EUVD-2026-33698

FlexRIC v2.0.0 crashes when receiving a duplicate E2SETUPREQUEST from the same or spoofed E2 Node. The iApp registry enforces node ID uniqueness via assert rather than graceful rejection. A remote unauthenticated attacker can crash the iApp process port 36421 by sending two E2SETUPREQUESTs with t...

Mattermost doesn't enforce slash command trigger-word uniqueness during command updates

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 Fail to enforce slash command trigger-word uniqueness during command updates which allows an authenticated team member with Manage Own Slash Commands permission to hijack and impersonate existing system or custom slash...

CVE-2026-28732

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 Fail to enforce slash command trigger-word uniqueness during command updates which allows an authenticated team member with Manage Own Slash Commands permission to hijack and impersonate existing system or custom slash...

The Adversarial Discount - AI, Signal Correlation, and the Cybersecurity Arms Race

We study a contest-theoretic model of adversarial investment in which an attacker and a defender allocate resources to AI-augmented capabilities across multiple attack surfaces. The attacker's investment operates through two channels: it amplifies offensive potency unconditionally and erodes...

CVE-2026-6966

Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold requirement by duplicating a valid signature, causing the client to accept forged delegated role...

389-ds-base security update

1.3.11.1-5.0.7 - Security fix for CVE-2025-14905 Orabug: 39146844 1.3.11.1-5.0.5 - Allow Uniqueness plugin to search uniqueness attributes using custom matching rules Orabug: 38388205...

CVE-2026-22665

prompts.chat prior to commit 1464475, contains an identity confusion vulnerability due to inconsistent case-sensitive and case-insensitive handling of usernames across write and read paths, allowing attackers to create case-variant usernames that bypass uniqueness checks. Attackers can exploit...

Improper Handling of Case Sensitivity

Overview prompts.chat is a Developer toolkit for AI prompts - build, validate, parse, and connect to prompts.chat Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to inconsistent case-sensitive and case-insensitive handling of usernames across write an...

EUVD-2026-18829

prompts.chat prior to commit 1464475 contains an identity confusion vulnerability due to inconsistent case-sensitive and case-insensitive handling of usernames across write and read paths, allowing attackers to create case-variant usernames that bypass uniqueness checks. Attackers can exploit...

CVE-2026-22665 prompts.chat Identity Confusion via Case-Sensitive Username Handling

prompts.chat prior to commit 1464475, contains an identity confusion vulnerability due to inconsistent case-sensitive and case-insensitive handling of usernames across write and read paths, allowing attackers to create case-variant usernames that bypass uniqueness checks. Attackers can exploit...

CVE-2026-22665 prompts.chat Identity Confusion via Case-Sensitive Username Handling

prompts.chat prior to commit 1464475, contains an identity confusion vulnerability due to inconsistent case-sensitive and case-insensitive handling of usernames across write and read paths, allowing attackers to create case-variant usernames that bypass uniqueness checks. Attackers can exploit...

CVE-2026-22665

CVE-2026-22665 affects prompts.chat prior to commit 1464475. The root cause is inconsistent handling of usernames across write and read paths, mixing case-sensitive and case-insensitive comparisons. This identity confusion allows creation of case-variant usernames that bypass uniqueness checks, e...

PT-2026-30229

Name of the Vulnerable Software and Affected Versions prompts.chat versions prior to commit 1464475 Description prompts.chat is susceptible to an identity confusion issue stemming from inconsistent case sensitivity in username handling during write and read operations. This allows attackers to...

CVE-2026-33895

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order S = L. A valid signature and its S + L variant...

PT-2026-23115

Name of the Vulnerable Software and Affected Versions Drupal OpenID Connect / OAuth client versions prior to 1.5.0 Description A flaw exists in the OpenID Connect / OAuth client module that allows for privilege escalation due to improper handling of case sensitivity. The module does not adequatel...

389-ds-base security update

2.7.0-10 - Resolves: RHEL-123243 - Attribute uniqueness is not enforced upon modrdn operation rhel-9.7.z - Resolves: RHEL-123765 - 389-ds-base OpenScanHub Leaks Detected rhel-9.7.z - Resolves: RHEL-137083 - CVE-2025-14905 389-ds-base: 389-ds-base: Remote Code Execution and Denial of Service via...

CVE-2025-9612

An issue was discovered in the PCI Express PCIe Integrity and Data Encryption IDE specification, where insufficient guidance on Transaction Layer Packet TLP ordering and tag uniqueness may allow encrypted packets to be replayed or reordered without detection. This can enable local or physical...

Privilege Escalation

getgrav/grav is vulnerable to privilege escalation. The vulnerability is due to missing username uniqueness validation during user creation, which allows an attacker to create an account with an existing administrator username and gain full administrative access...

EUVD-2025-202315

An issue was discovered in the PCI Express PCIe Integrity and Data Encryption IDE specification, where insufficient guidance on Transaction Layer Packet TLP ordering and tag uniqueness may allow encrypted packets to be replayed or reordered without detection. This can enable local or physical...

CVE-2025-9612

An issue was discovered in the PCI Express PCIe Integrity and Data Encryption IDE specification, where insufficient guidance on Transaction Layer Packet TLP ordering and tag uniqueness may allow encrypted packets to be replayed or reordered without detection. This can enable local or physical...