OESA-2026-2488 python-twisted security update

Twisted is an event-based framework for internet applications, supporting Python 2.7 and Python 3.5+. It includes modules for many different purposes, including the following: Security Fixes: A denial of service vulnerability exists in Twisted framework when handling DNS compression pointer chain...

OESA-2026-2470 qt5-qtbase security update

Qt is a software toolkit for developing applications. Security Fixes: An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network qtbase in Qt Qt Framework Unix allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted...

OESA-2026-2469 qt5-qtbase security update

Qt is a software toolkit for developing applications. Security Fixes: An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network qtbase in Qt Qt Framework Unix allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted...

OESA-2026-2468 qt5-qtbase security update

Qt is a software toolkit for developing applications. Security Fixes: An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network qtbase in Qt Qt Framework Unix allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted...

Cacti 1.2.24 - SQL Injection

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graphview.php. Since guest users can access graphview.php without authentication by default, if guest users are being utilized in an enabled state, there...

[SECURITY] Fedora 43 Update: gmic-3.7.6-3.fc43

G'MIC is an open and full-featured framework for image processing, providing several different user interfaces to convert/manipulate/filter/visualize generic image datasets, from 1d scalar signals to 3d+t sequences of multi-spectral volumetric images...

EUVD-2026-33169

Use after free in Dawn in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

RLSA-2026:21295 Important: .NET 10.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 10.0.108 and .NET Runtime...

.NET 9.0 security update

An update is available for dotnet9.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...

.NET 10.0 security update

An update is available for dotnet10.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...

agno SQL注入漏洞

Agno is an open-source full-stack framework developed by Agno for building multi-agent systems with memory, knowledge, and reasoning capabilities. Version 2.6.5 of Agno contains a SQL injection vulnerability. This vulnerability stems from SQL injections in the ClickHouse vector database backend,...

PT-2026-45020

Summary AppInstaller post-stage-1 XPC listener accepts unvalidated connections, allowing spoofed appcast item data injection. Details Autoupdate/AppInstaller.m's shouldAcceptNewConnection: only enforces SUCodeSigningVerifier validateConnection: before stage 1 completes. After...

PT-2026-44976

Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47...

How to Compare the Security of Code Written by Humans to LLM-Generated Code

Large language models LLMs are rapidly transforming how software is created and maintained. Comparing LLM-generated code against human-written standards is essential to determine whether these new tools uphold or erode the security baselines established by professional developers. Yet, we lack a...

RHEL 10 : .NET 9.0 (RHSA-2026:21754)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:21754 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation...

MixPHP Framework 2.2.17 - Unsafe Deserialization Remote Code Execution

Exploit Title: MixPHP Framework 2.2.17 - Unsafe Deserialization Remote Code Execution Date: 2026-05-14 Exploit Author: cardosource Vendor Homepage: https://github.com/mix-php/mix Software Link: https://github.com/mix-php/mix Version: 2.x through 2.2.17 Tested on: Ubuntu 26.04 LTS / PHP 8.3.6 CVE:...

PT-2026-44987

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.219 Description The password reset endpoint returns visually distinct responses based on whether the submitted email address is associated with an existing user account. This allows unauthenticated attackers to...

Separating Secrets from Placeholders: A Hybrid CNN-CodeBERT Framework for Three-Class Credential Leakage Detection

Credential leakage in public source code repositories poses a critical security threat, with over 23.8 million secrets exposed in 2024 alone. Existing detection tools suffer from high false-positive rates because rigid pattern matching and binary classification schemes fail to distinguish genuine...

📄 MixPHP Framework 2.2.17 Deserialization / Arbitrary Code Execution

MixPHP Framework versions 2.x through 2.2.17 suffer from an insecure deserialization vulnerability that allows for remote code execution. Exploit Title: MixPHP Framework 2.2.17 - Unsafe Deserialization Remote Code Execution Date: 2026-05-14 Exploit Author: cardosource Vendor Homepage:...

Rizin 缓冲区错误漏洞

Rizin is a free, open-source reverse-engineering framework developed by the Rizin organization. It is used for analyzing binary files, disassembling code, debugging programs, as a forensics tool, and as a command-line hexadecimal editor capable of opening disk files. Rizin has a buffer overflow...