38444 matches found
CSTS: A Canonical Security Telemetry Substrate for AI-Native Cyber Detection
AI-driven cybersecurity systems often fail under cross-environment deployment due to fragmented, event-centric telemetry representations. We introduce the Canonical Security Telemetry Substrate CSTS, an entity-relational abstraction that enforces identity persistence, typed relationships, and...
GDAL 安全漏洞
GDAL is an open-source geospatial data abstraction library developed by GDAL. Versions of gdal prior to 3.11.0 contain security vulnerabilities. These vulnerabilities stem from improper restrictions on memory buffer operations, which may lead to issues with the program file inftree9.C...
PT-2026-27310
Name of the Vulnerable Software and Affected Versions furnace versions prior to 0.7 Description An out-of-bounds read issue exists in the furnace software within the extern/libsndfile-modified/src modules when processing flac.C program files. Recommendations Update to a version of furnace at or...
PT-2026-27471
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, Wallos endpoints/logos/search.php accepts HTTP PROXY and HTTPS PROXY environment variables without validation, enabling SSRF via proxy hijacking. The server performs DNS resolution on user-supplied sear...
fast-xml-parser 安全漏洞
fast-xml-parser is an open-source library developed by Natural Intelligence. It is used for quickly validating, parsing, and constructing XML files without relying on C/C++-based libraries or callbacks. Versions of fast-xml-parser from 4.0.0-beta.3 to 5.5.7 contained security vulnerabilities. The...
PT-2026-27470
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the patch introduced in commit e8a513591 CVE-2026-30840 added SSRF protection to notification test endpoints but left three additional attack surfaces unprotected: the AI Ollama host parameter, the AI...
CVE-2026-33283
Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing malformed UL NAS Transport NAS messages without a Request Type. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected...
CVE-2026-33281 Ella Core panics on invalid PDU Session IDs in NGAP messages
Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected...
JLSEC-2026-1 In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of se...
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes 2400 individual settings entries over and over again. The attack causes th...
GHSA-QR6X-WVXR-8HM9 Connect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User Information
Security Advisory — My Page Profile Update Improper Authorization Summary An improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Affected Versions - 1.x series: = 1.41.0 - 2.x series: = 2.41.0 Patched Versions - 1.41.1 - 2.41.1...
WordPress WP Posts Re-order plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin WP Posts Re-order versions = 1.0...
Security Bulletin: Vulnerabilities in Quarkus affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in Quarkus has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-66560 DESCRIPTION: Quarkus ...
Security Bulletin: Vulnerabilities in Netty affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in Netty has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is a...
WordPress Schema Shortcode plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Schema Shortcode versions = 1.0...
CVE-2026-33548 MantisBT has Stored HTML Injection / XSS when displaying Tags in Timeline
Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, improper escaping of tag names retrieved from History in Timeline myviewpage.php allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript, when displaying a tag that has...
CVE-2026-26209
The CVE-2026-26209 issue affects the Python library cbor2 (including the C extension _cbor2) prior to version 5.9.0. The root cause is uncontrolled recursion when decoding deeply nested CBOR structures, as the C extension relies on Python’s Py_EnterRecursiveCall rather than a data-driven depth li...
CVE-2026-26209 cbor2 has a Denial of Service via Uncontrolled Recursion in cbor2.loads
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Versions prior to 5.9.0 are vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding deeply nested CBOR structures. This vulnerability affects both the...
Allocation of Resources Without Limits or Throttling
Overview cbor2 is a CBOR deserializer with extensive tag support Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the decoding of CBOR payloads. An attacker can cause the application to crash by submitting deeply nested input that trigger...
CVE-2026-26209 cbor2 has a Denial of Service via Uncontrolled Recursion in cbor2.loads
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Versions prior to 5.9.0 are vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding deeply nested CBOR structures. This vulnerability affects both the...
WordPress Team plugin <= 5.0.11 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Doan Dinh Van in WordPress Plugin Team versions = 5.0.11...