Astra Linux - уязвимость в twisted

Twisted is an event-based framework for internet applications. It was introduced with version 0.9.4. At that time, when the host header did not match a configured host using twisted.web.vhost.NameVirtualHost, a “NoResource” resource would be returned. This caused the Host header to be rendered...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Drivers: Base: Resources are freed when a device is unregistered. In the current code, the devresreleaseall function is only called if the device has a bus and has been probed. This leads to issues when using devices that lack a...

Exploit for Download of Code Without Integrity Check in Gin-Gonic Gin

gin-vulnerable Demo consumer pinned to github.c...

Exploit for Incorrect Authorization in Vercel Next.Js

Himalaya Tech Admin Panel — CVE-2025-29927 Demo WARNING:...

Yii 输入验证错误漏洞

Yii is a high-performance PHP framework developed by the YII team. It is designed for developing large-scale web applications using components. Yii 2 versions 2.0.54 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from a logical flaw in the cor...

Frappe 路径遍历漏洞

Frappe is a web development framework based on Python and Mariadb, with integrated front-end pages, developed by the Indian company Frappe. Versions of Frappe prior to 15.105.0 and 16.15.0 have a path traversal vulnerability. This vulnerability arises from the possibility that path traversal may...

PT-2026-42259

Name of the Vulnerable Software and Affected Versions Frappe versions prior to 15.105.0 Frappe versions prior to 16.15.0 Description Frappe is a full-stack web application framework. A path traversal issue allows unauthenticated arbitrary file read on internet-facing surfaces, such as ERPNext. Ov...

Security Bulletin: DevOps Test Performance contains vulnerabilities related to use of netty-codec-http

Summary Due to use of netty-codec-http, DevOps Test Performance and Rational Performance Tester contain potential HTTP Request Smuggling and Uncontrolled Resource Consumption vulnerabilities. Vulnerability Details CVEID:CVE-2026-42580 DESCRIPTION: Netty is an asynchronous, event-driven network...

tornado-python: Tornado: Denial of Service via large multipart bodies

A flaw was found in tornado-python. A remote attacker can exploit this vulnerability by sending a specially crafted, very large multipart body with numerous parts. Because the parsing of these large bodies occurs synchronously on the main thread, it can consume excessive resources, leading to a...

GHSA-6M52-M754-PW2G Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)

Summary This is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during dev when using the webpack / rspack builder if the dev server is bound to a non-loopback address e.g. nuxt dev --host and the developer opens a malicious site on the same network. Details The fix for...

UBUNTU-CVE-2025-14575

An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network qtbase in Qt Qt Framework Unix allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted certificate file placed in the application's working directory...

CVE-2025-14575 Uncontrolled Search Path Element in Qt Network OpenSSL TLS backend allows rogue CA certificate loading

An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network qtbase in Qt Qt Framework Unix allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted certificate file placed in the application's working directory...

EUVD-2026-30895

Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy in camel-cxf-transport, and KnativeHttpHeaderFilterStrategy in camel-knative-http only...

CVE-2026-27766

Technical details about CVE-2026-27766 are not publicly available in the provided documents. Monitor for updates from OpenHarmony security disclosures and the CVE record.

Hunting Vulnerability Variants in AI Infra: Measurement and Reference-Driven Detection

AI infra has become a shared execution layer for model training, deployment, and agent orchestration. Because many projects reimplement similar model-centric workflows, a vulnerability disclosed in one repository can recur as a variant in another repository with a related design. Yet the prevalen...

PT-2026-41962

Summary navigateTo with external: true generates a server-side HTML redirect body containing a tag. The destination URL is only sanitized by replacing " with %22, leaving , &, and ' unencoded. An attacker who can influence the URL passed to navigateTourl, external: true can break out of the...

SCARA: A Semantics-Constrained Autonomous Remediation Agent for Opaque Industrial Software Vulnerabilities

Critical-infrastructure operators are increasingly expected to assess and remediate vulnerabilities in deployed industrial software. However, much of this software exists as opaque industrial software OIS, including stripped firmware, proprietary protocol handlers, and compiled control logic...

Qt 代码问题漏洞

Qt is an open-source, cross-platform application development framework. Qt has code vulnerabilities, which stem from an issue with uncontrolled search path elements in the backend of OpenSSL TLS. This vulnerability allows local attackers to load malicious CA certificates as trusted system...

PT-2026-41886

An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network qtbase in Qt Qt Framework Unix allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted certificate file placed in the application's working directory...

Security Bulletin: NVIDIA BioNeMo Framework - May 2026

NVIDIA has released a software update for NVIDIA® BioNeMo Framework. To protect your system, clone or update this software to include commit dfd83a7 or later from the NVIDIA/BioNeMo Framework GitHub repo. Go to NVIDIA Product Security. Details The following table summarizes the potential...