CVE-2026-30306

In its design for automatic terminal command execution, SakaDev offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be...

CVE-2026-30306

In its design for automatic terminal command execution, SakaDev offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be...

CVE-2026-30308

In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe commands and Execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a...

CVE-2026-32924 OpenClaw < 2026.3.12 - Authorization Bypass via Misclassified Reaction Events in Feishu

OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where Feishu reaction events with omitted chattype are misclassified as p2p conversations instead of group chats. Attackers can exploit this misclassification to bypass groupAllowFrom and requireMention protections in group...

CVE-2026-30304

In its design for automatic terminal command execution, AI Code offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be...

CVE-2026-33216

A flaw was found in NATS-Server, a high-performance server for the NATS.io messaging system. For MQTT deployments utilizing usercodes and passwords, the MQTT passwords were mistakenly categorized as non-authenticating identity statements JSON Web Tokens - JWT. This misclassification leads to the...

CVE-2026-29783

The shell tool within GitHub Copilot CLI versions prior to and including 0.0.422 can allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files, MCP server...

Can You Tell It'S AI? Human Perception of Synthetic Voices in Vishing Scenarios

Large Language Models and commercial speech synthesis systems now enable highly realistic AI-generated voice scams vishing, raising urgent concerns about deception at scale. Yet it remains unclear whether individuals can reliably distinguish AI-generated speech from human-recorded voices in...

CVE-2026-25609

Incorrect validation of the profile command may result in the determination that a request altering the 'filter' is read-only...

PT-2026-7437

Name of the Vulnerable Software and Affected Versions versions prior to 2026 Description A flaw exists due to incorrect validation of the profile command, potentially leading to a misidentification of requests altering the 'filter' as read-only. The issue may permit unauthorized configuration...

CVE-2025-12899

A flaw in Zephyr’s network stack allows an IPv4 packet containing ICMP type 128 to be misclassified as an ICMPv6 Echo Request. This results in an out-of-bounds memory read and creates a potential information-leak vulnerability in the networking subsystem...

PT-2026-5379

A flaw in Zephyr’s network stack allows an IPv4 packet containing ICMP type 128 to be misclassified as an ICMPv6 Echo Request. This results in an out-of-bounds memory read and creates a potential information-leak vulnerability in the networking subsystem...

Uncovering and Understanding FPR Manipulation Attack in Industrial IoT Networks

In the network security domain, due to practical issues -- including imbalanced data and heterogeneous legitimate network traffic -- adversarial attacks in machine learning-based NIDSs have been viewed as attack packets misclassified as benign. Due to this prevailing belief, the possibility of...

CVE-2026-22607

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user relies on...

CVE-2026-22606

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python’s runpy module as unsafe. Because of this, a malicious pickle that uses runpy.runpath or runpy.runmodule is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user...

Linux Distros Unpatched Vulnerability : CVE-2025-68767

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hfsplus: Verify inode mode when loading from disk syzbot is reporting that SIFMT bits of inode-imode can become bogus when the SIFMT bits of the 16bits mode fie...

CVE-2026-22606

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python’s runpy module as unsafe. Because of this, a malicious pickle that uses runpy.runpath or runpy.runmodule is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user...

CVE-2026-22607

Summary (CVE-2026-22607 – Fickling) Fickling (Python pickling decompiler/static analyzer) versions up to and including 0.1.6 fail to treat the Python module cProfile as unsafe. This causes a malicious pickle using cProfile.run() to be classified as SUSPICIOUS rather than OVERTLY_MALICIOUS, potent...

CVE-2026-22607 Fickling Blocklist Bypass: cProfile.run()

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user relies on...

CVE-2026-22607 Fickling Blocklist Bypass: cProfile.run()

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user relies on...