1381 matches found
ROS-20260505-73-0001
Vulnerability in zabbix7.4 related to the use of externally controlled input data for class selection. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
LiteShield: Hybrid Feature Selection-Driven Lightweight Intrusion Detection for Resource-Constrained IoT Networks
The rapid expansion of Internet of Things IoT deployments has enlarged the attack surface of modern digital infrastructure while exposing a key security mismatch: many intrusion detection systems IDSs remain too computationally expensive for constrained IoT environments. This paper presents...
CVE-2026-7670
A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may b...
CVE-2026-7670
A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may b...
PT-2026-36640
Name of the Vulnerable Software and Affected Versions Jinher OA version 1.0 Description A remote SQL injection flaw exists in the file '/C6/JHSoft.Web.PlanSummarize/UserSel.aspx'. The issue is triggered by the manipulation of the DeptIDList argument within an unknown function of that file. SQL...
Self-Adaptive Multi-Agent LLM-Based Security Pattern Selection for IoT Systems
The adoption of Internet of Things IoT systems at the network edge of smart architectures is increasing rapidly, intensifying the need for security mechanisms that are both adaptive and resource-efficient. In such environments, runtime defence mechanisms are no longer limited to detection alone b...
PT-2026-35877
Name of the Vulnerable Software and Affected Versions CoreDNS affected versions not specified Description The transfer plugin in CoreDNS contains an issue where the wrong Access Control List ACL stanza may be selected when both a parent zone and a more-specific subzone are configured. Although...
JLSEC-2026-218 In situations where an attacker receives automated notification of the success or failure of a...
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...
SeqShield: A Behavioral Analysis Approach to Uncover Rootkits
Rootkits are among the most elusive types of malware, capable of bypassing traditional static analysis methods due to their metamorphic behavior. Signature-based detection techniques struggle against these threats, necessitating a shift toward dynamic analysis approaches. We propose SeqShield, a...
Semantic Denial of Service in LLM-Controlled Robots
Safety-oriented instruction-following is supposed to keep LLM-controlled robots safe. We show it also creates an availability attack surface. By injecting short safety-plausible phrases 1-5 tokens into a robots audio channel, an adversary can trigger the models safety reasoning to halt or disrupt...
SUSE-SU-2026:21440-1 Security update for ovmf
This update for ovmf fixes the following issues: - CVE-2026-25833: mbedtls: buffer overflow in the x509inetptonipv6 function bsc1261476. - CVE-2026-25834: mbedtls: client accepts signature algorithm chosen by server even if not advertised in client hello bsc1261477. - CVE-2026-25835: mbedtls: no...
CVE-2026-41353
OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile mutation and runtime profile selection. Remote attackers can exploit this by manipulating browser proxy profil...
CVE-2026-41353 OpenClaw < 2026.3.22 - allowProfiles Bypass via Profile Mutation and Runtime Selection
OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile mutation and runtime profile selection. Remote attackers can exploit this by manipulating browser proxy profil...
CVE-2026-41353 OpenClaw < 2026.3.22 - allowProfiles Bypass via Profile Mutation and Runtime Selection
OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile mutation and runtime profile selection. Remote attackers can exploit this by manipulating browser proxy profil...
CVE-2026-41353
OpenClaw vulnerable in versions before 2026.3.22 due to an access control bypass in the allowProfiles feature. The root cause is via persistent profile mutation and runtime profile selection, enabling remote attackers to manipulate browser proxy profiles at runtime to access restricted profiles a...
PT-2026-34784
OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile mutation and runtime profile selection. Remote attackers can exploit this by manipulating browser proxy profil...
CVE-2018-25262
Angry IP Scanner for Linux 3.5.3 contains a denial of service vulnerability that allows local attackers to crash the application by supplying malformed input to the port selection field. Attackers can craft a malicious string containing buffer overflow patterns and paste it into the Preferences...
CVE-2018-25262
Angry IP Scanner for Linux 3.5.3 contains a denial-of-service vulnerability that crashes the application when a malformed input is supplied in the port selection field. The issue can be triggered by pasting a string containing buffer overflow patterns into the Preferences Ports tab. The CVE notes...
CVE-2018-25262 Angry IP Scanner for Linux 3.5.3 Denial of Service
Angry IP Scanner for Linux 3.5.3 contains a denial of service vulnerability that allows local attackers to crash the application by supplying malformed input to the port selection field. Attackers can craft a malicious string containing buffer overflow patterns and paste it into the Preferences...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010727)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010727 advisory. The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 Double-Hash...