1051 matches found
CVE-2025-52645
HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour...
Malicious code in facebookresearch (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b2532cd269873dbda78f99b9e22ab736c64c48ba32fa5c27deaf173fdbf33397 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
CLSA-2026-1774373385 Update of lkrg-kmod
Split RPM specs according to Fedora kmod packaging guidelines, one spec for kmod, one for userspace - Import modsign macros if requested by the module build - Make lkrg into a meta package which pulls lkrg-kmod and the systemd unit definition - Add lkrgtest module for testing and demonstrating...
CVE-2026-3479
DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.getdata has the same security model as open. The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.getdata did...
EUVD-2025-208739
HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour...
CVE-2025-52645
HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour...
CVE-2025-52645 HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification.
HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour...
CVE-2025-52645
CVE-2025-52645 — HCL AION : The vulnerability concerns model packaging and distribution that may lack sufficient authenticity verification, allowing unverified or modified model artifacts and potential integrity concerns or unintended behavior. Affected product: HCL AION (AI lifecycle management ...
.NET Elevation of Privilege Vulnerability
Microsoft Security Advisory CVE-2026-26131 – .NET Elevation of Privilege Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 10.0. This advisory also provides guidance on what developers can do to update their...
Advanced Python Payload Encryption Framework with Hybrid Cryptography Steganography and Anti‑Debugging
This Python program implements an advanced payload protection framework that combines multiple security and obfuscation techniques to encrypt, package, and distribute Python code. The framework supports hybrid encryption, multi‑key protection, anti‑debugging checks, and optional steganographic...
PT-2026-23848
Name of the Vulnerable Software and Affected Versions dpkg-deb affected versions not specified Description The dpkg-deb component of the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive. This can lead to a...
OpenClaw has an unspecified vulnerability (CNVD-2026-13379)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from local helper scripts following symbolic links when packaging skills, which can be exploited by an attacker to cause unintentional disclosure of local files...
OESA-2026-1443 python-pip security update
pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 23.3.1 Release: 6 Summary: A...
CVE-2026-1442 Unitree UPK files Hard-Coded Key
Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker or anyone paying attention, the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree Go2 and other models...
Security Bulletin: IBM Installation Manager is affected by a vulnerability in the IBM SDK Java Technology Edition.
Summary There is a vulnerability in the IBM® SDK, Java™ Technology Edition Versions 8 used by IBM Installation Manager and IBM Packaging Utility. Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port library component since release 0.2.0, an API function to return the...
CVE-2026-27485
OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, skills/skill-creator/scripts/packageskill.py a local helper script used when authors package skills previously followed symlinks while building .skill archives. If an author runs this script on a crafted local skill directory...
CVE-2026-27485
OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, skills/skill-creator/scripts/packageskill.py a local helper script used when authors package skills previously followed symlinks while building .skill archives. If an author runs this script on a crafted local skill directory...
CVE-2026-27485 OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline script injection
OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, skills/skill-creator/scripts/packageskill.py a local helper script used when authors package skills previously followed symlinks while building .skill archives. If an author runs this script on a crafted local skill directory...
CVE-2026-27485
OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, skills/skill-creator/scripts/packageskill.py a local helper script used when authors package skills previously followed symlinks while building .skill archives. If an author runs this script on a crafted local skill directory...
CVE-2026-27485 OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline script injection
OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, skills/skill-creator/scripts/packageskill.py a local helper script used when authors package skills previously followed symlinks while building .skill archives. If an author runs this script on a crafted local skill directory...