CVE-2026-46256

In the Linux kernel, the following vulnerability has been resolved: NFS/localio: prevent direct reclaim recursion into NFS via nfswritepages LOCALIO is an NFS loopback mount optimization that avoids using the network for READ, WRITE and COMMIT if the NFS client and server are determined to be on...

Astro - Unauthorized Third-Party Image Access

Astro 5.13.2 and 4.16.18 contains an information disclosure vulnerability caused by improper validation of protocol-relative URLs in the image optimization endpoint, letting attackers serve images from unauthorized third-party domains, exploit requires on-demand rendering deployment. id:...

Verint Workforce Optimization 15.2.8.10048 - Cross-Site Scripting

Verint Workforce Optimization 15.2.8.10048 contains a cross-site scripting vulnerability via the control/mynotifications NEWUINAV parameter. id: CVE-2021-36450 info: name: Verint Workforce Optimization 15.2.8.10048 - Cross-Site Scripting author: atomiczsec severity: medium description: Verint...

CVE-2026-44577

A flaw was found in Next.js. When self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. A remote attacker could exploit this by requesting large local assets from the /next/image endpoint...

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in Next.js (CVE-2025-57752 and CVE-2025-55173)

Summary The vulnerabilities CVE-2025-57752 Cache Key Confusion / Cache Deception and CVE-2025-55173 Content Injection / Arbitrary File Delivery in the Next.js framework have been completely resolved by upgrading the dependency from version 14.2.26 to 15.5.15. Vulnerability Details...

SUSE CVE-2026-9986

Insufficient validation of untrusted input in OptimizationGuide in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: High...

Framework for Discovering GPS Spoofing Attacks in Drone Swarms

Swarm robotics, particularly drone swarms, are used in various safety-critical tasks. While a lot of attention has been given to improving swarm control algorithms for improved intelligence, the security implications of various design choices in swarm control algorithms have not been studied. We...

Optimal Routing and Link Configuration for Covert Heterogeneous Wireless Networks in the Presence of a Friendly Jammer

In modern radio networks, nodes frequently access multiple communication interfaces such as WiFi, cellular, LoRa, and Zigbee. Optimal utilization of such heterogeneous networks HetNets at link and network levels is essential for ensuring efficient and secure communication. Some applications requi...

CVE-2026-47742 Shopper: Missing authorization on Product admin Livewire sub-form components

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Sub-form Livewire components used in the product editor Edit, Inventory, Seo, Shipping, Files had no authorization on their store method. Any authenticated panel user, regardless of role, could mutate any product's pricing, stock, SEO...

CVE-2025-12714 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.271 - Missing Authorization to Unauthenticated Homepage Settings Modification

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the updatesiteeditorhomepage function in all versions up to, and including, 1.0.271. This makes it possible for unauthenticated attackers to...

CVE-2026-9986

An insufficient validation of untrusted input flaw was found in the OptimizationGuide component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513028160...

Linux Distros Unpatched Vulnerability : CVE-2026-9986

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in OptimizationGuide in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the...

BadBone: Backdoor Attacks against Backbone Models in Visual Prompt Learning

Prompt learning is a new machine learning paradigm that has attracted ample attention due to its simplicity and proven efficacy. Despite its growing adoption, the security vulnerabilities associated with this paradigm remain underexplored. In this work, we take the first step to propose BadBone, ...

DEBIAN-CVE-2026-9986

Insufficient validation of untrusted input in OptimizationGuide in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: High...

CVE-2026-9986

Insufficient validation of untrusted input in OptimizationGuide in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: High...

CVE-2026-9986

Insufficient validation of untrusted input in OptimizationGuide in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: High...

CVE-2026-9986

The CVE-2026-9986 entry concerns the Chromium-based Google Chrome component OptimizationGuide. Affected product: Google Chrome (OptimizationGuide in Chromium). The flaw is insufficient validation of untrusted input, exploitable when an attacker who has compromised the renderer process crafts an H...

CVE-2026-9986

Insufficient validation of untrusted input in OptimizationGuide in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: High...

CVE-2026-9986

Insufficient validation of untrusted input in OptimizationGuide in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: High...

Hijacking Agent Memory: Stealthy Trojan Attacks through Conversational Interaction

Large language model LLM agents increasingly leverage long term memory to support persistent and autonomous task execution. However, this capability also introduces a new attack surface: memory poisoning, where adversaries can inject malicious information to influence future behavior. Existing...