EUVD-2026-33883

The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration...

web-enumerator

🔍 Web Enumeration & Attack Testing Tool A professional‑grade...

SUSE CVE-2026-46057

In the Linux kernel, the following vulnerability has been resolved: landlock: Fix LOGSUBDOMAINSOFF inheritance across fork hookcredtransfer only copies the Landlock security blob when the source credential has a domain. This is inconsistent with landlockrestrictself which can set LOGSUBDOMAINSOFF...

CVE-2026-46057

A flaw was found in the Linux kernel's Landlock security module regarding the inheritance of LOGSUBDOMAINSOFF across process forks. When a process mutes subdomain logs using landlockrestrictself without creating a domain, this setting is not properly transferred to forked child processes...

CVE-2026-42184

Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's islocalurl function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to...

UBUNTU-CVE-2026-46057

In the Linux kernel, the following vulnerability has been resolved: landlock: Fix LOGSUBDOMAINSOFF inheritance across fork hookcredtransfer only copies the Landlock security blob when the source credential has a domain. This is inconsistent with landlockrestrictself which can set LOGSUBDOMAINSOFF...

CVE-2026-46057

CVE-2026-46057 : In the Linux kernel Landlock feature, the root cause is in hook_cred_transfer() which only copies the Landlock security blob when the source credential has a domain. This is inconsistent with landlock_restrict_self(), which can set LOG_SUBDOMAINS_OFF on a credential without a dom...

EUVD-2026-32439

In the Linux kernel, the following vulnerability has been resolved: landlock: Fix LOGSUBDOMAINSOFF inheritance across fork hookcredtransfer only copies the Landlock security blob when the source credential has a domain. This is inconsistent with landlockrestrictself which can set LOGSUBDOMAINSOFF...

CVE-2026-46057 landlock: Fix LOG_SUBDOMAINS_OFF inheritance across fork()

In the Linux kernel, the following vulnerability has been resolved: landlock: Fix LOGSUBDOMAINSOFF inheritance across fork hookcredtransfer only copies the Landlock security blob when the source credential has a domain. This is inconsistent with landlockrestrictself which can set LOGSUBDOMAINSOFF...

PHANTOM_old

PHANTOM Autonomous Penetration Testing Framework Recon -...

PT-2026-43924

In the Linux kernel, the following vulnerability has been resolved: landlock: Fix LOG SUBDOMAINS OFF inheritance across fork hook cred transfer only copies the Landlock security blob when the source credential has a domain. This is inconsistent with landlock restrict self which can set LOG...

MAL-2026-4433 Malicious code in @self-evolving-harness/kivo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce31b5c287727dabb5479a114843b06b80bbd75db10d74014a00db80b9b321bd The package's LLM pipeline Kivo.ingest → value-gate → OpenAILLMProvider resolves its endpoint via resolveLlmConfig in...

GHSA-JWP7-WG77-3W9V Apify Model Context Protocol (MCP) server: Domain Allowlist Bypass in fetch-apify-docs via String Prefix Matching

Summary The fetch-apify-docs tool validates URLs against a domain allowlist using String.startsWith instead of proper URL hostname comparison. This allows bypass via attacker-controlled subdomains e.g., https://docs.apify.com.evil.com/, enabling the tool to fetch and return arbitrary web content ...

PT-2026-42037

Summary The fetch-apify-docs tool validates URLs against a domain allowlist using String.startsWith instead of proper URL hostname comparison. This allows bypass via attacker-controlled subdomains e.g., https://docs.apify.com.evil.com/, enabling the tool to fetch and return arbitrary web content ...

X-Omega-Hack

X-Omega-Hack X-Omega-Hack v9.0 - Tool hacking all in one buat...

AutoPentest-Framework

AutoPentest Framework A modular Automated Penetration Testing...

CVE-2026-6860

A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting .example.com, any XYZ.example.com where xyz is a valid name can be used...

EUVD-2026-29133

Zen is a firefox-based browser. Prior to 1.19.12b, the ZEN Browser incorrectly truncates long hostnames in the address bar and shows only the attacker-controlled prefix of the subdomain, hiding the actual registrable domain eTLD+1. As a result, an attacker can craft extremely long malicious...

CVE-2026-44659 Zen Browser Mac - Address Bar Spoofing via Long Subdomain

Zen is a firefox-based browser. Prior to 1.19.12b, the ZEN Browser incorrectly truncates long hostnames in the address bar and shows only the attacker-controlled prefix of the subdomain, hiding the actual registrable domain eTLD+1. As a result, an attacker can craft extremely long malicious...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: golang (UTSA-2026-016811)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016811 advisory. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes...