16996 matches found
AttriGuard: Defeating Indirect Prompt Injection in LLM Agents Via Causal Attribution of Tool Invocations
LLM agents are highly vulnerable to Indirect Prompt Injection IPI, where adversaries embed malicious directives in untrusted tool outputs to hijack execution. Most existing defenses treat IPI as an input-level semantic discrimination problem, which often fails to generalize to unseen payloads. We...
Microsoft DirectX End-User Runtime Web Installer 安全漏洞
Microsoft DirectX End-User Runtime Web Installer is a component installation tool provided by the American company Microsoft. The version 9.29.1974.0 of Microsoft DirectX End-User Runtime Web Installer contains a security vulnerability. This vulnerability arises from the possibility for...
CVE-2025-68623
In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. During installation, the installer runs with HIGH integrity and downloads executables and...
CVE-2025-68623
CVE-2025-68623 affects Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0. Cisco Talos TALOS-2025-2293 documents a local privilege escalation: during installation, the dxwebsetup.exe installer creates a writable TEMP path, writes dxwsetup.exe, then executes it with high integrity. An at...
AlmaLinux 8 : kernel-rt (ALSA-2026:3964)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:3964 advisory. kernel: ipv6: BUG in pskbexpandhead as part of calipsoskbuffsetattr CVE-2025-71085 kernel: macvlan: fix possible UAF in macvlanforwardsource CVE-2026-2300...
Microsoft DirectX End-User Runtime Web Installer Privilege Escalation Vulnerability
Talos Vulnerability Report TALOS-2025-2293 Microsoft DirectX End-User Runtime Web Installer Privilege Escalation Vulnerability March 11, 2026 CVE Number CVE-2025-68623 SUMMARY A local privilege escalation vulnerability exists during the installation of Microsoft DirectX End-User Runtime. A...
GHSA-5HC8-QMG8-PW27 SiYuan has a SVG Sanitizer Bypass via `<animate>` Element — Unauthenticated XSS
SVG Sanitizer Bypass via Element — Unauthenticated XSS Summary SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements , , and removes on event handlers and javascript: in href attributes. However, it does NOT block SVG animation elements , which can dynamically set attributes to dangerous...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can cause a disruption of service. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x86 to version 9.0.14, 10.0.4 or higher. References - GitHub Commit - GitHu...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can cause a disruption of service. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x64 to version 9.0.14, 10.0.4 or higher. References - GitHub Commit - GitHu...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can cause a disruption of service. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-arm64 to version 9.0.14, 10.0.4 or higher. References - GitHub Commit -...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can cause a disruption of service. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-arm to version 9.0.14, 10.0.4 or higher. References - GitHub Commit - GitHu...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can cause a disruption of service. Remediation Upgrade Microsoft.NETCore.App.Runtime.osx-x64 to version 9.0.14, 10.0.4 or higher. References - GitHub Commit - GitHu...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can cause a disruption of service. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-arm64 to version 9.0.14, 10.0.4 or higher. References - GitHub Commit -...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can cause a disruption of service. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-x64 to version 9.0.14, 10.0.4 or higher. References - GitHub Commit -...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can cause a disruption of service. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-musl-x64 to version 9.0.14, 10.0.4 or higher. References - GitHub Commit ...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can cause a disruption of service. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-arm to version 9.0.14, 10.0.4 or higher. References - GitHub Commit -...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can cause a disruption of service. Remediation Upgrade Microsoft.NETCore.App.Runtime.osx-arm64 to version 9.0.14, 10.0.4 or higher. References - GitHub Commit -...
Incorrect Default Permissions
Overview Affected versions of this package are vulnerable to Incorrect Default Permissions. An attacker can gain elevated privileges by exploiting these permissions locally. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-x64 to version 10.0.4 or higher. References - Vulnerability Advisor...
Incorrect Default Permissions
Overview Affected versions of this package are vulnerable to Incorrect Default Permissions. An attacker can gain elevated privileges by exploiting these permissions locally. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-musl-arm64 to version 10.0.4 or higher. References - Vulnerability...
Incorrect Default Permissions
Overview Affected versions of this package are vulnerable to Incorrect Default Permissions. An attacker can gain elevated privileges by exploiting these permissions locally. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-arm to version 10.0.4 or higher. References - Vulnerability Advisor...