CVE-2026-48172

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

Botnet Detection on CTU-13 Using Lightweight Machine Learning Models

Botnets are among the most persistent cyber threats, enabling large-scale attacks such as spam, credential theft, and distributed denial-of-service DDoS. While deep learning approaches have recently been applied to botnet detection, they are computationally intensive and often lack...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net: stmmac: Enable all safety features by default In the original implementation of dwmac5, the commit 8bf993a5877e states that “net: stmmac: Add support for DWMAC5 and implement Safety Features”. All safety features were...

Astra Linux - уязвимость в qemu

A stack-based buffer overflow was discovered in the virtio-net device of QEMU. This issue occurs when flushing the TX operation in the virtionetflushtx function, provided that the guest has enabled VIRTIONETFHASHREPORT, VIRTIOFVERSION1, and VIRTIONETFMRGRXBUF. This could allow a malicious user to...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ixgbevf: added the missing negotiatefeatures operation to the Hyper-V ops table. The commit a7075f501bd3 “ixgbevf: fixed mailbox API compatibility by negotiating supported features” added the .negotiatefeatures callback to...

Malicious code in eplang (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d53e4571f8ccfc385a265dfd47cbea9793946762a794aff432e98614ee10b21 The package ships epl/.aiconfig.json containing a hardcoded Groq API key with provider set to 'groq'. On any AI-related CLI invocation epl ai, epl ge...

Security Bulletin:DevOps Test Embedded for Eclipse IDE is vulnerable to XXE injection & RCE due to use of JGit and EGit ( CVE-2023-4759 and CVE-2025-4949)

Summary Due to the use of JGit and EGit, DevOps Test Embedded for Eclipse contains vulnerabilities that could lead to unauthorized file access via XML External Entity XXE injection, and arbitrary file overwrites on case-insensitive filesystems that can lead to Remote Code Execution RCE. This only...

Security update for perl-CryptX (important)

openSUSE Security Update: Security update for perl-CryptX Announcement ID: openSUSE-SU-2026:0170-1 Rating: important References: 1244472 1262697 Cross-References: CVE-2025-40914 CVE-2026-41564 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes two vulnerabilities is now...

MGASA-2026-0147 Updated rclone packages fix security vulnerabilities

This update bring new features, bugs and vulnerabilities fixed in rclone and golang components used to build it...

Updated rclone packages fix security vulnerabilities

This update bring new features, bugs and vulnerabilities fixed in rclone and golang components used to build it...

PT-2026-41665

Authorization Bypass vulnerability in Creartia's ICMS software could allow an attacker to gain unauthorized access to protected features by manipulating the HTTP redirect headers of the login process, causing the script to continue running and enabling privilege escalation without the need for...

A No-Defense Defense against Gradient-Based Adversarial Attacks on ML-NIDS: Is Less More?

Gradient-based adversarial attacks subtly manipulate inputs of Machine Learning ML models to induce incorrect predictions. This paper investigates whether careful architectural choices alone can yield an inherently robust Deep Neural Network DNN-based Network Intrusion Detection Systems NIDS,...

Rethinking Side-Channel Analysis: Automated Discovery and Analysis of Side-Channel Leakage with LLM-Assisted Agents

Side-channel attacks exploit unintended information leakage from system behavior and continue to pose serious privacy risks in modern platforms. Despite extensive prior work, side-channel analysis remains largely manual and fragmented, typically assuming predefined target events and a fixed set o...

CVE-2026-43322

A flaw was found in the Bluetooth Host Controller Interface HCI synchronization module hcisync of the Linux kernel. A use-after-free UAF vulnerability exists in the lereadfeaturescomplete function, where a freed hciconn object is accessed. This can allow an attacker to cause a system crash, leadi...

SUSE CVE-2026-1188

In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounting for the separator inserted between processor features. If the output buffer supplied to this function was incorrectly sized, failing to...

Microsoft Edge 输入验证错误漏洞

Microsoft Edge is a web browser included with Windows 10 and later versions of the Microsoft operating system. There is a vulnerability in input validation of Microsoft Edge. Attackers can exploit this vulnerability to bypass certain features...

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management for Kubernetes v2.13.7 security update

Red Hat Advanced Cluster Management for Kubernetes 2.13 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. Red Hat Advanced Cluster Management for Kubernetes 2.13 images Red Hat Advanced Cluster Management for Kubernetes provides...

Important: Red Hat Security Advisory: multicluster engine for Kubernetes v2.8.6 security update

The multicluster engine for Kubernetes 2.8 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. The multicluster engine for Kubernetes v2.8 images The multicluster engine for Kubernetes provides the foundational components that are...

EUVD-2026-30353

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, broken access control in the searchAsset, searchTag, searchWidget, and searchTemplate publish-mode Readers can enumerate metadata from documents that are invisible to the publish service. This vulnerability is fixed in...

Important: Red Hat Security Advisory: multicluster engine for Kubernetes v2.6.11 security update

The multicluster engine for Kubernetes 2.6 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. The multicluster engine for Kubernetes v2.6 images The multicluster engine for Kubernetes provides the foundational components that are...