EUVD-2025-210296

An authenticated user can perform XSS. This issue affects Apache Atlas versions 2.4.0 and earlier. Users are recommended to upgrade to version 2.5.0, which fixes the issue...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: s390/crypto: Use vector instructions only if they are available for ChaCha20. Commit 349d03ffd5f6 “crypto: s390 – add a crypto library interface for ChaCha20” added a library interface to the s390-specific ChaCha20...

Security Bulletin: SSLv2 DROWN Vulnerability (CVE-2016-0800)

Question Security Bulletin: SSLv2 DROWN Vulnerability CVE-2016-0800 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All Versions","Edition":"","Line of...

CVE-2026-12216

The CVE-2026-12216 entry concerns svaarala duktape up to 2.99.99. The vulnerability occurs in duk_api_bytecode.c and is triggered by manipulating the argument count_instr, leading to memory corruption. Exploitation requires local access, and a public exploit/public disclosure has been made. No re...

PI-Hunter: Automated Red-Teaming for Exposing and Localizing Prompt Injections

Large Language Models LLMs are rapidly evolving into agentic systems that interact with external tools and environments, introducing new security risks such as indirect prompt injection attacks through untrusted external sources. Existing defenses mainly focus on blocking malicious content at...

EUVD-2026-35187

Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might allow an authenticated remote threat actor to execute arbitrary code on AWS AgentCore Runtime under the imported agent's IAM execution role and on the local environment of anothe...

PT-2026-47184

Name of the Vulnerable Software and Affected Versions rclone versions 1.46.0 through 1.74.2 Description When the remote control API is enabled and the --rc-serve flag is used without HTTP authentication, the software accepts unauthenticated GET and HEAD requests to paths formatted as...

Kernel-Exploit-Dojo-127

Kernel-Exploit-Dojo-127 CTF kernel exploitation notes, PoCs,...

Kernel-Exploit-Dojo-243

Kernel-Exploit-Dojo-243 CTF kernel exploitation notes, PoCs,...

Kernel-Exploit-Dojo-962

Kernel-Exploit-Dojo-962 CTF kernel exploitation notes, PoCs,...

Kernel-Exploit-Dojo-822

Kernel-Exploit-Dojo-822 CTF kernel exploitation notes, PoCs,...

Exploit for Improper Initialization in Linux Linux_Kernel

CVE-2022-0847 Dirty Pipe Pre-compiled exploit for CVE-2022-08...

CVE-2026-10242

A weakness has been identified in itsourcecode Content Management System 1.0. This impacts an unknown function of the file /instructions.php. This manipulation of the argument topicid causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the...

CVE-2026-47307

NULL pointer dereference vulnerability in Samsung Open Source Walrus allows an attacker to cause a denial of service via a crafted WebAssembly module containing deeply nested instructions. This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9...

CVE-2026-40151

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the AgentOS deployment platform exposes a GET /api/agents endpoint that returns agent names, roles, and the first 100 characters of agent system instructions to any unauthenticated caller. The AgentOS FastAPI application has no...

Insertion of Sensitive Information Into Sent Data

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the setProxy function. An attacker can obtain sensitive proxy credentials by controlling a redirect target and causin...

Maintenance update for Multi-Linux Manager 4.3 Release Notes Release Notes

Description: This update fixes the following issues: release-notes-susemanager-proxy: Update to SUSE Manager 4.3.18 Bugs mentioned bsc1249675, bsc1259554 Security update 4.3.18 for Multi-Linux Manager Server LTS Description: This update fixes the following issues: release-notes-susemanager: Updat...

Security update for grafana

This update for grafana to version to 11.6.14+security01 fixes the following issues: Security Fixes: CVE-2026-34986: Fixed unrecoverable error in JWE decryption that could lead to a denial of service bsc1262950 CVE-2026-41602: Fixed Integer Overflow or Wraparound vulnerability in Apache Thrift...

Security update for apptainer (important)

openSUSE security update: security update for apptainer ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20888-1 Rating: important References: bsc1266656 Cross-References: CVE-2026-39821 CVSS scores: CVE-2026-39821 SUSE : 7.4...

CVE-2026-10242

A weakness has been identified in itsourcecode Content Management System 1.0. This impacts an unknown function of the file /instructions.php. This manipulation of the argument topicid causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the...