Security update for glibc (important)

openSUSE security update: security update for glibc ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20133-1 Rating: important References: bsc1236282 bsc1256436 bsc1256766 bsc1256822 bsc1257005 Cross-References: CVE-2025-0395 CVE-2025-15281...

Denial Of Service (DoS)

Next.js is vulnerable to Denial Of Service DoS. The vulnerability is due to the image optimization endpoint loading external images into memory without enforcing a maximum size limit, which allows an attacker to request optimization of arbitrarily large images and trigger out-of-memory conditions...

SpyDir: Spy Device Localization through Accurate Direction Finding

Hidden spy cameras have become a great privacy threat recently, as these low-cost, low-power, and small form-factor IoT devices can quietly monitor human activities in the indoor environment without generating any side-channel information. As such, it is difficult to detect and even more...

OPENSUSE-SU-2026:20133-1 Security update for glibc

This update for glibc fixes the following issues: Security fixes: - CVE-2025-0395: Fixed buffer overflow in the assert function bsc1236282. - CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow bsc1256766. - CVE-2026-0915: Fixed uninitialized stack...

SUSE-SU-2026:20198-1 Security update for glibc

This update for glibc fixes the following issues: Security fixes: - CVE-2025-0395: Fixed buffer overflow in the assert function bsc1236282. - CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow bsc1256766. - CVE-2026-0915: Fixed uninitialized stack...

CLSA-2026-1769510148 python3: Fix of CVE-2025-12084

CVE-2025-12084: prevent quadratic algorithm when building nested elements by optimizing clearidcache dependency...

Allocation of Resources Without Limits or Throttling

Overview next is a react framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the fetchExternalImage function, which is used for image optimization and loads external images into memory without a maximum size limit. An attacker ca...

libpng: LIBPNG buffer overflow

A buffer overflow flaw has been discovered in libpng. An out-of-bounds read vulnerability exists in pngimagereadcomposite when processing palette images with PNGFLAGOPTIMIZEALPHA enabled. The palette compositing code in pnginitreadtransformations incorrectly applies background compositing during...

PT-2026-4816

Name of the Vulnerable Software and Affected Versions Next.js versions prior to 15.5.10 Next.js versions prior to 16.1.5 Description A denial of service issue exists in self-hosted Next.js applications utilizing the Image Optimizer with configured remotePatterns. The image optimization endpoint /...

Next.js security vulnerabilities

Next.js is a React framework open source by Vercel. There is a security vulnerability in Next.js, which stems from the image optimization endpoint not enforcing a maximum size limit. This could lead to memory exhaustion and denial of service...

AZL-78434 CVE-2025-71160 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: avoid chain re-validation if possible Hamza Mahfooz reports cpu soft lock-ups in nftchainvalidate: watchdog: BUG: soft lockup - CPU1 stuck for 27s! iptables-nft-re:37547 .. RIP: 0010:nftchainvalidate+0xcb/0x1...

CVE-2025-71160 netfilter: nf_tables: avoid chain re-validation if possible

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: avoid chain re-validation if possible Hamza Mahfooz reports cpu soft lock-ups in nftchainvalidate: watchdog: BUG: soft lockup - CPU1 stuck for 27s! iptables-nft-re:37547 .. RIP: 0010:nftchainvalidate+0xcb/0x1...

PINA: Prompt Injection Attack against Navigation Agents

Navigation agents powered by large language models LLMs convert natural language instructions into executable plans and actions. Compared to text-based applications, their security is far more critical: a successful prompt injection attack does not just alter outputs but can directly misguide...

MiracleLinux 7 : firefox-102.10.0-1.0.1.el7.AXS7 (AXSA:2023-5303:17)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5303:17 advisory. MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp BZ2186102 Mozilla: Fullscreen notification obscured CVE-2023-29533 Mozilla: Potential Memory...

MiracleLinux 9 : java-11-openjdk-11.0.22.0.7-2.el9.ML.1 (AXSA:2024-7450:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7450:05 advisory. OpenJDK: array out-of-bounds access due to missing range check in C1 compiler 8314468 CVE-2024-20918 OpenJDK: RSA padding issue and timing...

Post-Quantum Secure Aggregation Via Code-Based Homomorphic Encryption

Secure aggregation enables aggregation of inputs from multiple parties without revealing individual contributions to the server or other clients. Existing post-quantum approaches based on homomorphic encryption offer practical efficiency but predominantly rely on lattice-based hardness assumption...

Sockpuppetting: Jailbreaking LLMs without Optimization through Output Prefix Injection

As open-weight large language models LLMs increase in capabilities, safeguarding them against malicious prompts and understanding possible attack vectors becomes ever more important. While automated jailbreaking methods like GCG Zou et al., 2023 remain effective, they often require substantial...

CVE-2025-65117

The vulnerability, if exploited, could allow an authenticated miscreant Process Optimization Designer User to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements...

CVE-2025-65118

The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server...

CVE-2025-64769

The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted and could become subject to hijacking or data leakage in certain man-in-the-middle or passive inspection scenarios...