CVE-2026-40861

A Dag author could either a create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process read-path attack — e.g. /etc/passwd or airflow.cfg or b supply a taskid containing .. sequences accepted by the Task SDK's KEYREGEX write-path attack, and...

CVE-2026-45296

OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, OpenReplay's Python API exposes several appapikey routes that trust a caller-provided projectKey after validating only that the API key itself is valid and that the target projectKey exists. The authorization flow does not verify...

LazyAdmin-Writeup

LazyAdmin-Writeup Beginner-friendly TryHackMe LazyAdmin writeu...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an iterator error during driver separation in the crypto/inside-secure/eip93 module. This error...

CVE-2026-46740

Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Version 0.06 changes the module from being a stats...

Formal Verification of Probing Security Via Conditional Independence

Side-channel attacks are a major threat to the security of cryptosystems. Masking is a widely used countermeasure against such attacks, but proving the security of masked algorithms is error-prone without formal verification. In this work, we propose a novel approach to formal verification of...

EUVD-2026-29448

Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users...

PT-2026-37596

In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: vfe: Fix out-of-bounds access in vfe isr reg update vfe isr iterates using MSM VFE IMAGE MASTERS NUM7 as the loop bound and passes the index to vfe isr reg update. However, vfe-line array is defined with VFE...

CVE-2026-41950

Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. Attackers can exploit...

CVE-2026-41950 Dify < 1.14.0 Authorization Bypass via File UUID

Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. Attackers can exploit...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the ethgetdrvinfo function in uether accessing a null pointer during device separation, potentially...

AgentVisor: Defending LLM Agents against Prompt Injection Via Semantic Virtualization

Large Language Model LLM agents are increasingly used to automate complex workflows, but integrating untrusted external data with privileged execution exposes them to severe security risks, particularly direct and indirect prompt injection. Existing defenses face significant challenges in balanci...

CVE-2026-40264

A flaw was found in OpenBao. OpenBao's multi-tenant separation feature allows a privileged administrator in one tenant to revoke or renew a token belonging to another tenant if that token's accessors are leaked. This unauthorized token management could lead to a denial of service for the affected...

[SECURITY] Fedora 44 Update: kf6-ktexttemplate-6.25.0-1.fc44

The goal of KTextTemplate is to make it easier for application developers to separate the structure of documents from the data they contain, opening the d oor for theming and advanced generation of other text such as code...

Half-Moon Cookie: Private, Similarity-Based Blocklisting with TOCTOU-Attack Resilience

Blocklisting is a common technique for preventing the use of known malicious content. However, conventional blocklisting infrastructures require either the blocklist to be public or clients to reveal their queries to the blocklist server. In this work, we introduce a private blocklisting framewor...

OpenClaw Bypasses DM Policy Separation via Synology Chat Webhook Path Collision

Summary Synology Chat multi-account configuration could collapse onto a shared webhook path, replacing route ownership and bypassing per-account DM policy separation. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

CVE-2026-32761

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.0 and below contain a permission enforcement bypass which allows users who are denied download privileges perm.download = false but granted share...

RadEar: A Self-Supervised RF Backscatter System for Voice Eavesdropping and Separation

Eavesdropping on voice conversations presents a growing threat to personal privacy and information security. In this paper, we present RadEar, a novel RF backscatter-based system designed to enable covert voice eavesdropping through walls. RadEar consists of two key components: i a batteryless RF...

CVE-2026-3784

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...

When your DDoS mitigation provider goes down: Why traffic control can’t be outsourced

Since the headline-grabbing outages of 2021, we’ve had recurring conversations with large enterprises asking some version of the same question. Do we really want our CDN, security, and routing control to live in the same place? This issue of control has become more urgent after a series of...