12706 matches found
NFTDELTA: Detecting Permission Control Vulnerabilities in NFT Contracts through Multi-View Learning
Permission control vulnerabilities in Non-fungible token NFT contracts can result in significant financial losses, as attackers may exploit these weaknesses to gain unauthorized access or circumvent critical permission checks. In this paper, we propose NFTDELTA, a framework that leverages static...
Linux Distros Unpatched Vulnerability : CVE-2026-33018
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a Use-After-Free vulnerability via the loadgif...
CVE-2026-6388
A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates ...
CVE-2026-6388
The CVE describes a vulnerability in ArgoCD Image Updater where a user with rights to create/modify an ImageUpdater in a multi-tenant environment can bypass namespace boundaries due to insufficient validation. This leads to cross-namespace privilege escalation and unauthorized image updates on ap...
CVE-2026-6388 Argocd-image-updater: argocd image updater: cross-namespace privilege escalation via insufficient namespace validation
A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates ...
CVE-2026-6388
A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates ...
CVE-2026-6388 Argocd-image-updater: argocd image updater: cross-namespace privilege escalation via insufficient namespace validation
A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates ...
Velociraptor vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token
Velociraptor versions prior to 0.76.3 contain a vulnerability in the query plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with access in one org, to use the query plugin, in a notebook cell, to run VQL queries on other orgs which th...
SUSE CVE-2026-33018
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a Use-After-Free vulnerability via the loadgif function in fromgif.c, where a single sixelframet object is reused across all frames of an animated GIF and gifinitframe unconditionally...
Active HanGhost Loader Campaign Targets Enterprise Payment and Logistics Workflows
Active HanGhost Loader campaign targets enterprise payment and logistics workflows with fileless attacks, multi-stage execution, and stealthy malware delivery...
ps459
Multi-Firmware PS4 WebKit & Kernel Exploit Chain An exploit c...
Spring AI Agentic Patterns (Part 7): Session API — Event-Sourced Short-Term Memory with Context Compaction
A New Session API for Spring AI — Structured, Compactable, Multi-Agent-Ready Part 7 of theSpring AI Agentic Patterns series completes the memory picture. After covering Agent Skills, AskUserQuestionTool, TodoWriteTool, Subagent Orchestration, A2A Integration, and AutoMemoryTools for long-term...
RealVuln: Benchmarking Rule-Based, General-Purpose LLM, and Security-Specialized Scanners on Real-World Code
How do security scanners perform on real-world code? We present RealVuln, the first open-source benchmark comparing Rule-Based SAST, General-Purpose LLMs, and Security-Specialized scanners on 26 intentionally vulnerable Python repositories educational and Capture-The-Flag applications with 796...
MCPThreatHive: Automated Threat Intelligence for Model Context Protocol Ecosystems
The rapid proliferation of Model Context Protocol MCP-based agentic systems has introduced a new category of security threats that existing frameworks are inadequately equipped to address. We present MCPThreatHive, an open-source platform that automates the end-to-end lifecycle of MCP threat...
Missing Release of Memory after Effective Lifetime
Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
ImageMagick has a memory leak in PNG encoder when writing a MNG image
When the PNG encoder fails to write an MNG image it can leak memory...
GHSA-98CP-RJ9F-6V5G ImageMagick has has a stack-buffer-overflow in MNG encoder with oversized pallete
The patch for GHSA-7h7q-j33q-hvpf was incomplete and still allows a stack buffer overflow for the multi frame images...
CVE-2026-2396
The CVE affects the WordPress List View Google Calendar plugin (
GHSA-7JRQ-Q4PQ-RHM6 Oxia's TLS CA certificate chain validation fails with multi-certificate PEM bundles
Summary The trustedCertPool function in the TLS configuration only parses the first PEM block from CA certificate files. When a CA bundle contains multiple certificates e.g., intermediate + root CA, only the first certificate is loaded. This silently breaks certificate chain validation for mTLS...
CVE-2026-33018
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a Use-After-Free vulnerability via the loadgif function in fromgif.c, where a single sixelframet object is reused across all frames of an animated GIF and gifinitframe unconditionally...