CVE-2026-25860

OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows attackers to execute arbitrary JavaScript in a victim's browser by embedding malicious payloads in DICOM file metadata fields. Attackers can craft a DICOM file with...

LNTest: A Testbed for Evaluating Bitcoin Lightning Network-Based Botnets

Bitcoin's Lightning Network LN can be exploited as a covert, low-cost command-and-control C&C channel for botnets, as demonstrated by the LNBot and D-LNBot designs. However, both remain proof-of-concept prototypes evaluated only through simulation, leaving key questions about real-world topology...

EUVD-2026-35842

OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows attackers to execute arbitrary JavaScript in a victim's browser by embedding malicious payloads in DICOM file metadata fields. Attackers can craft a DICOM file with...

MARCIM-WG: A Cyber Wargame Proposal Based on Math Modeling Applied in a Naval Scenario

As maritime operations increasingly depend on interconnected digital ecosystems, cyber incidents can propagate across maritime networks and degrade critical services. Strengthening strategic Cyber Situational Awareness CSA therefore requires training mechanisms that expose decision-makers to...

Mind Your Key: An Empirical Study of LLM API Credential Leakage in IOS Apps

The rapid integration of large language models LLMs into mobile applications has introduced a new class of credential security risk: leaked credentials that grant unauthorized access to LLM inference services, causing financial damage to developers. Prior work on credential leakage has focused...

CVE-2026-25860

OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows attackers to execute arbitrary JavaScript in a victim's browser by embedding malicious payloads in DICOM file metadata fields. Attackers can craft a DICOM file with...

CVE-2026-25860 OpenClinic GA 5.351.19 Reflected XSS via DICOM Image Upload Handler

OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows attackers to execute arbitrary JavaScript in a victim's browser by embedding malicious payloads in DICOM file metadata fields. Attackers can craft a DICOM file with...

CVE-2026-25860 OpenClinic GA 5.351.19 Reflected XSS via DICOM Image Upload Handler

OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows attackers to execute arbitrary JavaScript in a victim's browser by embedding malicious payloads in DICOM file metadata fields. Attackers can craft a DICOM file with...

CVE-2026-25860

OpenClinic GA 5.351.19 is affected by a reflected XSS in the DICOM image upload handler. An attacker can embed JavaScript in DICOM metadata (e.g., Study Description) which is reflected in popup.jsp and archiving/uploadfiles_jsp.java during the Upload DICOM images workflow, enabling arbitrary scri...

PT-2026-48279

Name of the Vulnerable Software and Affected Versions OpenClinic GA version 5.351.19 Description A reflected cross-site scripting issue exists in the DICOM image upload handler. Attackers can execute arbitrary JavaScript in a victim's browser by embedding malicious payloads in DICOM file metadata...

Medium: perl

Issue Overview: Buffer overflow in Perlstudychunk CVE-2026-8376 Affected Packages: perl Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update perl or yum updat...

Medium: perl

Issue Overview: Buffer overflow in Perlstudychunk CVE-2026-8376 Affected Packages: perl Issue Correction: Run dnf update perl --releasever 2023.12.20260608 or dnf update --advisory ALAS2023-2026-1819 --releasever 2023.12.20260608 to update your system. More information on how to update your syste...

Hiding in Plain Floats: Steganographic Carriers for Indirect Prompt and Content Injection

Text-centered prompt-injection defenses assume that the malicious signal is visible in one of the inspected text views. We study a reproducible LLM01-style indirect prompt/content-injection failure mode where that assumption breaks: a payload caught in plain English slips past the same detector...

perl: Fix of CVE-2026-8376

CVE-2026-8376: fix heap buffer overflow in Sstudychunk when compiling regular expressions with a repeated fixed string on 32-bit builds mincount l overflow...

Securing the Sandbox: A Rootless Containerized Framework for Process-Oriented Monitoring in Computer Graphics Education

Computer Science education fundamentally depends on intensive laboratory hours to foster true programming mastery and logical reasoning. However, the widespread adoption of Generative Artificial Intelligence AI has made it virtually impossible to distinguish authentic student effort from instant ...

Revisiting Vul-RAG: Reproducibility and Replicability of RAG-Based Vulnerability Detection with Open-Weight Models

Large language models LLMs have shown strong potential for automated software vulnerability detection, particularly in retrieval-augmented generation RAG settings. However, for approaches relying on proprietary models and APIs, reproducibility and replicability remain largely unexplored, raising...

Prioritization of Risks from Artificial Intelligence: A Delphi Study of 272 International Experts

Artificial intelligence poses many risks, ranging from familiar present-day harms to unprecedented and potentially catastrophic ones. Effective risk management requires prioritization: we must understand which risks are most severe, who is most vulnerable, and who is most responsible for addressi...

CLSA-2026-1780391238 Fix CVE(s): CVE-2026-8376

SECURITY UPDATE: heap buffer overflow in the regexp compiler 32-bit - debian/patches/CVE-2026-8376.patch: guard against an SSizet overflow when sizing the joined fixed-substring buffer in Perlstudychunk in regcomp.c; backported from upstream commit 5e7f119eb2bb1181be908701f22bf7068e722f1c. -...

Exploit for Out-of-bounds Write in Linux Linux_Kernel

Fragnesia CVE-2026-46300 - Defensive Study Toolkit A self-c...

Exploit for Integer Overflow to Buffer Overflow in Perl

CVE-2026-8376-Perl-Heap-Buffer-Overflow-PoC-Exploit Perl vers...