The Manhattan Institute Helped Kill DEI. Now It’s Coming for Protests

The right-wing think tank is actively pushing “civil terrorism”—increasing penalties for minor crimes committed while people engage in constitutionally protected free speech...

CVE-2026-10583

A vulnerability in nextlevelbuilder GoClaw up to 3.11.3 affects the Import function in internal/http/tts_config.go (TTS Configuration Endpoint). The issue enables server-side request forgery (SSRF) and can be triggered remotely. Exploit details have been publicly disclosed, and the project charac...

CVE-2026-10583 nextlevelbuilder GoClaw TTS Configuration Endpoint tts_config.go import server-side request forgery

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/ttsconfig.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery. It is possible to initiate t...

Linux Distros Unpatched Vulnerability : CVE-2026-8963

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. CVE-2026-8963 Note that Nessus relies on the presen...

AI Security Research Should Better Incentivize Defense Research

This work examines an imbalance in artificial intelligence AI security research: the field tends to produce more work on attacking AI systems than on defending them. Drawing on related academic papers, we find biased attack-to-defense ratios across subfields, including federated learning, speech...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues

Summary BM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for remediation below. Vulnerability...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a runtime panic condition in Go JOSE [CVE-2026-34986]

Summary IBM Watson Speech Services Cartridge is vulnerable to a runtime panic condition in Go JOSE, due to an issue occuring when cipher.KeyUnwrap in keywrap.go attempts to allocate a slice with a zero or negative length based on the length of the encryptedkey CVE-2026-34986. Go JOSE is used as...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a runtime panic condition in go-git [CVE-2026-33762]

Summary IBM Watson Speech Services Cartridge is vulnerable to a runtime panic condition in go-git, due to a flaw in the index decoder for format version 4 that fails to validate the path name prefix length before applying it to the previously decoded path name CVE-2026-33762. Go-git is used as pa...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in go-git [CVE-2026-34165]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in go-git, due to a flaw which can allow a maliciously crafted .idx file to cause asymmetric memory consumption, potentially exhausting available memory and resulting in a denial-of-service DoS condition...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to content disclosure in Spring MVC and WebFlux [CVE-2026-22737]

Summary IBM Watson Speech Services Cartridge is vulnerable to content disclosure in Spring MVC and WebFlux, where template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views CVE-2026-22737...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Server-Side Request Forgery in LangChain [CVE-2026-26013]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Server-Side Request Forgery in LangChain, due to a faulty method that fetches arbitrary imageurl values without validation when computing token counts for vision-enabled models. CVE-2026-26013. LangChain is used in our speech runtime...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to path-traversal in golang os module [CVE-2026-27139]

Summary IBM Watson Speech Services Cartridge is vulnerable to path-traversal in golang os module, due to ability of a FileInfo action to reference a file outside of the Root in which the File was opened. CVE-2026-27139. Golang os module is used in our speech utilities. This vulnerabilitiy has bee...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to insufficient validation in url.Parse [CVE-2026-25679]

Summary IBM Watson Speech Services Cartridge is vulnerable to insufficient validation in url.Parse, which may cause acceptance of some invalid URLs CVE-2026-25679. url.Parse is used in our speech utilities. This vulnerabilitiy has been addressed. Please read the details for remediation below...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in Pillow [CVE-2026-40192]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in Pillow, due to a failure to limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attack CVE-2026-40192. Pillow is used in our speech runtimes. Thi...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a memory leak or buffer overflow in UltraJSON [CVE-2026-32874, CVE-2026-32875]

Summary IBM Watson Speech Services Cartridge is vulnerable to a memory leak or buffer overflow in UltraJSON due to multiple issues CVE-2026-32874, CVE-2026-32875. UltraJSON is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation below...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in pyasn1 [CVE-2026-30922]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in pyasn1 caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures CVE-2026-30922. Pyasn1 is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the detail...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal vulnerability in ONNX [CVE-2026-27489]

Summary BM Watson Speech Services Cartridge is vulnerable to a path traversal vulnerability in ONNX due to an issue in symlink that allows the package to read arbitrary files outside model or user-provided directory CVE-2026-27489. ONNX is used in our speech runtimes. This vulnerabilitiy has been...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security control bypass in ONNX [CVE-2026-28500]

Summary IBM Watson Speech Services Cartridge is vulnerable to a security control bypass in onnx.hub.load due to improper logic in the repository trust verification mechanismCVE-2026-28500. ONNX is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the details for...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a missing authentication and cross-site Scripting in NLTK [CVE-2026-33230, CVE-2026-33231]

Summary IBM Watson Speech Services Cartridge is vulnerable to a missing authentication in NLTK Natural Language Toolkit, due to an issue in nltk.app.wordnetapp that contains a reflected cross-site scripting issue in the lookup... route CVE-2026-33230, CVE-2026-33231. NLTK is used in our speech...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to exponential backtracking in multipart [CVE-2026-28356]

Summary IBM Watson Speech Services Cartridge is vulnerable to exponential backtracking in multipart due to the parseoptionsheader function in multipart.py, that uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted...