Astra Linux - уязвимость в thunderbird

An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. Note: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 106...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: s390: Disable ARCHWANTOPTIMIZEHUGETLBVMEMMAP According to Luiz Capitulino, enabling HVO on s390 leads to reproducible crashes. The problem arises from kernel page tables being modified without flushing the corresponding TLB...

Astra Linux - уязвимость в sqlite3

In SQLite 3.31.1, the isAuxiliaryVtabOperator function allows attackers to trigger a NULL pointer dereferencing and segmentation fault due to generated column optimizations...

@neural-trader/example-logistics-optimization (=1.0.0), strange-loops (>=1.0.2 <=1.0.3) potentially affected by CVE-2026-7645 via sublinear-time-solver (=1.5.0)

sublinear-time-solver NPM version =1.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on sublinear-time-solver and may be impacted: - @neural-trader/example-logistics-optimization =1.0.0 - strange-loops =1.0.2, =1.0.3 Source cves: CVE-2026-7645 Source...

@neural-trader/example-logistics-optimization (=1.0.0), strange-loops (>=1.0.2 <=1.0.3) potentially affected by CVE-2026-7645 via sublinear-time-solver (=1.5.0)

sublinear-time-solver NPM version =1.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on sublinear-time-solver and may be impacted: - @neural-trader/example-logistics-optimization =1.0.0 - strange-loops =1.0.2, =1.0.3 Source cves: CVE-2026-7645 Source...

Self-Adaptive Multi-Agent LLM-Based Security Pattern Selection for IoT Systems

The adoption of Internet of Things IoT systems at the network edge of smart architectures is increasing rapidly, intensifying the need for security mechanisms that are both adaptive and resource-efficient. In such environments, runtime defence mechanisms are no longer limited to detection alone b...

WordPress多款产品 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

Exploit for CVE-2026-31431

copy-fail-cve-2026-31431 Passive detection tooling and techni...

WordPress WP Meteor Website Speed Optimization Addon plugin <= 3.4.16 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Meteor Page Speed Optimization Topping versions = 3.4.16...

PT-2026-35910

The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'frontend rewrite' function's 'WPMETEORNWPMETEOR' placeholder content in all versions up to, and including, 3.4.16 due to insufficient input sanitization and output escaping...

Formulating Subgroup Discovery As a Quantum Optimization Problem for Network Security

While current network intrusion detection systems achieve satisfactory accuracy, they often lack explainability. Subgroup Discovery SD addresses this by building interpretable rules that characterize feature interactions associated with attack traffic. With large datasets, classical heuristic bea...

[SECURITY] Fedora 44 Update: libcgif-0.5.3-1.fc44

A fast and lightweight GIF encoder that can create GIF animations and images. Summary of the main features: - user-defined global or local color-palette with up to 256 colors limit of the GIF format - size-optimizations for GIF animations: - option to set a pixel to transparent if it has identica...

Adversarial Co-Evolution of Malware and Detection Models: A Bilevel Optimization Perspective

Machine learning-based malware detectors are increasingly vulnerable to adversarial examples. Traditional defenses, such as one-shot adversarial training, often fail against adaptive attackers who use reinforcement learning to bypass detection. This paper proposes a robust defense framework based...

libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion

A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to...

Adaptive Instruction Composition for Automated LLM Red-Teaming

Many approaches to LLM red-teaming leverage an attacker LLM to discover jailbreaks against a target. Several of them task the attacker with identifying effective strategies through trial and error, resulting in a semantically limited range of successes. Another approach discovers diverse attacks ...

Zio has SubFileSystem Path Confinement Bypass via Unresolved `..` Segment

Summary SubFileSystem fails to confine operations to its declared sub path when the input path is /../ or equivalents /../, /..\. This path passes all validation but resolves to the root of the parent filesystem, allowing directory level operations outside the intended boundary. Affected Componen...

Important: Red Hat Security Advisory: Red Hat AI Inference Server Model Optimization Tools 3.3.1 (CUDA)

Red Hat AI Inference Server Model Optimization Tools 3.3.1 CUDA is now available. Red Hat® AI Inference Server Model Optimization Tools...

Cross-site Scripting (XSS)

Overview @apostrophecms/seo is a SEO Tools for ApostropheCMS Affected versions of this package are vulnerable to Cross-site Scripting XSS in renderNodes, via SEO Title and Meta Description values, where user-controlled input is rendered without proper output encoding into HTML contexts such as...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when fetching from certain tables under specific configurations (CVE-2025-14688)

Summary IBM® Db2® is vulnerable to a denial of service when fetching from certain tables when the following configurations are set: DB2WORKLOAD=ANALYTICS or intraparallel is set to YES, as well as DB2EXTENDEDOPTIMIZATION=NLJNOFLOW ON. Vulnerability Details CVEID:CVE-2025-14688 DESCRIPTION: IBM Db...

LLM-Guided Prompt Evolution for Password Guessing

Passwords still remain a dominant authentication method, yet their security is routinely subverted by predictable user choices and large-scale credential leaks. Automated password guessing is a key tool for stress-testing password policies and modeling attacker behavior. This paper applies...