PT-2026-48807

Name of the Vulnerable Software and Affected Versions Arc versions prior to 26.06.1 Description Arc registers Go net/http/pprof handlers at the /debug/pprof/ endpoint. Due to a configuration where /debug/pprof is added to PublicPrefixes and the authentication middleware short-circuits before toke...

CVE-2026-42326

A flaw was found in ImageMagick, a software used for editing and manipulating digital images. A local attacker could exploit this vulnerability by providing a malicious input file. When ImageMagick attempts to write an IPTC output file, this malicious input could cause the software to read beyond...

CVE-2026-46522

A flaw was found in ImageMagick. A remote attacker could provide a specially crafted MIFF Magick Image File Format file, which, due to a missing check in the MIFF decoder, would lead to an infinite loop. This vulnerability results in CPU exhaustion, causing a Denial of Service DoS for the affecte...

CVE-2026-46523

A flaw was found in ImageMagick, a free and open-source software used for editing and manipulating digital images. A remote attacker could exploit this vulnerability by providing a specially crafted MSL Magick Scripting Language image. Processing this malicious image could trigger a...

CVE-2026-45359

A flaw was found in ImageMagick. A local attacker could exploit this vulnerability by providing an invalid 'connected-components:keep-top' value during image processing. This could lead to a heap buffer over-read, potentially resulting in information disclosure or a denial of service DoS...

CVE-2026-10143

A flaw was found in kafka-python. A malicious or machine-in-the-middle broker could exploit a denial-of-service vulnerability during SCRAM authentication. By providing an excessively large iteration count, the broker can cause the client's event loop to freeze. This prevents critical operations...

CVE-2026-10233

A flaw was found in Assimp, within its Half-Life 1 MDL Loader component. A local attacker could exploit an out-of-bounds read vulnerability by manipulating specific input. This could lead to the disclosure of sensitive information. Mitigation Mitigation for this issue is either not available or t...

CVE-2026-42764

A flaw was found in the OpenSSL QUIC Quick UDP Internet Connections server. A remote attacker could send a specially crafted QUIC initial packet with an invalid token. If the server's address validation is explicitly disabled, this could lead to a NULL pointer dereference, causing the server...

CVE-2026-45446

A flaw was found in OpenSSL. The implementations of AES-SIV Advanced Encryption Standard - SIV and AES-GCM-SIV Advanced Encryption Standard - Galois/Counter Mode - SIV incorrectly process authentication tags for empty messages. This vulnerability allows a remote attacker to forge empty messages...

CVE-2026-34183

A flaw was found in OpenSSL's QUIC PATHCHALLENGE handler. A remote attacker can exploit this vulnerability by flooding a QUIC client or server with specially crafted PATHCHALLENGE frames. This leads to unbounded memory allocation within the local QUIC stack, as the system continuously allocates...

PT-2026-48473

Name of the Vulnerable Software and Affected Versions go-base versions prior to the May 17, 2026 patch Description The software contains a hardcoded JWT signing secret set to "random" in the dev.env template and as a programmatic fallback in the viper.SetDefault function within cmd/serve.go. A...

EulerOS 2.0 SP13 : curl (EulerOS-SA-2026-2326)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libcurl can in some circumstances reuse the wrong connection when asked to dox000D an Negotiate-authenticated HTTP or HTTPS request.x000D x000D...

EulerOS 2.0 SP13 : kata-containers (EulerOS-SA-2026-2292)

"According to the versions of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...

terraform-aws-wafacl-golden

terraform-aws-wafacl-golden !Terraformhttps://img.shields...

secure-banking-app

secure-banking-app...

When Discovery Outpaces Remediation: Modeling AI-Accelerated Vulnerability Discovery in Interconnected Systems

Advanced AI systems for code analysis, binary analysis, fuzzing orchestration, and penetration-test planningmay significantly increase the rate at which latent vulnerabilities are discovered. While improved discovery can benefit defenders, it can also overload remediation pipelines and accelerate...

Evaluating and Combating the Impact of Concept Drift on the Performance of Machine Learning-Based Phishing Detection Systems

The expansion of the digital domain has resulted in a substantial increase in digital communication, with email emerging as one of the most prominent channels. The proliferation of email communication is apparent in both professional and personal contexts, thereby creating numerous vulnerabilitie...

AI Researchers Must Help Lead Arms Control to Mitigate Military AI Risks

The advancement of AI capabilities compels researchers and the public to be more aware of its potential worldwide impact. A pressing near-term concern is the regulation of military AI applications. Armament manufacturers and defense contractors are increasingly investing in AI capabilities and...

EulerOS 2.0 SP11 : glibc (EulerOS-SA-2026-2205)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The iconv function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or...

EulerOS 2.0 SP11 : glibc (EulerOS-SA-2026-2243)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The iconv function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or...