CVE-2026-44053 Weak cryptography in DHCAST128 UAM

Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain authentication credentials or impersonate a user via cryptanalytic attack...

CVE-2026-44053

Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain authentication credentials or impersonate a user via cryptanalytic attack...

CVE-2026-44053

Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain authentication credentials or impersonate a user via cryptanalytic attack...

Security Bulletin: Security vulnerabilities have been found in IBM Verify Identity Access OIDC Provider

Summary Security vulnerabilities have been addresed in IBM Verify Identity Access OIDC Provider Vulnerability Details CVEID:CVE-2026-39883 DESCRIPTION: OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to...

Malicious code in dot-utils-plus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3091b9bb8cbf714d9391a59f7303a3748e183bbdf0fba2264b7496a2072e717f On every import, dist/index.js base64-decodes a hardcoded AES-256-CBC ciphertext, derives a key from environment variable VITEDOTUTILSAESSECRET,...

MAL-2026-4549 Malicious code in dot-utils-plus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3091b9bb8cbf714d9391a59f7303a3748e183bbdf0fba2264b7496a2072e717f On every import, dist/index.js base64-decodes a hardcoded AES-256-CBC ciphertext, derives a key from environment variable VITEDOTUTILSAESSECRET,...

[SECURITY] Fedora 43 Update: rsync-3.4.1-6.fc43

Rsync uses a reliable algorithm to bring remote and host files into sync very quickly. Rsync is fast because it just sends the differences in the files over the network instead of sending the complete files. Rsync is often used as a very powerful mirroring process or just as a more capable...

autopenx

AutoPenX – A fully automated CTF-solving & penetration testing...

PT-2026-42614

📋 Reframing 2026-05-02: implicit unsafe remote-code path, not "supply-chain" The accurate description of this vulnerability is: "get model arch and related helpers hardcode trust remote code=True with no opt-out, creating an implicit unsafe remote-code load path on every model fetch." What this...

PT-2026-42410

Name of the Vulnerable Software and Affected Versions Netatalk versions 1.5.0 through 4.2.2 Description The DHCAST128 UAM User Authentication Module uses a broken cryptographic algorithm. This allows a remote attacker to perform a cryptanalytic attack to obtain authentication credentials or...

PT-2026-42624

Summary Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. One of the core security features claimed by Boxlite is the ability to mount host directories in read-only mode read only=True into the ...

PT-2026-42625

Title Unchecked CryptoVec allocation and growth handling was reachable from local agent inputs in current russh releases and from remote SSH traffic in historical pre-0.58.0 releases Summary CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths...

PT-2026-42607

Summary The SSRF mitigation added in commit 33c55da for GHSA-7gvf-3w72-p2pg is incomplete. The PREREQFUNCTION-based private IP check was correctly applied to HTTPChunk download path but not to HTTPRequest used by the parse urls API. An authenticated attacker can supply a URL pointing to an...

Innovations in Cardless Artificial Intelligence Banking: A Comprehensive Framework for Cyber Secure and Fraud Mitigation Using Machine Learning Algorithms

The advent of cardless artificial intelligence AI banking heralds a paradigm shift in the financial landscape, offering users unprecedented security and convenience. This paper outlines a comprehensive framework designed to enhance cybersecurity, introduce auto-generated virtual cards, and mitiga...

Netatalk 加密问题漏洞

Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 1.5.0 to 4.2.2 of Netatalk contained vulnerabilities related to encryption. These vulnerabilities stemmed from the use of ...

PT-2026-42632

Summary lmdeploy hardcodes trust remote code=True in multiple HuggingFace model-loading call sites. The affected code paths are in: text lmdeploy/archs.py lmdeploy/utils.py The vulnerable call sites pass trust remote code=True into HuggingFace Transformers APIs such as AutoConfig.from pretrained,...

PT-2026-42597

Impact The ajax lookup endpoint in application.py bypasses the is accessible access control check that all other endpoints enforce. If a developer restricts model access by overriding is accessible, an authenticated user can still query that model's data through the ajax lookup endpoint — silentl...

PT-2026-42534

Name of the Vulnerable Software and Affected Versions Kata Containers runtime-rs versions prior to 3.31.0 Description A symlink escape exists when virtiofsd is run as root with the flags --sandbox none and --seccomp none. A raw FUSE SYMLINK request allows a guest root user to create symlinks owne...

PT-2026-42620

Summary Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and run OCI containers within them. Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in OCI images, Boxlite does not account for...

PT-2026-42640

Summary js-cookie's internal assign helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the JSON object's " proto " member is an own enumerable property, so the for…in enumerates it and the targetkey = sourcekey write triggers the...