CVE-2026-46152

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rxresult ieee80211invokefastrx is documented as safe for parallel RX, but its per-invocation rxresult is declared static. Concurrent callers then share one instance and can overwri...

Towards Cybersecurity SuperIntelligence (CSI): What'S the Best Harness for Cybersecurity?

What is the best harness for cybersecurity AI? Cybersecurity systems are converging on a single execution scaffold per agent, an iterative shell loop driven by a Large Language Model LLM. However, scaffolds are not interchangeable, rarely interoperable, and no single scaffold dominates across all...

cve-researcher

cve-researcher AI-powered CVE research in your terminal —...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt – Fixed the hungtask issue for PADATARESET We identified a hungtask bug in testaeadveccfg as follows: INFO: Task cryptomgrtest:391009 was blocked for more than 120 seconds. The message can be disabled by running ec...

Astra Linux - уязвимость в freerdp2

FreeRDP is a free remote desktop protocol library and clients. Clients based on FreeRDP on Unix systems that use the /parallel command-line switch may read uninitialized data and send it to the server to which the client is currently connected. Server implementations based on FreeRDP are not...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: padata: Always disable BHs when running -parallel. A deadlock can occur when an overloaded system runs -parallel within the context of the current task. The code snippet shows that spinlock&reorder-lock remains enabled despite BH...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: comedi: c6xdigio: Fixed invalid PNP driver unregistration The Comedi low-level driver “c6xdigio” appears to be for a parallel port-connected device. When the Comedi core calls the driver’s “attach” handler c6xdigioattach to...

Exploit for CVE-2026-0265

CVE-2026-0265 Risk Checker for Palo Alto PAN-OS A Python script...

WARD: Adversarially Robust Defense of Web Agents against Prompt Injections

Web agents can autonomously complete online tasks by interacting with websites, but their exposure to open web environments makes them vulnerable to prompt injection attacks embedded in HTML content or visual interfaces. Existing guard models still suffer from limited generalization to unseen...

SUSE CVE-2026-7815

SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields bufferusagelimit, vacuumparallel, vacuumindexcleanup, reindextablespace were concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command and passed to psql --command. An authenticated user with th...

CVE-2026-7815 pgAdmin 4: SQL injection in Maintenance tool option values leading to remote code execution

SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields bufferusagelimit, vacuumparallel, vacuumindexcleanup, reindextablespace were concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command and passed to psql --command. An authenticated user with th...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: golang (UTSA-2026-016805)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016805 advisory. Cancelling a query e.g. by cancelling the context passed to one of the query methods during a call to the Scan method of the returned Rows can result in unexpected...

CVE-2026-43353

A flaw was found in the Linux kernel's i3c: mipi-i3c-hci module. A race condition in the hcidmadequeuexfer function allows parallel calls to interfere with each other when multiple transfers time out concurrently. This interference can cause the DMA ring to stop or restart unexpectedly, potential...

Maestro 0.15.4

Maestro is a cross-platform desktop app for orchestrating your fleet of AI agents and projects. It's a high-velocity solution for hackers who are juggling multiple projects in parallel. Designed for power users who live on the keyboard and rarely touch the mouse. Collaborate with AI to create...

CVE-2026-41889 vulnerabilities

Vulnerabilities for packages: sqlexporter, rke2-runtime-fips, flyte, goose, openbao-fips, hydra, hydra-fips, juicefs, kine, azure-service-operator, authentik, spire-server-fips, pgwatch, sftpgo-plugin-eventsearch, spqr, timescaledb-parallel-copy, gitlab-cng-fips, rke2-runtime, seaweedfs,...

CLSA-2026-1777663444 freerdp: Fix of 3 CVEs

CVE-2026-33985: fix information leak in ClearCodec glyph index decode; validate nWidthnHeight for overflow and update glyphEntry-count only after a successful realloc so subsequent reads cannot expose adjacent heap memory - CVE-2022-39283: fix missing length check in /video channel data handler;...

JLSEC-2026-403

A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...

Hydra Network Logon Cracker 9.7

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus...

FunFuzz: An LLM-Powered Evolutionary Fuzzing Framework

Modern fuzzers increasingly use Large Language Models LLMs to generate structured inputs, but LLM-driven fuzzing is sensitive to prompt initialization and sampling variance, which can reduce exploration efficiency and lead to redundant inputs. We present FunFuzz, a multi-island evolutionary fuzzi...

Astra Linux - уязвимость в golang-1.19, golang-1.23

Cancelling a query e.g. by cancelling the context passed to one of the query methods during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with...