Security Bulletin: Multiple Vulnerabilities in IBM Library Support for Spring

Summary Multiple vulnerabilities were addressed in IBM Library Support for Spring 3.2.26 Vulnerability Details CVEID:CVE-2026-40972 DESCRIPTION: An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In...

Security Bulletin: Multiple Vulnerabilities in IBM Library Support for Spring

Summary Multiple vulnerabilities were addressed in IBM Library Support for Spring 2.7.38 Vulnerability Details CVEID:CVE-2026-40972 DESCRIPTION: An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In...

SWPT-Notes

SWPT-Notes Personal study notes compiled while working throug...

evershop-stored-xss-cve

Security Vulnerability Disclosure – Stored XSS via File Upload...

wpsecscan

WPSecScan !testshttps://github.com/bryanflowers/wpsecscan...

xss_scanner

XSS Scanner – Automated Cross-Site Script Vulnerability Scanne...

Exploit for CVE-2026-6279

CVE-2026-6279 CVE-2026-6279: Avada Fusion Builder = 3.15...

Exploit for CVE-2026-9018

CVE-2026-9018 CVE-2026-9018 — Easy Elements for Elementor ≤...

Exploit for CVE-2026-6960

CVE-2026-6960 — BookingPress Pro ≤ 5.6 | Unauthenticated Arbit...

Malicious code in token-usage-tracker (npm)

Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...

AI-Driven Adaptive Adversaries and the Erosion of Cryptographic Trust in Public Key Systems

This paper examines the erosion of Public Key Cryptography PKC security under adaptive adversarial optimisation driven by artificial intelligence. The problem addressed is the growing mismatch between algorithm-centric cryptographic security models and operational attack realities, where...

MAL-2026-4283 Malicious code in token-usage-tracker (npm)

Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...

Security Bulletin: IBM Cognos Analytics Mobile is affected by multiple security vulnerabilties

Summary IBM Cognos Analytics Mobile is affected by multiple security vulnerabilities. These have been addressed in IBM Cognos Analytics Mobile 1.1.26. Vulnerability Details CVEID:CVE-2026-26278 DESCRIPTION: fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS...

Exploit for Origin Validation Error in Langflow

CVE-2025-34291 — Langflow Origin Validation / CORS...

Exploit for OS Command Injection in Beyondtrust Privileged_Remote_Access

CVE-2026-1731 — BeyondTrust Remote Support & PRA Pre-auth RCE...

Exploit for Command Injection in Github Enterprise_Server

CVE-2026-3854 — GitHub Enterprise Server RCE via Push Option I...

Exploit for Incorrect Implementation of Authentication Algorithm in Google Android

CVE-2026-0073 — Android Debug Bridge ADB Auth Bypass RCE...

Exploit for Out-of-bounds Write in Paloaltonetworks Pan-Os

CVE-2026-0300 — Palo Alto Networks PAN-OS BOF RCE root...

Exploit for CVE-2026-9082

CVE-2026-9082 — Drupal PostgreSQL SQL Injection Mass Scanner & E...

Security Bulletin: Multiple vulnerabilities in Aspera applications.

Summary Multiple vulnerabilities were addressed in IBM Aspera High-Speed Transfer Endpoint 4.4.7 Fix Pack 2 and IBM Aspera High-Speed Transfer Server 4.4.7 Fix Pack 2 Vulnerability Details CVEID:CVE-2026-7876 DESCRIPTION: IBM Aspera High-Speed Transfer Server and IBM Aspera High-Speed Transfer...