35 matches found
Use of Cache Containing Sensitive Information
Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the UpdateCacheMiddleware and cachepage process when responses that vary on...
CVE-2026-48588
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. UpdateCacheMiddleware and the cachepage decorator cache responses that vary on cookies when the incoming request carries unrelated cookies, which allows remote attackers to read private data from the shared cache. Earlier,...
OSV-2026-872 Use-of-uninitialized-value in vpx_variance16x16_avx2
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=520181861 Crash type: Use-of-uninitialized-value Crash state: vpxvariance16x16avx2 vp8pickintramode vp8cxencodeintramacroblock...
CVE-2026-44457
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be...
CVE-2026-44457
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be...
CVE-2026-44457 Hono: Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be...
CVE-2026-44457 Hono: Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be...
GHSA-P77W-8QQV-26RM Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage
Summary Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be served to subsequent requests from different users. Details The Cache Middleware skips caching when...
Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)
OX Security recently analyzed 216 million security findings across 250 organizations over a 90-day period. The primary takeaway: while raw alert volume grew by 52% year-over-year, prioritized critical risk grew by nearly 400%. The surge in AI-assisted development is creating a "velocity gap" wher...
AEGIS: Adversarial Entropy-Guided Immune System -- Thermodynamic State Space Models for Zero-Day Network Evasion Detection
As TLS 1.3 encryption limits traditional Deep Packet Inspection DPI, the security community has pivoted to Euclidean Transformer-based classifiers e.g., ET-BERT for encrypted traffic analysis. However, these models remain vulnerable to byte-level adversarial morphing -- recent pre-padding attacks...
Large Empirical Case Study: Go-Explore Adapted for AI Red Team Testing
Production LLM agents with tool-using capabilities require security testing despite their safety training. We adapt Go-Explore to evaluate GPT-4o-mini across 28 experimental runs spanning six research questions. We find that random-seed variance dominates algorithmic parameters, yielding an 8x...
Threat landscape for industrial automation systems in Q3 2025
Statistics across all threats In Q3 2025, the percentage of ICS computers on which malicious objects were blocked decreased from the previous quarter by 0.4 pp to 20.1%. This is the lowest level for the observed period. Percentage of ICS computers on which malicious objects were blocked, Q3 2022–...
Malicious code in @posthog/variance-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1c9085321697fd859b0942dbf2e1f3d6ba0f4a32711bf0764e8c511c2b06df3 The package @posthog/variance-plugin was found to contain malicious code. Source: google-open-source-security...
EUVD-2025-198927
Malicious code in @posthog/variance-plugin npm...
MAL-2025-190898 Malicious code in @posthog/variance-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1c9085321697fd859b0942dbf2e1f3d6ba0f4a32711bf0764e8c511c2b06df3 The package @posthog/variance-plugin was found to contain malicious code. Source: google-open-source-security...
EUVD-2024-29122
Malicious code in bioql PyPI...
Private Continual Counting of Unbounded Streams
We study the problem of differentially private continual counting in the unbounded setting where the input size $n$ is not known in advance. Current state-of-the-art algorithms based on optimal instantiations of the matrix mechanism cannot be directly applied here because their privacy guarantees...
Dropout-Robust Mechanisms for Differentially Private and Fully Decentralized Mean Estimation
Achieving differentially private computations in decentralized settings poses significant challenges, particularly regarding accuracy, communication cost, and robustness against information leakage. While cryptographic solutions offer promise, they often suffer from high communication overhead or...
CSVAR: Enhancing Visual Privacy in Federated Learning Via Adaptive Shuffling against Overfitting
Although federated learning preserves training data within local privacy domains, the aggregated model parameters may still reveal private characteristics. This vulnerability stems from clients' limited training data, which predisposes models to overfitting. Such overfitting enables models to...
PrivATE: Differentially Private Confidence Intervals for Average Treatment Effects
The average treatment effect ATE is widely used to evaluate the effectiveness of drugs and other medical interventions. In safety-critical applications like medicine, reliable inferences about the ATE typically require valid uncertainty quantification, such as through confidence intervals CIs...