PT-2026-34555

Impact The staking contract accepts UpdateValidator transactions that set new voting key=Some... while omitting new proof of knowledge. this skips the proof-of-knowledge requirement that is needed to prevent BLS rogue-key attacks when public keys are aggregated. Because tendermint macro block...

Nimiq 数据伪造问题漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Prior to Nimiq 1.3.0, there was a vulnerability related to data manipulation. This vulnerability stemmed from the UpdateValidator transaction in the nimiq-transaction where the was set with newvotingkey=Some…, but the...

EUVD-2026-24384

Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business Suite component: Knowledge Integration. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HCM...

2026-04 .NET 10.0.7 Security Update for x64 Client (KB5091596)

2026-04 .NET 10.0.7 Security Update for x64 Client KB5091596...

Oracle HCM Common Architecture 安全漏洞

Oracle HCM Common Architecture is an HR management system architecture component developed by Oracle, a US-based company. Versions 12.2.3 to 12.2.15 of Oracle HCM Common Architecture contain security vulnerabilities. These vulnerabilities stem from issues with the Knowledge Integration component,...

CVE-2026-40323

SP1 is a zero‑knowledge virtual machine that proves the correct execution of programs compiled for the RISC-V architecture. In versions 6.0.0 through 6.0.2, a soundness vulnerability in the SP1 V6 recursive shard verifier allows a malicious prover to construct a recursive proof from a shard proof...

RAVEN: Retrieval-Augmented Vulnerability Exploration Network for Memory Corruption Analysis in User Code and Binary Programs

Large Language Models LLMs have demonstrated remarkable capabilities across various cybersecurity tasks, including vulnerability classification, detection, and patching. However, their potential in automated vulnerability report documentation and analysis remains underexplored. We present RAVEN...

CVE-2026-5426

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks...

SP1 安全漏洞

SP1 is an open-source zero-knowledge virtual machine developed by Succinct. Versions 6.0.0 to 6.0.2 of SP1 contain security vulnerabilities. These vulnerabilities stem from defects in the recursive sharding verifier, which could allow malicious provers to construct invalid proofs...

CVE-2026-40323

SP1 (zero‑knowledge VM) has a soundness vulnerability in the V6 recursive shard verifier affecting versions 6.0.0–6.0.2, allowing a malicious prover to construct a recursive proof from a shard proof that the native verifier would reject. The issue is fixed in version 6.1.0. Impact is described as...

Azure File Sync Agent v22.3 Release – April 2026 (KB5087090)

Azure File Sync Agent v22.3 Release – April 2026 KB5087090...

Azure File Sync Agent v22.3 Release – April 2026 (KB5087090)

Azure File Sync Agent v22.3 Release – April 2026 KB5087090...

Azure File Sync Agent v22.3 Release – April 2026 (KB5087090)

Azure File Sync Agent v22.3 Release – April 2026 KB5087090...

EUVD-2026-23271

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks...

CVE-2026-5426

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks...

PT-2026-33340

Name of the Vulnerable Software and Affected Versions Digital Knowledge KnowledgeDeliver versions prior to February 24, 2026 Description Hard-coded ASP.NET/IIS machineKey values in standardized web.config files allow unauthenticated remote code execution. Attackers can use these shared keys to...

Digital Knowledge KnowledgeDeliver 安全漏洞

Digital Knowledge KnowledgeDeliver is an online learning management system developed by Digital Knowledge Company. Versions of Digital Knowledge KnowledgeDeliver prior to February 24, 2026, contained security vulnerabilities. These vulnerabilities stemmed from hard-coded ASP.NET/IIS machineKey...

pentest-with-LLM

🛡️ pentest-with-LLM - Run Guided Security Testing !Download...

MCPThreatHive: Automated Threat Intelligence for Model Context Protocol Ecosystems

The rapid proliferation of Model Context Protocol MCP-based agentic systems has introduced a new category of security threats that existing frameworks are inadequately equipped to address. We present MCPThreatHive, an open-source platform that automates the end-to-end lifecycle of MCP threat...

GROWI 安全漏洞

GROWI is an enterprise-level open-source knowledge base/Wiki system built using Node.js and React by GROWI Inc. GROWI versions 7.4.6 and earlier have a security vulnerability that stems from a storage-side cross-site scripting attack, which could allow arbitrary scripts to be executed in the user...