RAVEN: Retrieval-Augmented Vulnerability Exploration Network for Memory Corruption Analysis in User Code and Binary Programs

Large Language Models LLMs have demonstrated remarkable capabilities across various cybersecurity tasks, including vulnerability classification, detection, and patching. However, their potential in automated vulnerability report documentation and analysis remains underexplored. We present RAVEN...

Metasploit Wrap-Up 04/17/2026

Happy Friday - Seven New Metasploit Modules We’re happy to announce that Metasploit Framework had a big week, landing seven new modules alongside various bug fixes and enhancements. This week’s highlights include RCE modules targeting AVideo, openDCIM, Selenium Grid/Selenoid, and ChurchCRM. On th...

GHSA-P93R-85WP-75V3 Bouncy Castle Has Covert Timing Channel Vulnerability

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.84...

SUSE CVE-2026-0636

Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all prov modules. This vulnerability is associated with program files LDAPStoreHelper. This issue affects BC-JAVA: from 1.74 before 1.80.2, from...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007220)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007220 advisory. Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM md, raid, raid5 modules allows Forced Integer Overflow. Tenable has...

[SECURITY] Fedora 44 Update: kf6-kded-6.25.0-1.fc44

KDED stands for KDE Daemon which isn't very descriptive. KDED runs in the background and performs a number of small tasks. Some of these tasks are built in, others are started on demand. Custom KDED modules can be provided by 3rd party frameworks and applications...

[SECURITY] Fedora 44 Update: kf6-kdbusaddons-6.25.0-1.fc44

KDBusAddons provides convenience classes on top of QtDBus, as well as an API to create KDED modules...

[SECURITY] Fedora 44 Update: extra-cmake-modules-6.25.0-1.fc44

Additional modules for CMake build system needed by KDE Frameworks...

GHSA-XHMJ-RG95-44HV Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox

Summary A Server-Side Request Forgery SSRF protection bypass vulnerability exists in the Custom Function feature. While the application implements SSRF protection via HTTPDENYLIST for axios and node-fetch libraries, the built-in Node.js http, https, and net modules are allowed in the NodeVM sandb...

Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox

Summary A Server-Side Request Forgery SSRF protection bypass vulnerability exists in the Custom Function feature. While the application implements SSRF protection via HTTPDENYLIST for axios and node-fetch libraries, the built-in Node.js http, https, and net modules are allowed in the NodeVM sandb...

[SECURITY] Fedora 42 Update: perl-5.40.4-520.fc42

Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...

CVE-2026-40960

CVE-2026-40960 : Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. When at least one mod is listed as secure.trusted_mods or secure.http_mods , a crafted mod can intercept the request for the insecure environment or HTTP API and also gain access to it. This vul...

CVE-2026-40960

Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trustedmods or secure.httpmods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it...

Fedora 44 : aurorae / bluedevil / breeze-gtk / extra-cmake-modules / etc (2026-fe3d8d4767)

The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-fe3d8d4767 advisory. Frameworks 6.25.0 + KDE Plasma 6.6.4 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has n...

Luanti 安全漏洞

Luanti is an open-source voxel game engine developed by Luanti itself, supporting mods and game creation. Versions of Luanti prior to 5.5.2 contained security vulnerabilities. These vulnerabilities were caused by improper security environment configuration, which could allow custom modules to...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nginx: nginx-1.30.0-1.hum1 aarch64, x8664 nginx-all-modules-1.30.0-1.hum1 noarch nginx-core-1.30.0-1.hum1 aarch64, x8664 nginx-filesystem-1.30.0-1.hum1 noarch nginx-mod-devel-1.30.0-1.hum1 aarch6...

CVE-2026-6245

A flaw was found in the System Security Services Daemon SSSD. The pampasskeychildreaddata function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit termination, it results in an...

CVE-2026-6245 Sssd: out-of-bounds read in the sssd

A flaw was found in the System Security Services Daemon SSSD. The pampasskeychildreaddata function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit termination, it results in an...

EUVD-2026-22840

Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts. The makesalt and makesaltbcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are unavailable, it will simply...

MGASA-2026-0097 Updated kernel, kmod-virtualbox & kmod-xtables-addons packages fix security vulnerabilities

Upstream kernel version 6.6.130 fixes bugs and vulnerabilities. The kmod-virtualbox & kmod-xtables-addons packages have been updated to work with this new kernel...