28 matches found
CVE-2026-55203
HAProxy
OrchJail: Jailbreaking Tool-Calling Text-To-Image Agents by Orchestration-Guided Fuzzing
Tool-calling text-to-image T2I agents can plan and execute multi-step tool chains to accomplish complex generation and editing queries. However, this capability introduces a new safety attack surface: harmful outputs may arise from tool orchestration, where individually benign steps combine into...
thunderbird: Out of bounds read in IMAP parsing
A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were...
CVE-2026-26741
PX4 Autopilot versions 1.12.x–1.15.x contain a logic flaw in the mode-switching mechanism. When switching from Auto to Manual while the drone is ARMED (post-landing and before automatic disarm via COM_DISARM_LAND), there is no throttle-threshold safety check on the physical throttle stick. This c...
EUVD-2020-8203
Malware in sbrugna...
EUVD-2018-13789
Malware in sbrugna...
EUVD-2020-8182
Malware in sbrugna...
EUVD-2025-21092
Malicious code in bioql PyPI...
EUVD-2024-40397
Malicious code in bioql PyPI...
EUVD-2024-40403
Malicious code in bioql PyPI...
EUVD-2022-2307
Malicious code in bioql PyPI...
EUVD-2024-40395
Malicious code in bioql PyPI...
User-defined implementations of the safe trait scratchpad::Tracking can cause heap buffer overflows
The get and set methods of the public trait scratchpad::Tracking interact with unsafe code regions in the crate, and they influence the computation of addresses returned as raw pointers. However, the trait itself is not marked as unsafe, meaning users may provide custom implementations under the...
Hacking Trains
Seems like an old system system that predates any care about security: The flaw has to do with the protocol used in a train system known as the End-of-Train and Head-of-Train. A Flashing Rear End Device FRED, also known as an End-of-Train EOT device, is attached to the back of a train and sends...
PT-2025-29125
Name of the Vulnerable Software and Affected Versions End-of-Train EoT and Head-of-Train HoT devices affected versions not specified Description A critical vulnerability exists in the remote linking protocol used for End-of-Train EoT and Head-of-Train HoT devices, which rely on a BCH checksum for...
CVE-2025-6434 HTTPS-Only exception screen lacked anti-clickjacking delay
The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP. This vulnerability was fixed in Firefox 140 and Thunderbird 1...
PT-2025-27249 · Crates.Io · Wasmtime-Jit-Debug
The unsound function dump code load record uses from raw parts to directly convert the pointer addr and len into a slice without any validation and that memory block would be dumped. Thus, the 'safe' function dump code load record is actually 'unsafe' since it requires the caller to guarantee tha...
AutoRAN: Weak-To-Strong Jailbreaking of Large Reasoning Models
This paper presents AutoRAN, the first automated, weak-to-strong jailbreak attack framework targeting large reasoning models LRMs. At its core, AutoRAN leverages a weak, less-aligned reasoning model to simulate the target model's high-level reasoning structures, generates narrative prompts, and...
CVE-2025-24007
A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System MSS All versions, SIRIUS Safety Relays 3SK2 All versions. Affected devices only provide weak password obfuscation. An attacker with network access could retrieve and de-obfuscate the safety password used for protection again...
CISA Releases Fact Sheet Detailing Embedded Backdoor Function of Contec CMS8000 Firmware
CISA released a fact sheet, Contec CMS8000 Contains a Backdoor, detailing an analysis of three firmware package versions of the Contec CMS8000, a patient monitor used by the U.S. Healthcare and Public Health HPH sector. Analysts discovered that an embedded backdoor function with a hard-coded IP...