PhoenixStorybook 安全漏洞

PhoenixStorybook is an open-source component display and interaction debugging UI tool developed by Phenix Digital. Versions of PhoenixStorybook from 0.2.0 to 1.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the unauthorized conversion of user-provided string parameter...

9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes

Summary 9router exposes two unauthenticated API endpoints that, when chained together, allow any network-adjacent attacker to execute arbitrary OS commands as the user running the 9router process — with zero prerequisites and no credentials required. The vulnerability exists because the Next.js...

CVE-2026-23558 grant table v2 race in status page mapping

The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status pages via XENMEMaddtophysmap. Some of the status pages may then be freed while...

CVE-2026-23558

The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status pages via XENMEMaddtophysmap. Some of the status pages may then be freed while...

MLflow: Improper Origin Validation in MLflow Assistant /ajax-api Endpoints Enables Browser-Mediated Local Command Execution

In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine. ...

ALSA-2026:18772 Moderate: qemu-kvm security update

Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fixes: qemu-kvm: VNC WebSocket handshake use-after-free CVE-2025-11234 For more...

Xen 安全漏洞

Xen is an open-source virtual machine monitor product developed by Xen. This product allows different and incompatible operating systems to run on the same computer. It also supports migration during operation, ensuring smooth functioning and avoiding downtime. Xen has a security vulnerability th...

RHEL 9 : qemu-kvm (RHSA-2026:18772)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18772 advisory. Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the...

CLSA-2026-1779097389 qemu-kvm: Fix of CVE-2023-6693

fix CVE-2023-6693: virtio-net stack overflow via large guesthdrlen...

Agent Security Is a Systems Problem

We take the position that agent security must be approached as a systems problem: the AI model powering the agent must be treated as an untrusted component, and security invariants must be enforced at the system level. Through this lens, efforts to increase model robustness the dominant viewpoint...

Agentic Governance: Why It Matters Now

AI agents now act inside the trust boundary with real credentials, and agentic governance is what keeps them from quietly breaking things at machine speed...

Advance_WAF_project_CS

WAFinity - Infinite Protection, Intelligent Detection WAFin...

PT-2026-42165

Name of the Vulnerable Software and Affected Versions BIND 9 versions 9.18.36 through 9.18.48 BIND 9 versions 9.20.8 through 9.20.22 BIND 9 versions 9.21.7 through 9.21.21 BIND 9 versions 9.18.36-S1 through 9.18.48-S1 BIND 9 versions 9.20.9-S1 through 9.20.22-S1 Description An unbounded resend lo...

CVE-2024-36323

Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine VM or a process to perform unauthorized access to the register space of the JPEG cores assigned a victim VM/process, potentially gaining arbitrary read/write access to the victim VM/process data...

Command Injection

mcp-server-semgrep is vulnerable to Command Injection. The vulnerability is due to improper sanitization of the ID argument in multiple MCP interface functions, which allows an attacker to inject and execute arbitrary OS commands remotely...

Chromium: CVE-2026-8531 Heap buffer overflow in WebML

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Improper Isolation or Compartmentalization

Overview boxlite is a Python bindings for Boxlite runtime Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the mounting of host directories in read-only mode into VM. An attacker can gain unauthorized write access to the host filesystem by remounti...

CVE-2024-36323

Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine VM or a process to perform unauthorized access to the register space of the JPEG cores assigned a victim VM/process, potentially gaining arbitrary read/write access to the victim VM/process data...

CVE-2026-0427

Improper cleanup of shared register resources in GPU firmware could allow an admin-privileged attacker from a Guest Virtual machine VM to access these shared resources from another Guest VM, potentially resulting in the loss of confidentiality, integrity, or availability...

CVE-2024-36332

Improper isolation of GPU HW register space could allow a privileged attacker in malicious Guest Virtual Machine VM to perform unauthorized access to specific victim range of GPU MMIO register space, potentially causing the host OS to reboot and creating a Denial of Service DOS condition...