CVE-2026-3837 Frappe Framework 16.10.0 - Stored DOM XSS in Multiple Field Formatters

An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when another user opens the affected document in Desk. The vulnerable formatter implementations interpolate stored values into raw HTML attributes and element content without...

free5GC PCF: Memory Leak via CORS Middleware Registration in HTTP Handler Leads to Denial of Service

Summary A memory leak vulnerability in the free5GC PCF Policy Control Function allows any unauthenticated attacker with network access to the PCF SBI interface to cause uncontrolled memory growth by sending repeated HTTP requests to the OAM endpoint. The root cause is a router.Use call inside an...

GHSA-98CP-84M9-Q3QP free5GC PCF: Memory Leak via CORS Middleware Registration in HTTP Handler Leads to Denial of Service

Summary A memory leak vulnerability in the free5GC PCF Policy Control Function allows any unauthenticated attacker with network access to the PCF SBI interface to cause uncontrolled memory growth by sending repeated HTTP requests to the OAM endpoint. The root cause is a router.Use call inside an...

CVE-2026-3673 Frappe Framework 16.10.0 - Stored DOM XSS in Tag Pill Renderer

An authenticated attacker can store a crafted tag value in usertags and trigger JavaScript execution when a victim opens the list/report view where tags are rendered. The vulnerable renderer interpolates tag content into HTML attributes and element content without escaping. This issue affects...

CVE-2026-3673

An authenticated attacker can store a crafted tag value in usertags and trigger JavaScript execution when a victim opens the list/report view where tags are rendered. The vulnerable renderer interpolates tag content into HTML attributes and element content without escaping. This issue affects...

CVE-2026-3673 Frappe Framework 16.10.0 - Stored DOM XSS in Tag Pill Renderer

An authenticated attacker can store a crafted tag value in usertags and trigger JavaScript execution when a victim opens the list/report view where tags are rendered. The vulnerable renderer interpolates tag content into HTML attributes and element content without escaping. This issue affects...

CVE-2026-3673

CVE-2026-3673 affects Frappe Framework 16.10.10. An authenticated attacker can store a crafted value in _user_tags and trigger JavaScript execution when a victim opens the list/report view where tags are rendered. The vulnerable renderer interpolates tag content into HTML attributes and element c...

CVE-2026-31472

A flaw was found in the Linux kernel, specifically within the xfrm and iptfs components. A remote attacker could exploit this vulnerability by sending a specially crafted Encapsulating Security Payload ESP packet. This packet, containing an inner IPv4 header with a total length totlen of zero or...

CVE-2026-41144

F´ F Prime is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize fileSize uses U32 addition that wraps around on overflow. An attacker-crafted DataPacket with...

ONE 输入验证错误漏洞

ONE is a high-performance edge-side neural network inference framework developed by Samsung. Versions prior to ONE 1.30.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from integer overflows during the calculation of tensor replication sizes, which could...

ONE 输入验证错误漏洞

ONE is a high-performance edge-side neural network inference framework developed by Samsung. Versions of ONE prior to 1.30.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from integer overflows during the calculation of the temporary buffer’s initial siz...

Mythos and the Unverified Cage: Z3-Based Pre-Deployment Verification for Frontier-Model Sandbox Infrastructure

The April 2026 Claude Mythos sandbox escape exposed a critical weakness in frontier AI containment: the infrastructure surrounding advanced models remains susceptible to formally characterizable arithmetic vulnerabilities. Anthropic has not publicly characterized the escape vector; some secondary...

ONE 输入验证错误漏洞

ONE is a high-performance edge-side neural network inference framework developed by Samsung. Versions prior to ONE 1.30.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from integer overflows during the calculation of memory copy sizes, which could lead t...

ONE 安全漏洞

ONE is a high-performance edge-side neural network inference framework developed by Samsung. Versions of ONE prior to 1.30.0 contained a security vulnerability. This vulnerability stemmed from improper verification of STRING tensor offsets, which could lead to out-of-bound access during the impor...

Frappe 跨站脚本漏洞

Frappe is a web development framework based on Python and Mariadb, with integrated front-end pages, developed by the Indian company Frappe. Version 16.10.10 of Frappe contains a cross-site scripting vulnerability. This vulnerability stems from special tag values stored in user tags that are not...

AVISE: Framework for Evaluating the Security of AI Systems

As artificial intelligence AI systems are increasingly deployed across critical domains, their security vulnerabilities pose growing risks of high-profile exploits and consequential system failures. Yet systematic approaches to evaluating AI security remain underdeveloped. In this paper, we...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013824)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013824 advisory. In the Linux kernel, the following vulnerability has been resolved: can: sun4ican: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to...

ONE 输入验证错误漏洞

ONE is a high-performance edge-side neural network inference framework developed by Samsung. Versions of ONE prior to 1.30.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from integer overflows during the calculation of the copy size for output tensors,...

ONE 输入验证错误漏洞

ONE is a high-performance edge-side neural network inference framework developed by Samsung. Versions of ONE prior to 1.30.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from a lack of operator boundary validation, which could lead to out-of-bounds code...

ONE 输入验证错误漏洞

ONE is a high-performance edge-side neural network inference framework developed by Samsung. Versions prior to ONE 1.30.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from integer overflows during the calculation of the size of constant tensor data, whi...