exploiting this vulnerability could bypass certain features. The following products and editions are affected:Windows 10 Version 1809 for...

Integrating APK Image and Text Data for Enhanced Threat Detection: A Multimodal Deep Learning Approach to Android Malware

As zero-day Android malware attacks grow more sophisticated, recent research highlights the effectiveness of using image-based representations of malware bytecode to detect previously unseen threats. However, existing studies often overlook how image type and resolution affect detection and ignor...

Accessibility Features (Sticky Keys) Persistence via Debugger Registry Key

This module makes it possible to apply the 'sticky keys' hack to a session with appropriate rights. The hack provides a means to get a SYSTEM shell using UI-level interaction at an RDP login screen or via a UAC confirmation dialog. The module modifies the Debug registry setting for certain...

CVE-2021-22372

There is a Security Features Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2022-23716

A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster...

CVE-2019-11870

Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/mediachoose.tpl Editor Preview feature or the templates/2k11/admin/mediaitems.tpl Media Library feature...

CVE-2020-10089

GitLab 8.11 through 12.8.1 allows a Denial of Service when using several features to recursively request eachother,...

CVE-2020-7251

Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security ENS Prior to 10.6.1 February 2020 Update allows local users to disable security features via unauthorised use of the configuration tool from older versions of ENS...