230 matches found
CVE-2026-58203
A flaw was found in the pydantic-settings component. When configured to handle nested secrets, this vulnerability allows an attacker to read sensitive files from outside the designated secrets directory. By placing a specially crafted symbolic link within the secrets directory, an attacker can...
Security update for transmission (moderate)
openSUSE Security Update: Security update for transmission Announcement ID: openSUSE-SU-2026:0237-1 Rating: moderate References: 1267404 Cross-References: CVE-2026-38978 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description: This...
CVE-2026-10706
In Adalo’s no-code app builder, Versions 1 and 2 the attackers may extract full user records and correlate user behavior across multiple applications via dbId enumeration. The platform does not implement data minimization, privacy by design, or implement appropriate technical safeguards, allowing...
EUVD-2026-42277
In Adalo’s no-code app builder, Versions 1 and 2 the attackers may extract full user records and correlate user behavior across multiple applications via dbId enumeration. The platform does not implement data minimization, privacy by design, or implement appropriate technical safeguards, allowing...
PT-2026-56454
Name of the Vulnerable Software and Affected Versions Adalo versions 1 through 2 Description Attackers can extract complete user records and correlate user behavior across multiple applications through the enumeration of the dbId variable. This occurs because the platform lacks data minimization,...
OPENSUSE-SU-2026:21189-1 Security update for transmission
This update for transmission fixes the following issues: Changes in transmission: - CVE-2026-38978: add clickjack safeguards when serving http responses bsc1267404...
CVE-2026-53253 Bluetooth: bnep: reject short frames before parsing
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: reject short frames before parsing A BNEP peer can send a short BNEP SDU. bneprxframe reads the packet type byte immediately and, for control packets, reads the control opcode and setup UUID-size byte before...
Malicious code in @bytemend/mfebus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3d53776853d18aabf967b0f1882eb45f2164feedd600eeccc927f496002f5e4 The package advertises itself as a small in-memory pubsub library but its main entry dist/index.js eagerly requires dist/bootstrap.js, a 277KB...
Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards
On June 9, Anthropic released Claude Fable 5, the most capable model it has ever made, generally available. It also did something unusual: it shipped one model as two products, split not by capability but by a layer of safety classifiers. Fable 5 goes to the public. Its twin, Claude Mythos 5, the...
MCP Security 代码问题漏洞
MCP Security is a security tool developed by the Spring AI Community as an open-source project, designed to provide OAuth 2.0 authorization support for the Spring AI’s MCP protocol. Versions of MCP Security prior to 0.1.9 contained code-related vulnerabilities. These vulnerabilities stemmed from...
Top Cybersecurity Frameworks Compared
Top Cybersecurity Frameworks Compared: NIST, CIS, and MITRE ATT&CK Security leaders do not need another framework for the sake of paperwork. They need a practical way to decide which cybersecurity frameworks help the business govern risk, harden defenses, and validate whether controls can withsta...
CVE-2026-44432 urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API
urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...
CVE-2026-44432 urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API
urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...
Re-Triggering Safeguards within LLMs for Jailbreak Detection
This paper proposes a jailbreaking prompt detection method for large language models LLMs to defend against jailbreak attacks. Although recent LLMs are equipped with built-in safeguards, it remains possible to craft jailbreaking prompts that bypass them. We argue that such jailbreaking prompts ar...
Context-Aware Spear Phishing: Generative AI-Enabled Attacks against Individuals Via Public Social Media Data
We demonstrate how publicly available social-media data and generative AI GenAI can be misused to automate and scale highly personalized, context-aware spear-phishing campaigns. With minimal attacker effort, a small amount of public activity per target is sufficient for GenAI models to extract...
CVE-2026-41414
Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...
CVE-2026-35376
A TOCTOU vulnerability exists in the chcon utility of uutils coreutils during recursive operations. The code uses a fresh path lookup (fts_accpath) to resolve targets instead of binding traversal and label application to the directory state encountered during traversal, and the operations are not...
CVE-2026-35363 uutils coreutils rm Safeguard Bypass via Improper Path Normalization
A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly refuses to delete . or .., it fails to recognize equivalent paths with trailing slashes, such as ./ or .///. An accidental or...
PT-2026-34499
Name of the Vulnerable Software and Affected Versions uutils coreutils affected versions not specified Description A flaw in the rm utility allows the bypass of safeguard mechanisms designed to protect the current directory. Although the utility prevents the deletion of . or .., it does not...
OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams
OpenAI on Tuesday unveiled GPT-5.4-Cyber , a variant of its latest flagship model, GPT‑5.4, that's specifically optimized for defensive cybersecurity use cases, days after rival Anthropic unveiled its own frontier model, Mythos. "The progressive use of AI accelerates defenders – those responsible...