CLSA-2026-1778488382 java-1.8.0-openjdk: Fix of 8 CVEs

Update to shenandoah-jdk8u492-b09 - Security fixes from OpenJDK 8u492-b09: - CVE-2026-22003: enhance behavior of some intrinsics - CVE-2026-22007: enhance crypto algorithm support - CVE-2026-22013: improve Kerberos credentialing - CVE-2026-22018: enhance Zip file reading - CVE-2026-22021: enhance...

Security Bulletin: IBM App Connect for Manufacturing is vulnerable to multiple vulnerabilities due to Netty and jackson-core (CVE-2026-33870, WS-2026-003)

Summary IBM App Connect for Manufacturing is vulnerable to a request smuggling attack and a Denial of Service attack due to Netty and jackson-core. Vulnerability Details CVEID:CVE-2026-33870 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to...

Security Bulletin: IBM App Connect for Manufacturing is vulnerable to multiple vulnerabilities due to Apache Log4j and Bouncy Castle.

Summary IBM App Connect for Manufacturing is vulnerable to multiple vulnerabilities due to Apache Log4j and Bouncy Castle. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostnam...

PT-2026-39877

MantisBT permits a user to list and download their own attachments from an Issue created by another user, even after that Issue becomes private and direct access to it is denied. Impact The loss of confidentiality caused by this vulnerability is minimal, considering that only the attachments that...

📄 Car Rental Script 4.0 Cross Site Scripting

Car Rental Script version 4.0 suffers from a cross site scripting vulnerability. Titles: Car-Rental-Script4.0-XSS-Reflected Cross-site scripting reflected Author: nu11secur1ty Date: 05/08/2026 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/car-rental-script/ Reference:...

📄 Grafana 11.2.0 Server-Side Request Forgery

This Python script targets a server-side request forgery vulnerability in Grafana version 11.2.0. It abuses a path traversal flaw in the /render endpoint to make the server send requests to internal or otherwise restricted resources...

Wireshark MCP 路径遍历漏洞

Wireshark MCP is a network packet intelligence analysis tool developed by Bpple’s individual developer. Versions of Wireshark MCP 1.1.5 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the wiresharkexportobjects MCP tool accepting a destdir parameter controlle...

Re-Triggering Safeguards within LLMs for Jailbreak Detection

This paper proposes a jailbreaking prompt detection method for large language models LLMs to defend against jailbreak attacks. Although recent LLMs are equipped with built-in safeguards, it remains possible to craft jailbreaking prompts that bypass them. We argue that such jailbreaking prompts ar...

Key Encapsulation Mechanism-Based Integrated Encryption Scheme (KEM-IES)

The Elliptic Curve Integrated Encryption Scheme ECIES is widely regarded as a practical method and has been adopted by multiple standards. However, the advancement of quantum computing technologies poses potential security risks to ECIES. Therefore, this study proposes a Key Encapsulation...

PT-2026-39673

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.6 Description In standard channels where channel.type is neither group nor dm, the endpoint "POST /api/v1/channels/channel id/messages/message id/update" can be accessed with read permission only. When access...

📄 WordPress Madera 2.2.2 Local File Inclusion

This Python script exploits a local file inclusion vulnerability in the WordPress Madara theme. It interacts with the admin-ajax.php endpoint to load sensitive files from the server, potentially leading to the exposure of system or application data. It affects version 2.2.2...

Unity Linux 20.1060e / 20.1070e Security Update: binutils (UTSA-2026-017420)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017420 advisory. An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequence...

Unity Linux 20.1070e Security Update: ImageMagick (UTSA-2026-017464)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017464 advisory. ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and...

Debian dla-4579 : python-authlib-doc - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4579 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4579-1 [email protected]...

📄 CairoSVG Denial of Service

CairoSVG versions prior to 2.9.0 suffer from a recursive denial of service vulnerability. CVE-2026-31899: Exponential DoS via Recursive Element Amplification in CairoSVG Keywords: CVE-2026-31899, CairoSVG, exponential DoS, SVG bomb, recursive use element, denial of service, XML amplification,...

📄 MATLAB R2024a Code Execution / Information Disclosure

MATLAB R2024a suffers from a remote code execution vulnerability as well as a sandbox escape that allows for information disclosure. ================================================================================================================================== | Title : MATLAB R2024a RCE | |...

Unity Linux 20.1060e / 20.1070e Security Update: exiv2 (UTSA-2026-017657)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017657 advisory. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inefficient algorithm quadratic...

MiracleLinux 9 : java-17-openjdk-17.0.19.0.10-2.el9.ML.1 (AXSA:2026-599:08)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-599:08 advisory. JDK: Enhance crypto algorithm support CVE-2026-22007 JDK: Improve Kerberos credentialing CVE-2026-22013 JDK: Enhance Path Factories Redux...

MiracleLinux 8 : java-21-openjdk-21.0.11.0.10-1.el8.ML.1 (AXSA:2026-578:05)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-578:05 advisory. JDK: Enhance crypto algorithm support CVE-2026-22007 JDK: Improve Kerberos credentialing CVE-2026-22013 JDK: Enhance Path Factories Redux...

📄 Adobe DNG SDK Integer Overflow Proof of Concept Generator

This is a proof of concept tool to generate an integer overflow condition in the Adobe DNG SDK to achieve arbitrary code execution. integer overflow during image processing...