EUVD-2026-29719

Microsoft Security Advisory CVE-2026-42899 – ASP.NET Core Denial of Service Vulnerability...

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate with watsonx Assistant Cartridge version 5.3.2 Vulnerability Details CVEID:CVE-2026-24398 DESCRIPTION: Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP...

GHSA-6V92-PH9P-HRPC AMF Vulnerable to Improper Resource Shutdown or Release

A security vulnerability has been detected in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCheckResponse of the file ngap/dispatcher.go. Such manipulation leads to null pointer dereference. The attack can be executed remotely. The exploit has been disclosed publicl...

[SECURITY] Fedora 44 Update: open-amp-2026.04.0-1.fc44

The OpenAMP framework provides software components that enable development of software applications for Asymmetric Multiprocessing AMP systems...

Babel: Jailbreaking Safety Attention Via Obfuscation Distribution Optimized Sampling

Despite rigorous safety alignment, Large Language Models LLMs remain vulnerable to jailbreak attacks. Existing black-box methods often rely on heuristic templates or exhaustive trials, lacking mechanistic interpretability and query efficiency. In this study, we investigate an intrinsic...

Three Heads Are Better Than One: A Multi-Perspective Reasoning Framework for Enhanced Vulnerability Detection

Automated vulnerability detection is crucial for enhancing software security by identifying potential flaws that attackers could exploit, thereby reducing the reliance on labor-intensive manual code audits. Recent advancements have shifted towards leveraging large language models LLMs for...

Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 kernel was updated to fix various security issues The following security issues were fixed: CVE-2025-54518: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache bsc1264013. CVE-2026-46300: net: skbuff: propagate shared-frag marker through...

CVE-2026-8759 xiandafu beetl SpELFunction SpELFunction.java expression language injection

A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an unknown function of the file beetl-classic-integration/beetl-spring-classic/src/main/java/org/beetl/ext/spring/SpELFunction.java of the component SpELFunction. The manipulation leads to improper neutralization of specia...

react2shell-poc

日本語 !CAUTION For Authorized Security Re...

Eternalblue-ms17-010-lab

01-EternalBlue-MS17-010-README.mdhttps://github.com/user-atta...

ContraFix: Agentic Vulnerability Repair Via Differential Runtime Evidence and Skill Reuse

Large language model LLM agents are increasingly used for automated vulnerability repair AVR, where repository-level reasoning enables them to inspect context and produce source-code patches. However, recent empirical results show that these agents still struggle with real-world vulnerabilities...

PT-2026-41572

Name of the Vulnerable Software and Affected Versions xiandafu beetl versions prior to 3.20.3 Description Improper neutralization of special elements in an expression language statement allows for remote exploitation. The issue exists within the SpELFunction component, specifically in an unknown...

AI Agents May Always Fall for Prompt Injections

Prompt injection is the most critical vulnerability in deployed AI agents. Despite recent progress, we show that the prevailing defense paradigm data-instruction separation both fails to detect attacks that operate through contextual manipulation and degrades contextually appropriate behavior. We...

ADR: An Agentic Detection System for Enterprise Agentic AI Security

We present the Agentic AI Detection and Response ADR system, the first large-scale, production-proven enterprise framework for securing AI agents operating through the Model Context Protocol MCP. We identify three persistent challenges in this domain: 1 limited observability -- existing Endpoint...

Operation-Molasses

🍯 OPERATION MOLASSES PEKMEZ Zencefil Efendi's Cyber Dow...

CVE-2025-29935

An out of bounds write within the AMD Platform Management Framework PMF could allow an attacker to execute arbitrary code at an elevated privilege level potentially leading to loss of confidentiality integrity, or availability...

CVE-2025-48519

An improper input validation vulnerability within the AMD Platform Management Framework PMF driver can allow a local attacker to read or write Out-of-Bounds, potentially resulting in privilege escalation...

CVE-2025-52540

An improper input validation vulnerability within the AMD Platform Management Framework PMF Driver can allow a local attacker to write Out-of-Bounds, potentially resulting in privilege escalation...

CVE-2026-42552

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the default error handler Engine::error writes the full exception message, exception code, and stack trace including absolute filesystem paths directly into the HTTP 500 response, with no debug gating. Production deployments leak...

shadow-pentest

🖤 Shadow Pentest Framework v1.0 Automated CVE Discovery & E...