154 matches found
EUVD-2026-11599
OpenCTI has Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature...
SUSE CVE-2026-50127
Weblate is a web based localization tool. From version 5.15 to before version 2026.6, Weblate's VCSRESTRICTPRIVATE did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions...
EUVD-2026-36113
Weblate is a web based localization tool. From version 5.15 to before version 2026.6, Weblate's VCSRESTRICTPRIVATE did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions...
On-Chip Quantum Randomness Amplification
Randomness amplification, the task of extracting uniform private bits from biased seeds that may be partly known by a malicious third party, is of central importance in cryptography. The highest security in this task is provided by a class of quantum protocols known as device-independent, which...
PT-2026-48524
Name of the Vulnerable Software and Affected Versions Weblate versions 5.15 through 2026.5 Description Weblate is a web-based localization tool. The VCS RESTRICT PRIVATE setting fails to properly account for certain semi-private IPv4 ranges, multicast addresses, and transitional IPv6 ranges,...
Weblate 代码问题漏洞
Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 2026.6 had code-related vulnerabilities. These vulnerabilities stemmed from the improper handling of some transition IPv6 ranges, multicast addresses, and partially...
SEED: Semi-Supervised Continual MalwarE Detection for Tackling ConcEpt Drift on a BuDget
Machine learning based malware detectors become obsolete over time due to concept drift in benign and malware applications. Recent methods rely on fully labeled data and use hierarchical contrastive loss HCL with active learning to improve robustness against drift by exploiting semantic structure...
MonitoringBench: Semi-Automated Red-Teaming for Agent Monitoring
We introduce a red-teaming methodology that exposes harder-to-catch attacks for coding-agent monitors, suggesting that current practices may under-elicit attacks and overstate monitor performance. We identify three challenges with current red-teaming. First, mode collapse in attack generation,...
CVE-2026-41197
Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compatible proving system, and Brillig is the bytecode ACIR uses for non-determinism. Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA...
CVE-2026-41197
Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compatible proving system, and Brillig is the bytecode ACIR uses for non-determinism. Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA...
CVE-2026-41197 Brillig: Heap corruption in foreign call results with nested tuple arrays
Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compatible proving system, and Brillig is the bytecode ACIR uses for non-determinism. Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA...
CVE-2026-41197 Brillig: Heap corruption in foreign call results with nested tuple arrays
Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compatible proving system, and Brillig is the bytecode ACIR uses for non-determinism. Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA...
CVE-2026-41197
CVE-2026-41197 concerns Brillig/Noir: a bug in allocate_foreign_call_result_array when handling nested arrays (e.g., [(u32,u32);3]) during foreign calls. The code discards inner element types and uses the semantic length of the nested array, yielding under-allocation of semi-flattened size for co...
PT-2026-34235
Description Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA instructions are processed block-by-block in BrilligBlock::compile block. When the compiler encounters an Instruction::Call with a Value::ForeignFunction target, it invokes...
A Practical Semi-Quantum Signature Protocol with Improved Eavesdropping Detection
Semi-quantum signature SQS schemes aim to enable quantum signature functionality in scenarios where only a subset of participants possess full quantum capabilities, thereby improving practical deployability while preserving quantum security advantages. Within this framework, we present a practica...
Label-Efficient Training Updates for Malware Detection over Time
Machine Learning ML-based detectors are becoming essential to counter the proliferation of malware. However, common ML algorithms are not designed to cope with the dynamic nature of real-world settings, where both legitimate and malicious software evolve. This distribution drift causes models...
PYSEC-2026-118
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data ingestion feature accepts user-supplied URLs without validation and uses the Axios HTTP client with its default configuration allowAbsoluteUrls: true...
CVE-2026-21887 OpenCTI has a Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data ingestion feature accepts user-supplied URLs without validation and uses the Axios HTTP client with its default configuration allowAbsoluteUrls: true...
CVE-2026-21887 OpenCTI has a Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data ingestion feature accepts user-supplied URLs without validation and uses the Axios HTTP client with its default configuration allowAbsoluteUrls: true...
CVE-2026-21887 OpenCTI has a Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data ingestion feature accepts user-supplied URLs without validation and uses the Axios HTTP client with its default configuration allowAbsoluteUrls: true...