Faction 访问控制错误漏洞

Faction is an open-source report generation and evaluation framework developed by Faction Security. Versions of Faction prior to 1.8.3 contained a access control vulnerability. This vulnerability stemmed from AccessControlInterceptor unconditionally calling invocation.invoke without checking vali...

BAIT: Boundary-Guided Disclosure Escalation Via Self-Conditioned Reasoning

In this work, we propose BAIT Boundary-Aware Iterative Trap, a three-step jailbreak framework that approaches malicious goals through internal disclosure. BAIT first asks the model to identify the protection boundary, then requires it to refine that boundary, and finally requests a detailed...

SAP Gateway 安全漏洞

SAP Gateway is a framework based on open standards developed by SAP, a German company. This product allows non-SAP applications to connect to SAP applications, as well as access SAP applications on mobile devices. There is a security vulnerability in SAP Gateway, which allows attackers to inject...

MRMMIA: Membership Inference Attacks on Memory in Chat Agents

Membership inference attacks MIAs test whether a target data record belongs to a system's private data, and have become a standard tool to measure privacy leakage in machine learning systems. Prior work has primarily focused on training corpora or retrieval databases. However, MIAs against agent...

Joomla! 跨站脚本漏洞

Joomla! is an open-source, free-content management system developed by Joomla! Foundation. The Joomla! Framework has a cross-site scripting vulnerability, which stems from insufficient content filtering in the checkAttribute method. This vulnerability exposes various components to cross-site...

Starlette 环境问题漏洞

Starlette is a lightweight ASGI framework/toolkit developed by Encode. It’s ideal for building asynchronous web services using Python. Versions of Starlette prior to 1.0.1 contained an environmental issue vulnerability. This vulnerability stemmed from the lack of validation of the HTTP Host reque...

May 26, 2026-KB5092427 Cumulative Update Preview for .NET Framework 3.5 and 4.8.1 for Windows 11, version 25H2

May 26, 2026-KB5092427 Cumulative Update Preview for .NET Framework 3.5 and 4.8.1 for Windows 11, version 25H2 Release Date: May 26, 2026 Version: .NET Framework 3.5 and 4.8.1 The May 26, 2026 update for Windows 11, version 25H2 includes security and cumulative reliability improvements in .NET...

GPAC 代码问题漏洞

GPAC is an open-source multimedia framework developed by GPAC. Versions of GPAC 2.4.0 and earlier contained code vulnerabilities. These vulnerabilities stemmed from improper handling of the MergeFragment function in the MP4Box component, which could lead to null pointer dereferencing...

Joomla! 跨站脚本漏洞

Joomla! is an open-source, free-content management system developed by Joomla! Foundation. The Joomla! Framework has a cross-site scripting vulnerability, which stems from the lack of input filtering. This leads to the presence of cross-site scripting vectors in the HTML filtering code...

USN-8296-2: Linux kernel (NVIDIA Tegra) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - x86 architecture; - Compute Acceleration Framework; - Drivers core; - Null block device drive...

USN-8296-2 linux-nvidia-tegra vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - x86 architecture; - Compute Acceleration Framework; - Drivers core; - Null block device drive...

CVE-2026-47070 HTTP/3 redirect handler leaks Authorization and Cookie headers to cross-origin redirect target in hackney

Sensitive Data Exposure vulnerability in benoitc hackney allows Retrieve Embedded Sensitive Data. The HTTP/3 redirect handler in src/hackneyh3.erl passes the original request headers unchanged to the redirect target without performing any cross-origin check. When a client issues an HTTP/3 request...

NIST Cybersecurity Framework and CTEM Alignment

The NIST Cybersecurity Framework gives security leaders a common language for managing cyber risk, but it does not tell teams which exposed asset to fix first on Monday morning. Continuous Threat Exposure Management fills that execution gap. When the NIST cybersecurity framework and CTEM are...

[SECURITY] Fedora 44 Update: nodejs-aw-webui-0^20260516.8d9a7f8-1.fc44

A web-based UI for ActivityWatch, built with Vue.js...

Ubuntu Pro FIPS-updates 24.04 LTS : Linux kernel (FIPS) vulnerabilities (USN-8296-1)

The remote Ubuntu Pro FIPS-updates 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8296-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update...

CVE-2026-48832

The vulnerability affects SPIP’s ecrire component in SPIP prior to version 4.4.15, where action/cookie.php is prone to an open redirect. The underlying issue is an open redirect, allowing an attacker to redirect users to a malicious site via crafted input. Version 4.4.15 addresses this issue (as ...

PwnGPT-Automation

PwnGPT Caputre the flag with Large Language Models. Constructe...

CVE-2026-9371 ItzCrazyKns Vane API route.ts missing authentication

A security vulnerability has been detected in ItzCrazyKns Vane up to 1.12.1. Affected by this issue is some unknown functionality of the file route.ts of the component API. The manipulation leads to missing authentication. The attack may be initiated remotely. The attack's complexity is rated as...

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework. The affected packages include - laravel-lang/lang laravel-lang/http-statuses...

CVEsWorpriss

ها هو ملف README.md المعاد كتابته بالكامل لمشروعك CVEsWorpriss v...