USN-6455-2: Exim regression

USN-6455-1 fixed vulnerabilities in Exim. The fix for CVE-2023-42117 introduced a regression on Ubuntu 22.04 LTS that resulted in certain connections logging a Taint mismatch error. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered tha...

SUSE-SU-2026:21897-1 Security update for ucode-intel

This update for ucode-intel fixes the following issues Security issue: - CVE-2025-35979: data leaks fixed in 20260512 release bsc1265189. Non security issues: - TW 20250826 Kernel 6.16.3 tainted with value of 4 after reboot. bsc1249138. - Intel CPU Microcode was updated to the 20260512 release...

How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)

Introduction ExifTool is a widely adopted utility for reading and writing metadata in image, PDF, audio, and video files. It is available both as a standalone command-line application and as a library that can be embedded in other software. In this article, we break down CVE-2026-3102, an ExifToo...

VIPER-MCP: Detecting and Exploiting Taint-Style Vulnerabilities in Model Context Protocol Servers

Model Context Protocol MCP has emerged as a standard interface for connecting LLM agents to external tools. Because MCP servers expose privileged operations such as shell execution, network access, and file-system manipulation to agent-driven invocation, implementation flaws in tool handlers can...

Security update for gosec (moderate)

openSUSE Security Update: Security update for gosec Announcement ID: openSUSE-SU-2026:0167-1 Rating: moderate References: Cross-References: CVE-2025-22891 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description: This update for gosec...

strix-advanced

⚡ Strix-Advanced AI-Powered Security Testing Platform An...

Demystifying and Detecting Agentic Workflow Injection Vulnerabilities in GitHub Actions

GitHub Actions is increasingly used to deploy LLM-based agents for repository-centric tasks such as issue triage, pull-request review, code modification, and release assistance. These agentic workflows extend traditional CI/CD automation with agentic capabilities but also create a new injection...

DrvEye

drivertool A static-analysis & exploitation-triage toolkit...

Ghost in the Agent: Redefining Information Flow Tracking for LLM Agents

Autonomous Large Language Model LLM agents are increasingly deployed to conduct complex tasks by interacting with external tools, APIs, and memory stores. However, processing untrusted external data exposes these agents to severe security threats, such as indirect prompt injection and unauthorize...

vlnr

vlnr: Autonomous Vulnerability Discovery Pipeline !Python 3...

Taint-Style Vulnerability Detection and Confirmation for Node.Js Packages Using LLM Agent Reasoning

The rapidly evolving Node$.$js ecosystem currently includes millions of packages and is a critical part of modern software supply chains, making vulnerability detection of Node$.$js packages increasingly important. However, traditional program analysis struggles in this setting because of dynamic...

OPENSUSE-SU-2026:20579-1 Security update for gosec

This update for gosec fixes the following issues: Changes in gosec: - Update to version 2.25.0: choredeps: bump google.golang.org/grpc from 1.75.0 to 1.79.3 1617 fix: allow barry action to access secrets on fork PRs 1616 fix: reduce G117 false positives for custom marshalers and transformed value...

Aether Smart Contract Security Analysis Framework 5.0.2

Aether is a Python-based framework for analyzing Solidity smart contracts, generating vulnerability findings, producing Foundry-based proof-of-concept PoC tests, and validating exploits on mainnet forks. It combines Solidity AST parsing, taint analysis, control flow graph analysis, cross-contract...

Aether Smart Contract Security Analysis Framework 6.0

Aether is a Python-based framework for analyzing Solidity smart contracts, generating vulnerability findings, producing Foundry-based proof-of-concept PoC tests, and validating exploits on mainnet forks. It combines Solidity AST parsing, taint analysis, control flow graph analysis, cross-contract...

Exploit for Path Traversal in Publiccms

amihit Am I Hit? -- CVE Impact Analyzer !Gohttps://i...

SentinelX

SentinelX SentinelX — статический анализатор безопасности...

CVE-2025-71232 scsi: qla2xxx: Free sp in error path to fix system crash

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Free sp in error path to fix system crash System crash seen during load/unload test in a loop, 61110.449331 qla2xxx 0000:27:00.0-0042:0: Disabled MSI-X. 61110.467494...

Aether Smart Contract Security Analysis Framework 4.7.1

Aether is a Python-based framework for analyzing Solidity smart contracts, generating vulnerability findings, producing Foundry-based proof-of-concept PoC tests, and validating exploits on mainnet forks. It combines Solidity AST parsing, taint analysis, control flow graph analysis, cross-contract...

@nyariv/sandboxjs has host prototype pollution from sandbox via array intermediary (sandbox escape)

Summary A sandbox escape vulnerability allows sandboxed code to mutate host built-in prototypes by laundering the isGlobal protection flag through array literal intermediaries. When a global prototype reference e.g., Map.prototype, Set.prototype is placed into an array and retrieved, the isGlobal...

GHSA-WW7G-4GWX-M7WJ @nyariv/sandboxjs has host prototype pollution from sandbox via array intermediary (sandbox escape)

Summary A sandbox escape vulnerability allows sandboxed code to mutate host built-in prototypes by laundering the isGlobal protection flag through array literal intermediaries. When a global prototype reference e.g., Map.prototype, Set.prototype is placed into an array and retrieved, the isGlobal...