66 matches found
GHSA-3RJW-M598-PQ24 Cmov/CmovEq on aarch64 can produce wrong results if high-bits of registers are set
Summary The aarch64 implementations of Cmov and CmovEq seem to assume that the high bits when loading a value of size smaller than a register into a register are zero-extended. However, this is not the case and these bits are unspecified. This can result in a left.cmovz&right, condition not movin...
GHSA-P39J-X9H5-Q66M OpenClaw: Embedded runner policy could be confused by provider aliases
Summary Embedded runner policy could be confused by provider aliases. In affected versions, a request using provider aliases could compare policy against an alias instead of the canonical provider identity. This advisory is scoped to the named feature and configuration. It does not change...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: BPF: Narrow access to the pointer ctx fields is now rejected. The following BPF program, simplified from a syzkaller repro, causes a kernel warning: c r0 = u8 r1 + 169; exit; Here, the pointer field sk is located at offset 168 in...
GHSA-FCVX-5CXC-V5P8 OpenClaw: Slack reaction events could ignore reaction notification settings
Summary Slack reaction events could ignore reaction notification settings. In affected versions, a Slack reaction event delivered to the configured app could enter the agent pipeline even when reaction notifications were disabled. This advisory is scoped to the named feature and configuration. It...
Operationalizing Cyber Attack Prediction: A Gap-Prioritized Framework with Dataset and Model Selection Guidelines
While AI and machine learning for cyber attack prediction have advanced, a critical gap persists between theoretical research and practical operational deployment. Building on Ankalaki et al. 2025, this paper provides a comprehensive analysis of 150+ benchmark datasets and 200+ studies to identif...
Important: kernel6.12
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: bpf: Reject narrower access to pointer ctx fields CVE-2025-38591 In the Linux kernel, the following vulnerability has been resolved: schedext: Fix possible deadlock in the deferredirqworkfn CVE-2025-68333 In the...
Malicious code in narrow-array (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 508eafee6916ba29ade3caf0722e7bffe693e53fa35a4e74f0dc385950778f34 The package narrow-array was found to contain malicious code. Source: ghsa-malware 8bbee1a11c9aa9d6feb751063161f9802c6245890a9764cdddf190d3357df462 A...
MAL-2026-827 Malicious code in narrow-array (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 508eafee6916ba29ade3caf0722e7bffe693e53fa35a4e74f0dc385950778f34 The package narrow-array was found to contain malicious code. Source: ghsa-malware 8bbee1a11c9aa9d6feb751063161f9802c6245890a9764cdddf190d3357df462 A...
Malicious Package
Overview narrow-array is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Corrupting LLMs Through Weird Generalizations
Fascinating research: Weird Generalization and Inductive Backdoors: New Ways to Corrupt LLMs. Abstract LLMs are useful because they generalize so well. But can you have too much of a good thing? We show that a small amount of finetuning in narrow contexts can dramatically shift behavior outside...
EUVD-2025-96245
Malicious code in narrowherringz3n npm...
EUVD-2025-96243
Malicious code in narrowwhitefishz3n npm...
EUVD-2025-96244
Malicious code in narrowlarkz3n npm...
EUVD-2025-76220
Malicious code in narrownightingale-teagooddev npm...
EUVD-2025-76222
Malicious code in narrowclam-appteadev npm...
Malicious code in narrow_squid_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8aeb0882b90665b586991b69a06706e91b76b1b418a55ecdcb5e1381a19f4fb2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-62976
Malicious code in narrowchipmunkz3n npm...
MAL-2025-95581 Malicious code in narrow_hoverfly_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 559729deed09faf0fe25181b95476de33f16a2b95c9c1db8993e892da9594ec2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-62972
Malicious code in narrowmockingbirdrequirement npm...
EUVD-2025-62977
Malicious code in narrowamphibianz3n npm...