PT-2026-34160

Vulnerability in the Oracle Application Development Framework ADF product of Oracle Fusion Middleware component: ADF Faces. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where...

FreeScout 跨站请求伪造漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.215 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the email OAuth disconnection being...

Data Sharing Framework 代码问题漏洞

Data Sharing Framework is an open-source distributed medical data sharing and processing framework based on BPMN and FHIR. Versions of Data Sharing Framework prior to 2.1.0 contained code vulnerabilities. These vulnerabilities stemmed from OIDC authentication sessions not having a maximum...

Data Sharing Framework 安全漏洞

Data Sharing Framework is an open-source distributed medical data sharing and processing framework based on BPMN and FHIR. Versions of Data Sharing Framework prior to 2.1.0 contained security vulnerabilities, which were caused by the incorrect use of reverse time comparison logic in the OIDC and...

Oracle Application Development Framework 安全漏洞

The Oracle Application Development Framework is an enterprise-level application development framework developed by Oracle, a company in the United States. Versions 12.2.1.4.0 and 14.1.2.0.0.0 of the Oracle Application Development Framework contain security vulnerabilities. These vulnerabilities...

PT-2026-34226

Name of the Vulnerable Software and Affected Versions F Prime versions prior to 4.2.0 Description An integer overflow occurs during a bounds check where the addition of byteOffset and dataSize wraps around on overflow. This allows a specially crafted DataPacket to bypass the check, enabling a fil...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006950)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006950 advisory. In the Linux kernel, the following vulnerability has been resolved: ntbnetdev: Use devkfreeskbany in interrupt context TX/RX callback handlers ntbnetdevtxhandler,...

CVE-2026-40320

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template constructor, silently interpreting template expressions at runtime. If check definitions are loaded from an untrusted...

CVE-2026-35582

Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand is vulnerable to OS command injection because it interpolates temporary file paths into a /bin/sh -c shell command string without any escaping or input validation. The INFILEENDING and...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of Spring Framework MVC and WebFlux

Summary Due to use of Spring Framework MVC and WebFlux, DevOps Test Performance and Rational Performance Tester contain a potential stream corruption vulnerability. Vulnerability Details CVEID:CVE-2026-22735 DESCRIPTION: Spring MVC and WebFlux applications are vulnerable to stream corruption when...

Weaponizing the Commons: A Taxonomy and Detection Framework of Abuse on GitHub

GitHub plays a critical role in modern software supply chains, making its security an important research concern. Existing studies have primarily focused on CI/CD automation, collaboration patterns, and community management, while abuse behaviors on GitHub have received little systematic...

Owner-Harm: A Missing Threat Model for AI Agent Safety

Existing AI agent safety benchmarks focus on generic criminal harm cybercrime, harassment, weapon synthesis, leaving a systematic blind spot for a distinct and commercially consequential threat category: agents harming their own deployers. Real-world incidents illustrate the gap: Slack AI...

PT-2026-33726

Name of the Vulnerable Software and Affected Versions EasyFlow .NET affected versions not specified Description A SQL Injection flaw allows unauthenticated remote attackers to inject arbitrary SQL commands. This can lead to the unauthorized reading, modification, and deletion of database contents...

Zeek 8.0.7

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek ha...

WebVuln-Chain-Framework

WebVuln Chain Framework Modular web vulnerability scanner w...

RLSA-2026:8471 Important: .NET 10.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 10.0.106 and .NET Runtime...

A Novel Quantum Augmented Framework to Improve Microgrid Cybersecurity

Small modular nuclear reactors SMRs are redefining the energy generation landscape by enabling the deployment of modular, scalable, and pre-built power units that can be used to build distributed autonomous microgrids for critical infrastructure and burgeoning AI factories. Often, these microgrid...

Exploit for CVE-2025-6389

CVE-2025-6389 Sneeit Framework = 8.3 - Unauthenticated Rem...

RLSA-2026:8470 Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.126 and .NET Runtime...

CVE-2026-5426

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks...