A significant vulnerability has been discovered in the Haskell TLS software stack affecting applications built with the Haskell programming language. The specific library "crypton-x509-validation" fails to enforce the NameConstraints security feature. NameConstraints, defined in RFC 5280, are crucial for controlling which domains a certificate authority can issue certificates for. This oversight allows an attacker who compromises a sub-CA to issue certificates for domains beyond their intended scope. Consequently, these malicious certificates will be accepted by any vulnerable Haskell TLS connection. This enables an attacker to gain full visibility into encrypted sessions. The impact of this vulnerability can lead to the theft of sensitive financial information and credentials. Industries utilizing delegated Public Key Infrastructure structures are particularly at risk. Versions prior to 1.9.1 of crypton-x509-validation are affected. A fix is available in version 1.9.1 of the crypton-x509-validation library. Users are strongly advised to update to the patched version immediately to mitigate this security risk. The vulnerability is tracked as CVE-2026-9648.

Microsoft is revoking trust for older versions of the open-source shim bootloader due to a Secure Boot bypass vulnerability. This vulnerability allows attackers to execute arbitrary code early in the boot process, circumventing security measures. The affected shim bootloaders, primarily versions 0.9 and earlier, will be added to the Microsoft UEFI Forbidden Signature Database (DBX). Once the DBX is updated, these bootloaders will be disallowed from running. The shim project facilitates Secure Boot for Linux distributions by acting as a bridge between firmware and the operating system. However, vendors who forked older, vulnerable versions without updating created a persistent supply chain risk. Researchers identified specific vulnerable shim bootloaders from various vendors, including Red Hat, baramundi, and Oracle. Exploiting this flaw enables attackers with boot modification privileges to gain persistent control, potentially loading unsigned kernel components that survive reboots. These malicious components can evade operating system security and endpoint detection solutions. To mitigate this, users must apply the latest vendor software and bootloader updates. Additionally, applying Microsoft's DBX update is crucial to block vulnerable bootloaders. Enterprises and developers should test these updates thoroughly before widespread deployment. It is recommended to update the authorized signature database (DB) before applying DBX revocations. Tools are available to audit and verify DBX updates and identify revoked boot components.

Version 3.0.7 of the Securly Chrome Extension has several critical security flaws. These vulnerabilities include insecure data transmission over HTTP for sensitive filtering rules. Weak cryptography is used, as evidenced by hardcoded plaintext AES passphrases and an outdated key derivation method. Improper access control allows unauthenticated access to protected resources and sensitive configuration data. An attacker could exploit these weaknesses to steal filtering information. They might also induce a Denial of Service by manipulating downloaded configuration files. Furthermore, attackers could modify content blocking rules for student users. One vulnerability involves a dynamically registered content script that bypasses security reviews. This script can hide all page content indefinitely if Securly's servers are unreachable. The extension also uses deprecated SHA-1 hashing for critical URL matching. While Securly has not been reached for a patch, administrators can mitigate risk by restricting extension use on untrusted networks and utilizing school-managed VPNs.

Verizon's VoLTE service on its IMS network has been operating without essential SIP integrity protection. This means that sensitive signaling data, including call setup information, is transmitted unencrypted. On-path attackers can therefore intercept and modify this traffic without detection. The absence of IPsec ESP encapsulation and specific security headers leaves the signaling vulnerable. While recent iOS carrier bundle updates contain IMS IPsec settings, their active implementation remains unconfirmed. This lack of protection allows for significant security risks like call hijacking and denial-of-service attacks. Specifically, REGISTER exchanges were observed missing crucial security headers. According to industry standards, SIP signaling between devices and the network should be protected. Verizon had initially committed to addressing the issue but has since disengaged from coordination efforts. Without verifiable evidence of mitigation, the security exposure continues. Remediation requires both network-side enablement by Verizon and device-side configuration updates. Until confirmed, VoLTE signaling should be treated as untrusted.

A stored cross-site scripting (XSS) vulnerability, CVE-2026-7299, exists in Appsmith's CodeMirror based SQL query editor autocomplete. Attackers with developer access to a shared PostgreSQL datasource can inject JavaScript into malicious database object names. This payload executes when any workspace member triggers SQL autocomplete. Successful exploitation allows arbitrary JavaScript execution in the victim's browser. This can lead to session hijacking, privilege escalation, or credential theft. Appsmith is an open-source, low-code platform for building internal tools. The vulnerability specifically affects the autocomplete function's handling of database object names. The failure to sanitize these names allows for persistent XSS injection. Version 2.1 of Appsmith addresses and fixes CVE-2026-7299. Users are strongly advised to update their Appsmith installations promptly.

The Collibra Platform Agent contains chained vulnerabilities allowing remote code execution. A remote, unauthenticated attacker can exploit these by uploading a crafted ZIP archive. This archive exploits a Zip Slip vulnerability during extraction, enabling path traversal. Specifically, the POST /rest/restore endpoint fails to validate extracted file paths. Attackers can use directory traversal sequences to write files to arbitrary locations on the server. One exploitation path involves placing a malicious JavaServer Pages file in a web-accessible directory. This leads to remote code execution when the file is accessed via HTTP. Privileged REST endpoints under /rest/* also lack proper authentication and authorization. These exposed endpoints can be used to gather information for further exploitation. The web services for these endpoints bind to all network interfaces, potentially increasing exposure. Successful exploitation allows attackers to install web shells, manipulate data, disrupt availability, and pivot into the network. Collibra has released updated versions to address these vulnerabilities. Users are strongly advised to update to the fixed releases promptly. Administrators should restrict access to exposed REST endpoints and management interfaces.

The PCTCore64.sys Windows kernel driver from PC Tools Internet Security has a significant security vulnerability. This driver exposes a device interface called \\.\PCTCoreDriver without proper access control measures in place. Consequently, any user-mode process can interact with this driver and execute privileged IOCTL commands. In a Bring Your Own Vulnerable Driver (BYOVD) scenario, an attacker with the ability to load a Windows driver can exploit this flaw. They can perform sensitive low-level operations on the target system by invoking the driver's exposed interface. The driver lacks secure descriptor application, allowing unprivileged processes to open device handles and send privileged IOCTL requests. This allows attackers to perform actions like enumerating system-wide handles and manipulating handles across processes. Crucially, it enables credential extraction from sensitive processes like lsass.exe. Arbitrary process termination, including protected processes, is also possible. Although PC Tools Internet Security was discontinued in 2013, the driver remains signed and exploitable in BYOVD attacks. This vulnerability facilitates credential theft, disabling security software, and achieving broader system compromise. The impact includes credential theft, denial-of-service, and system compromise. The solution is to remove and block the vulnerable driver, as it is no longer maintained. Organizations should also implement mitigations against BYOVD attacks, such as restricting admin privileges and enabling Windows security features like HVCI and WDAC.

Casdoor versions 2.362.0 and earlier are vulnerable to critical identity and access management flaws. These vulnerabilities enable wide-ranging authentication bypass and privilege escalation. Several CVEs detail flaws in Casdoor's SAML processing related to certificate handling, assertion validation, and replay protection. The social-login binding flow allows bypassing MFA requirements, and unverified email binding may lead to account takeover. Token exchange mechanisms contain flaws enabling cross-organization privilege escalation and lack of token revocation. Attackers can exploit these flaws to impersonate users, bypass MFA, and gain persistent unauthorized access. The vulnerabilities arise from issues like arbitrary certificate usage, missing audience restrictions, and the absence of SAML assertion replay protection. Time bounds in SAML assertions are not enforced, further increasing risk. The platform fails to verify the active status of tokens used for exchange. The SAML callback handler accepts unsolicited SAML responses, leading to session hijacking. The impact is significant, potentially allowing attackers to compromise accounts and escalate privileges. Currently, a patch from Casdoor is unavailable; therefore, users should implement strict identity protection.

The "Dirty Frag" vulnerability affects Linux kernel versions 4.10 and later, stemming from flawed handling of fragmented IPv4/IPv6 packets. It allows an attacker to manipulate fragment offsets, leading to memory corruption during reassembly. This vulnerability is a combination of two previously known ones, specifically related to xfrm-ESP and RxRPC page-cache writes. Successful exploitation can trigger a denial of service or, potentially, privilege escalation. The root cause lies in the kernel's insufficient validation of fragment metadata during the reassembly process, allowing for malformed sequences. The impact includes kernel panics, memory corruption, and container escapes. Immediate mitigation involves updating the Linux distribution's kernel package with patches. Workarounds include disabling the vulnerable modules (esp4, esp6, and rxrpc) or blacklisting them during boot. For containerized environments, additional mitigation strategies include seccomp filtering, AppArmor policies, and eBPF-based enforcement. The vulnerability was discovered and disclosed by Hyunwoo Kim, and the documentation was written by Bob Kemerer.

Three critical vulnerabilities have been identified in the SGLang project, a framework for serving large AI models. Two of these vulnerabilities allow for remote code execution (RCE), while the third is a path traversal flaw. Exploitation requires the multimodal generation mode to be enabled and an attacker to have network access to the SGLang service. Currently, no patch is available for these issues. The project maintainers did not provide a response during the coordination process. CVE-2026-7301 exploits a pickle.loads() sink in the multimodal generation runtime scheduler, allowing RCE when exposed. This vulnerability binds to all network interfaces by default, making it accessible. CVE-2026-7302 permits arbitrary file writes via path traversal in the multimodal generation runtime. Attackers can achieve this by manipulating upload filenames with directory traversal sequences. CVE-2026-7304 enables RCE through unauthenticated deserialization of Python objects via dill.loads() when custom logit processors are enabled. If exploited, these vulnerabilities could lead to remote code execution or arbitrary file writes on the SGLang host. The highest risk is to deployments exposing affected interfaces to untrusted networks. Until a patch is released, users should restrict service access and avoid exposing it to untrusted networks.

Dnsmasq, a popular DNS and DHCP server, is vulnerable to several memory safety and input validation flaws. These vulnerabilities include heap buffer overflows, memory corruption issues, and potential code execution exploits. Attackers can exploit these flaws to compromise the system in various ways. Successful attacks can lead to DNS cache poisoning, causing traffic redirection to malicious sites. Other attacks can trigger denial-of-service conditions, rendering dnsmasq unusable. Information disclosure is also possible, potentially leaking sensitive network details. In certain scenarios, local attackers could even achieve root privilege escalation. The identified vulnerabilities are tracked under various CVE numbers, including CVE-2026-2291 and several others. Dnsmasq version 2.92rel2 has been released to address these issues. This update and vendor patches are key to mitigating the risks. The vulnerabilities were discovered by multiple researchers. Careful application of the patch is essential to maintain network security.

Casdoor, an IAM platform, suffers from an arbitrary file write vulnerability due to improper path sanitization. The vulnerability lies within the "Local File System" storage provider, allowing authenticated users with upload privileges to write files outside the intended storage directory. Attackers exploit the /api/upload-resource endpoint by manipulating the pathPrefix parameter, using directory traversal techniques. This allows them to create or overwrite files on the host system, bypassing security restrictions. Successful exploitation can lead to various impacts, including file overwriting, persistence mechanisms, and database corruption. The attacker needs an authenticated session and file upload permissions to leverage this vulnerability. The severity of the impact depends on the Casdoor service account's privileges. A pull request has been submitted to fix the path validation issue. Users are advised to limit administrative access, restrict filesystem permissions, and avoid using the Local File System provider. The vulnerability was discovered and reported by Danilo Dell'Orco.

A new privilege escalation vulnerability, named "Copy Fail," has been found in Linux kernels 4.17 and later. This flaw, assigned CVE-2026-31431, allows local users to gain root access. The vulnerability stems from a logic error within the algif_aead module, used for authenticated encryption. An unprivileged user can write four controlled bytes to the page cache of any readable file. This in-memory modification can bypass integrity checks; the file remains unchanged on disk. Attackers can exploit this by targeting a setuid binary, altering its in-memory contents to escalate privileges. A public Python proof-of-concept exists, increasing the risk of exploitation. The solution involves applying upstream kernel patches that revert AEAD operations. Users should update their Linux distributions as soon as updates are available. Workarounds include disabling the algif_aead module or blacklisting its initialization. Containerized environments require additional mitigations like seccomp filtering, AppArmor policies, or eBPF-based enforcement. Virtualization does not allow the bug to be leveraged for host escape, due to memory isolation. The vulnerability was discovered by Theori and documented by Bob Kemerer and Vijay Sarvepalli.

A security flaw exists in the DRC INSIGHT software's configuration management endpoint. Unauthenticated users on the same network can modify the server's configuration file. This vulnerability, tracked as CVE-2026-5756, allows for potential data exfiltration, traffic redirection, or service disruption. The Central Office Services component of DRC INSIGHT, used to distribute testing content, exposes an administrative endpoint without proper authentication. Any device with network access can submit requests to this endpoint. Attackers could exploit this to redirect student data, such as test responses or audio recordings, to malicious external services. They might also intercept HTTPS traffic by inserting a malicious proxy setting. Malformed configuration changes could lead to service disruption, preventing the server from starting or interfering with active assessments. No patch is currently available from the vendor. Organizations should restrict network access to the COS server, placing it on an isolated network segment. Firewalls should limit access to the configuration endpoint, ideally to localhost or authorized administrative IPs. Outbound traffic should be restricted to approved destinations and monitored for suspicious activity. Administrators should enable logging and monitoring for requests to the configuration endpoint and unusual traffic patterns.

Ollama's model quantization engine has a critical heap memory vulnerability. An attacker can exploit this by uploading a malicious GGUF file. This crafted file triggers an out-of-bounds read in the quantization process. The vulnerability stems from a lack of bounds checking on tensor metadata from the GGUF file. Go's unsafe.Slice is then used to create memory slices exceeding valid data buffers. This allows attackers to access unintended heap memory. The leaked data is inadvertently written into a new model layer. Ollama's registry API can then be used to exfiltrate this sensitive heap data. This can lead to unauthorized access, data exposure, and potential system compromise. A patch is not yet available, but restricting model upload access is a recommended interim solution.

Radware Alteon has a reflected Cross-Site Scripting vulnerability in version 34.5.4.0. This flaw exists in the ReturnTo parameter of the /protected/login route. The vulnerability stems from a failure to properly sanitize user input. Attackers can exploit this by injecting malicious JavaScript into the ReturnTo parameter. When a user is redirected to a SAML login page, the load balancer reflects the unsanitized parameter. This reflected payload then executes in the victim's browser. The exploit allows attackers to steal sensitive data, perform unauthorized actions, and conduct phishing attacks. It can also damage the reputation of the affected website. Radware has acknowledged the vulnerability and plans a fix in version 34.5.7.0. Users should validate and encode input until a patch is applied.

Terrarium is a platform designed for secure code execution in a sandbox environment. A critical vulnerability has been found within Terrarium, enabling arbitrary code execution with root privileges on the host Node.js process. This exploit stems from an issue within the Pyodide WebAssembly environment. The vulnerability originates from the way jsglobals objects are configured, specifically the mock document object. This object, created from a standard JavaScript object literal, inherits from Object.prototype. This inheritance allows sandboxed code to ascend the prototype chain to the function constructor. From there, attackers can create a function that returns globalThis, granting access to essential Node.js internals like require(). Consequently, an attacker can break out of the sandbox and run any command as root within the container. This sandbox escape vulnerability, identified as CVE-2026-5752, poses significant risks to applications relying on Terrarium. It allows attackers to execute commands as root, access and alter sensitive files, compromise internal network services, and potentially escape the container for further privilege escalation. Unfortunately, a vendor patch is currently unavailable. To mitigate this risk, disabling code submission to the sandbox, if feasible, is recommended. Network segmentation and the use of a Web Application Firewall (WAF) are also crucial to limit the attack surface and detect malicious traffic. Continuous monitoring of container activity for unusual behavior is advised. Furthermore, strict access controls and the use of secure container orchestration tools are essential. Keeping all dependencies updated and patched is a fundamental security practice. This vulnerability was discovered by Jeremy Brown using AI-assisted research.

A remote code execution vulnerability, CVE-2026-5760, has been found in the SGLang project's reranking endpoint. Attackers can exploit this by creating a malicious model with a specially crafted tokenizer.chat_template parameter. This parameter contains a Jinja2 server-side template injection payload. When SGLang loads this model and the reranking endpoint is accessed, the malicious template renders. This triggers the execution of arbitrary Python code on the server. The vulnerability stems from the use of jinja2.Environment() without proper sandboxing. Successful exploitation allows attackers to execute code as the SGLang service. This could lead to host compromise, data theft, or denial-of-service. Deployments exposing the endpoint to untrusted networks are most at risk. The recommended solution involves using ImmutableSandboxedEnvironment for rendering chat templates instead of the vulnerable jinja2.Environment(). Project maintainers did not respond to coordination efforts for a patch.

Orthanc DICOM Server versions 1.12.10 and earlier have several vulnerabilities impacting image decoding and HTTP request handling. These flaws include heap buffer overflows, out-of-bounds reads, and memory exhaustion problems, exploitable through crafted inputs. Attackers can leverage these vulnerabilities to crash the server, leak sensitive data, or potentially achieve remote code execution. The vulnerabilities stem from unsafe arithmetic operations, the lack of crucial bounds checks, and insufficient validation of metadata. These issues exist within the processing of both DICOM files and HTTP requests. Identified vulnerabilities involve parsing meta-headers, handling gzip compression, and processing ZIP archives which could lead to resource exhaustion. Out-of-bounds reads are present in image decoding functions used for the proprietary Philips compression format and palette color images. Heap buffer overflows occur in the image decoder, as well as the PAM image parsing logic. Orthanc has released version 1.12.11 to fix the vulnerabilities. Users should upgrade immediately and limit exposure of upload/processing features. These vulnerabilities were discovered by Dr. Simon Weber and Volker Schönefeld of Machine Spirits UG.

MuPDF versions up to 1.27.0 are vulnerable to an integer overflow, identified as CVE-2026-3308. This vulnerability resides within the `pdf_load_image_imp` function, which handles image data processing in PDF files. An attacker can craft a malicious PDF to trigger the overflow by providing specially crafted image parameters. This overflow leads to incorrect memory allocation, specifically when calculating the image's buffer size. Consequently, the `fz_unpack_stream` function writes beyond the buffer's bounds during image decoding. This heap out-of-bounds write can result in application crashes or, potentially, arbitrary code execution. Any system automatically processing or rendering untrusted PDFs using MuPDF may be affected. Due to the vendor's unavailability, no official patch is currently available. Users should avoid processing untrusted PDF files where possible. Isolating PDF rendering in a sandboxed process is recommended as a mitigation. A pull request that includes the fix is available. This vulnerability was reported by Yarden Porat from Cyata.

Kyverno, a Kubernetes policy engine, has an SSRF vulnerability in versions 1.16.0 and later. This vulnerability stems from inadequate URL validation within its CEL-based HTTP functions (Get and Post). Namespaced policies can trigger arbitrary internal HTTP requests due to the lack of namespace scoping in these functions. An attacker with namespace-level permissions can exploit this flaw. They can create a malicious policy to send internal requests and exfiltrate responses. The Kyverno admission controller, which executes these requests, has privileged network access. This vulnerability could lead to cross-namespace data access and the exposure of sensitive information. A patch is unavailable, so mitigation strategies are necessary. These include strict URL validation, destination controls, and blocklists. Recommended safeguards involve blocking access to sensitive address ranges and limiting outbound requests. Applying default deny network policies to the Kyverno pod is also suggested. This vulnerability was responsibly disclosed by Igor Stepansky from Orca Security Research Pod.

CrewAI, a tool for building multi-agent AI systems, suffers from four critical vulnerabilities. These vulnerabilities include remote code execution (RCE), arbitrary local file read, and server-side request forgery (SSRF). CVE-2026-2275, specifically, exploits the Code Interpreter Tool within CrewAI. The other vulnerabilities arise from insecure default configurations in the main agent and associated Docker images. An attacker can exploit these issues through prompt injection if they can interact with a CrewAI agent utilizing the Code Interpreter Tool. These vulnerabilities can be chained together for a greater impact. CVE-2026-2275 involves fallback to SandboxPython, leading to code execution via arbitrary C function calls. Improperly validated URLs in RAG search tools within CrewAI lead to a server-side request forgery (SSRF) vulnerability. CrewAI's failure to verify Docker's runtime status also contributes to RCE via sandbox fallbacks. An arbitrary local file read vulnerability exists within the JSON loader tool due to a lack of path validation. Exploitation allows for credential theft or further device compromise. The vendor has addressed some vulnerabilities but a complete patch is not available yet.

The IDrive Cloud Backup Client for Windows versions 7.0.0.63 and earlier has a critical security flaw. This vulnerability allows for privilege escalation, granting unauthorized users SYSTEM-level access. The IDrive client, used for cloud backups, runs with elevated privileges on Windows systems. A flaw exists in how the client service, id_service.exe, handles specific configuration files. Standard users can modify these files due to weak permission configurations. An attacker can inject malicious code by overwriting these configuration files. When id_service.exe reads the modified files, the attacker's code executes with SYSTEM permissions. This could lead to complete control over the compromised machine. IDrive is developing a patch to address this vulnerability and users should update once it's available. In the interim, users should implement security measures to mitigate the risk. The vulnerability was discovered and reported by Matthew Owens and FRSecure.

GoHarbor's Harbor, an open-source container registry, uses a default admin password risking security. The default credentials are "admin" and "Harbor12345," set in the harbor.yml configuration. Harbor doesn't mandate password changes upon initial setup or login, thus leaving the system vulnerable. An attacker with the known default password gains full administrative control, which puts the registry at risk. Such control allows overwriting images, initiating supply-chain attacks, and potentially enabling remote code execution. Attackers can establish persistent access and disable security features to accomplish their goals. Sensitive images can be stolen or destructive actions like data deletion can occur, leading to service disruption. To mitigate risk, operators must change the default password immediately after deployment. This can be done via the interface or by setting the `harbor_admin_password` during installation. A fix is proposed, removing or randomizing default credentials to enhance security:

LibreChat RAG API version 0.7.0 suffers from a log-injection vulnerability due to inadequate input sanitization. This allows authenticated attackers to manipulate log entries by injecting CRLF characters. Attackers exploit this flaw by inserting malicious data into the file_id parameter of POST requests. This can lead to the forging of logs, compromising audit trail integrity and potentially obscuring malicious activity. The vulnerability could facilitate attacks like XSS or remote command execution if insecure log-management tools are used. The impact includes hindering forensic investigations and enabling user impersonation. Unfortunately, the vendor has not been reached for a patch. Mitigations involve sanitizing input, disabling the pgvector extension if not used, and validating output. These measures aim to provide layered protection against the vulnerability's exploitation. The recommended solutions cannot fully eliminate the risk and require a full patch from the vendor. The vulnerability disclosure was coordinated by Caio Bittencourt, and the document was written by Dr. Elke Drennan.

The graphql-upload-minimal package, version 1.6.1, contains a prototype pollution vulnerability. This vulnerability resides within the processRequest() function, which is responsible for handling file uploads. The package parses multipart/form-data requests to integrate uploaded files into GraphQL operations. The vulnerability arises because user-supplied paths for mapping files are not properly validated. Special JavaScript property names, including __proto__, can be used to traverse the prototype chain. This traversal allows attackers to modify the global Object.prototype. Altering Object.prototype affects all objects inheriting from it within the Node.js process. The consequences of this pollution can include logic corruption, denial of service, or privilege escalation. To mitigate this issue, users must upgrade to graphql-upload-minimal version 1.6.3 or a later release. The patched version implements checks to prevent the assignment of unsafe properties through the prototype chain.

SGLang, a serving framework for LLMs and multimodal models, has critical pickle deserialization vulnerabilities. Two vulnerabilities, CVE-2026-3059 and CVE-2026-3060, reside in the multimodal generation and encoder parallel disaggregation modules respectively. These flaws allow attackers to execute arbitrary code by sending malicious pickle files to the ZMQ broker. CVE-2026-3989 affects the replay_request_dump.py script, enabling code execution when handling malicious pickle files. The root cause across the vulnerabilities is the use of pickle.loads() to deserialize untrusted data without proper validation. This insecure deserialization can lead to remote code execution due to pickle's execution capabilities. Attackers could gain control of the SGLang service, potentially leading to system compromise. Users should restrict network access to SGLang interfaces to mitigate these risks. The use of alternatives to pickle, like JSON or msgpack, is strongly advised to prevent similar vulnerabilities. This document serves to highlight the risks associated with improper pickle usage. A proposed patch was submitted with no observed response from the maintainers during publication.

Malformed ZIP headers enable antivirus and EDR software to produce false negatives, as some extraction software can still decompress the archive. ZIP archives hold crucial metadata like compression method and version information, which antivirus engines use for preprocessing. Attackers can modify the compression method field, preventing proper decompression and analysis of the payload. After evading antivirus systems, the payload can be recovered by a custom loader that bypasses the declared method. This technique allows attackers to conceal malicious content while still being able to retrieve it programmatically. Standard extraction tools, however, often fail with errors when encountering these manipulated archives. This vulnerability is akin to previously identified CVEs. A remote attacker can craft a ZIP archive with tampered metadata to bypass inspection by antivirus or EDR software. While many products may flag the file as corrupted, execution of malicious code still requires user interaction to extract or process the archive. A custom loader that ignores the declared compression method can recover and execute the concealed content. Antivirus and EDR vendors should avoid relying solely on declared archive metadata for content handling. Scanners should implement more aggressive detection modes to validate compression method fields against actual content and flag inconsistencies. Users are advised to contact their antivirus or EDR providers for vulnerability assessment and mitigation guidance.

Viber's Cloak-mode proxy, in specific Android and Windows versions, has a critical weakness. This feature, designed to conceal proxy or VPN usage, fails its primary purpose. The TLS ClientHello fingerprint used by Cloak mode is static and lacks diversity. This makes it easily detectable by Deep Packet Inspection (DPI) systems. Consequently, network-level blocking of Viber traffic becomes straightforward in restrictive environments. This flaw undermines censorship circumvention capabilities, potentially leading to denial of service. The proxy traffic is readily identifiable, not resembling normal browser TLS behavior. Users are unaware that their data's proxy protection is compromised. To mitigate this issue, users should update their Viber Windows clients to version 27.3.0.0 and Android mobile versions to 27.2.0.0g for continued support. Oleksii Gaienko, an independent security researcher, reported this vulnerability. Laurie Tyzenhaus authored this explanatory document.

A command injection vulnerability exists in the MS-Agent framework, allowing arbitrary command execution due to unsanitized prompt input. The MS-Agent framework uses a Shell tool for executing commands on the operating system. The vulnerability arises because the software fails to adequately sanitize external content before execution through this Shell tool. An attacker can use prompt injection techniques to trick the agent into running unintended shell commands. The Shell tool attempts to restrict unsafe commands using a regular expression-based denylist in its check_safe() method. However, this denylist mechanism can be bypassed by crafted input, enabling malicious commands to reach the shell execution layer. This vulnerability, tracked as CVE-2026-2256, allows attackers to execute arbitrary operating system commands. It can be exploited when the agent processes or retrieves attacker-controlled content containing malicious command sequences. Denylist-based filtering is inherently weak and can often be circumvented through various methods like encoding or obfuscation. Successful exploitation grants the attacker the ability to execute commands with the privileges of the MS-Agent process. This could lead to system file modification, lateral movement, persistence, or data exfiltration. No vendor patch or statement was provided during coordination. Users are advised to deploy MS-Agent only in trusted environments with validated input. Agents with shell execution should be sandboxed or run with least-privilege permissions. Replacing denylists with strict allowlists and improving isolation for tool execution are also recommended mitigation strategies.

PyMuPDF version 1.26.5 contains a critical path traversal vulnerability. This vulnerability allows arbitrary file writing via the 'embedded_get' function in main.py. The flaw arises from unchecked handling of embedded file metadata within PDF documents. Specifically, this metadata is used directly as the output path for extracted files. When the output path isn't explicitly defined, PyMuPDF uses embedded file metadata. This lack of validation permits attackers to specify arbitrary file paths. Exploitation involves crafting a malicious PDF with a path leading outside the intended directory. Successful exploitation enables attackers to write files to any location accessible by the user. This write access could potentially lead to privilege escalation or system compromise. The vulnerability is addressed in PyMuPDF version 1.26.7. Users are strongly advised to update to mitigate the risk. The vulnerability was reported by UKO, and the document was written by Michael Bragg.

A prototype pollution vulnerability exists in CASL Ability versions 2.4.0 through 6.7.4, specifically within the extra module's rulesToFields() function. This vulnerability stems from the setByPath() function's failure to sanitize property names. This flaw enables attackers to inject properties into object prototypes due to a lack of proper sanitization. Attackers can leverage the vulnerability to add or modify properties on an object's prototype. Consequently, attackers can manipulate the prototype chain, potentially writing to Object.prototype. This can enable arbitrary code execution within the Node.js process. The impact includes bypassing authorization, gaining unauthorized access, and manipulating application logic. Moreover, it can lead to application crashes and denial-of-service conditions. The vulnerability is especially dangerous due to the widespread use of the CASL library, posing a risk to multiple systems. The recommended solution is to upgrade to CASL Ability version 6.7.5 or later. This vulnerability was coordinated by Maor Caplan from Alma Security.

A vulnerability exists in libheif's uncompressed decoder due to an out-of-bounds memory access issue. This flaw allows a maliciously crafted HEIF image to trigger a denial-of-service condition. The vulnerability arises from inadequate validation of metadata values during processing. Specifically, the decoder fails to properly check values from internal metadata boxes. This can lead to the decoder reading past the end of the input buffer. This can result in a segmentation fault during image decoding. The vulnerability, identified as CVE-2025-65586, affects versions v1.19.0 through 1.21.1 of libheif, introduced in commit 6190b58f. The impact is limited to denial-of-service, causing applications using libheif to crash. The vulnerability was discovered through fuzzing with AddressSanitizer. The solution is to update to libheif version 1.21.0 or later, which includes the fix. The vulnerability was reported by Maor Caplan and fixed by Dirk Farin.

The binary-parser library for Node.js suffered from a code injection vulnerability. This vulnerability affected versions before 2.3.0 and could lead to arbitrary JavaScript execution. The library allowed for dynamic JavaScript code generation using the Function constructor. User-provided data, particularly field names and encoding parameters, were incorporated without proper sanitization. This lack of sanitization permitted attackers to inject malicious code through crafted inputs. Applications utilizing untrusted data in parser definitions were vulnerable to exploitation. Successful exploitation could grant attackers control over the Node.js process. The vendor addressed the issue by releasing version 2.3.0 with input validation. Users should upgrade to the patched version to mitigate the risk. Developers should avoid including untrusted data in parser definitions to prevent similar vulnerabilities. This vulnerability was identified by Maor Caplan and fixed by Keichi Takahashi.

Open5GS WebUI has a vulnerability due to hardcoded default secrets, including the JWT signing key. This allows attackers to forge authentication tokens and gain administrative access. The WebUI, built with Node.js and Next.js, uses environment variables, by default set to "change-me," for cryptographic operations. This default is used for issuing and validating JWTs which leads to the vulnerability. Default configurations do not warn users about the insecure default secrets, making them easily exploitable. Attackers can create valid JWTs with the known default secret, bypassing CSRF protections. This allows unauthorized access to and modification of sensitive data via /api/db/* endpoints. The impact is full access to the WebUI and its permissions, including subscriber data. A patch is available introducing independent secrets via a .env file to fix this issue. Users without the patch should manually configure strong, unique, and secret values for `SECRET_KEY` and `JWT_SECRET_KEY`. Network access to the WebUI should be restricted with authentication gateways or proxies. The vulnerability was reported by Andrew Fasano from NIST, with a patch by Vijay Sarvepalli.

GNU libtasn1, a library for ASN.1 parsing, contains a stack-based buffer overflow vulnerability. The flaw resides in the `asn1_expand_octet_string` function within the `decoding.c` file. This vulnerability is triggered by unsafe string concatenation using `strcpy` and `strcat`. The concatenation of field names without bounds checking leads to a one-byte overflow in the allocated stack buffer. This occurs when handling potentially untrusted ASN.1 input, specifically with malformed data. While the overflow is small, it still can cause subtle memory corruption. This corruption could result in unexpected behavior, especially within security-critical operations, such as cryptographic activities. An attacker could exploit this vulnerability by crafting malicious ASN.1 data. The impact may include parsing failures or unusual operations during cryptographic processes. A patch has been proposed to fix this issue, offering a solution to developers. Developers are advised to review the patch and implement mitigations.

A vulnerability exists in Safetica's ProcessMonitorDriver.sys kernel driver, used in its data loss prevention software. This allows unprivileged users to terminate system processes through an exposed IOCTL path. The vulnerability stems from inadequate input sanitization and user validation within the driver's interface. Successfully exploiting this flaw enables a denial-of-service attack, potentially rendering Safetica systems unusable. The attacker could repeatedly terminate processes, disrupting system functionality and security monitoring. At the time of this publication, no official fix from the vendor has been released to address this critical issue. Organizations are advised to actively monitor for suspicious IOCTL calls targeting the driver. Implementing kernel driver monitoring solutions is essential for detecting abuse and unusual patterns. Restricting access to the vulnerable driver through Windows policies is also crucial. This can be achieved through Group Policies or Application Control to prevent unauthorized interactions. The report recommends blocking untrusted or unsigned binaries from communicating with the driver.

The Genshi template engine suffers from a Server-Side Template Injection (SSTI) vulnerability. The vulnerability stems from unsafe evaluation of template expressions using Python's `eval()` and `exec()` functions. Genshi allows fallback access to Python's built-in objects during expression evaluation. An attacker can leverage this behavior to execute arbitrary code on the server. The attacker gains control by influencing or injecting malicious template expressions. This control can lead to remote code execution (RCE) with the application's privileges. The impact includes operating system commands, data access, and server compromise. The provided document offers mitigation strategies such as preventing untrusted input and sandboxing templates. Currently, no official patch from Genshi exists to address the vulnerability. The report acknowledges Jangwoo Choe and Michael Bragg for their contributions.

dr_flac, an open-source FLAC decoder within the dr_libs audio toolset, suffers from an integer overflow vulnerability. This vulnerability, identified as CVE-2025-14369, can be exploited by crafting malicious FLAC files. Providing such a file to a tool utilizing dr_flac could trigger a denial-of-service condition, causing the tool to crash. The core issue lies in the lack of input validation when calculating memory allocation based on FLAC metadata. This allows for excessive memory allocation, leading to instability. An attacker can use this flaw to make the tool allocate vast amounts of memory. The issue impacts any system using an older version of dr_flac. The vulnerability was patched in commit b2197b2, which users should update to immediately. Updating dr_flac prevents exploitation of this security bug. The vulnerability could be triggered by any tool processing untrusted FLAC files. The reporter of this issue was Maor Caplan and the initial documentation was written by Christopher Cullen.

TheLibrarian.io's AI assistant, "The Librarian," faced multiple security vulnerabilities affecting its internal tools. These tools like 'view_document', 'web_fetch', and 'image_generate' enabled significant unauthorized access. Attackers could access the administrative console and perform internal network scanning. They could also view the internal system prompt, crucial for the AI's operation. Vulnerabilities allowed retrieval of internal processes and access to the backend system. The 'web_fetch' tool permitted retrieving arbitrary external content, proxying requests and potentially scanning internal networks. Exploitation of the vulnerabilities could lead to process control, credential theft, and AI manipulation. The company has since deprecated the vulnerable tools and implemented fixes. The web retrieval is now handled by a third-party service, mitigating the risks. Despite the fixes, the system prompt disclosure was not considered a critical vulnerability by the company. These vulnerabilities were identified and reported by Aaron Portnoy of Mindgard.ai and written by Christopher Cullen.

A critical vulnerability, CVE-2025-14894, has been identified in Livewire Filemanager for Laravel applications. This tool allows users to upload and manage various files, including PHP files. The vulnerability arises because Livewire Filemanager does not adequately validate file types or MIME types, permitting the upload of malicious PHP files. These uploaded PHP files can then be accessed and executed by visiting a specific web-accessible directory within the Laravel application. This allows an unauthenticated attacker to achieve remote code execution on the host device. The exploitation relies on the attacker uploading a crafted PHP file and then forcing its execution. By default, files uploaded through Livewire Filemanager are accessible via the storage/app/public URL if the php artisan storage:link command has been run. Successful exploitation enables an attacker to execute arbitrary code as the web server user. This grants them full read and write access to files accessible by that user. The impact is significant, potentially leading to further system compromise. Currently, the vendor has not publicly acknowledged the vulnerability. Increased caution is advised when using Livewire Filemanager, particularly if the storage:link command has been executed.

Redmi Buds earbuds, from versions 3 Pro to 6 Pro, are vulnerable to security flaws. These vulnerabilities allow attackers within Bluetooth range to exploit the devices without pairing. One vulnerability, CVE-2025-13834, arises from improper bounds checking when handling RFCOMM commands. This flaw can lead to sensitive data exposure, like phone numbers, due to uninitialized memory being returned. A second vulnerability, CVE-2025-13328, is a DoS flaw that can be exploited by flooding RFCOMM channels. This flooding causes resource exhaustion, leading to firmware crashes and disconnection of paired devices. Both vulnerabilities require only the target's MAC address for exploitation. The Information Leak vulnerability is similar to the Heartbleed bug, exploiting a missing bounds check. The DoS vulnerability impacts the device's availability, forcing a reset. Attackers can trigger these attacks repeatedly without the user's knowledge. Xiaomi has not provided remediation plans or guidance. Users are advised to disable Bluetooth when the earbuds are not in use to reduce risk.

The BeeS Examination Tool portal, used by over 100 universities for test administration and academic tasks, was found to have an SQL injection vulnerability in its login functionality. This vulnerability allowed attackers to execute arbitrary SQL commands on the back-end database, potentially manipulating the database and extracting sensitive student data. The vulnerability was discovered in the login functionality of the portal and was tracked as CVE-2025-14598. It was caused by insufficient user input validation, which enabled arbitrary SQL injection. An attacker could exploit this vulnerability to steal student data, including credentials, and perform lateral movement to further compromise the host infrastructure. BeeS Software Solutions has since remediated the vulnerability by issuing a patch that enables input validation and changes various security settings. The patch was automatically installed and updated on all BET client instances, so no actions are necessary for customers at this time. The vulnerability could have allowed an unauthenticated, remote attacker to achieve unauthorized database access, credential theft, and system-level access to the affected server. Fortunately, the changes made by BeeS Software Solutions have successfully mitigated the vulnerability, as indicated by testing. The discovery and reporting of the vulnerability are attributed to Mohammed Afnaan Ahmed, and the document was written by Christopher Cullen.

The TOTOLINK EX200 extender's outdated firmware has a critical vulnerability. This flaw stems from improper error handling within its firmware-upload process. Specifically, malformed firmware files can trigger an unexpected error state. This error state inadvertently activates an unauthenticated root telnet service. This service grants malicious actors complete control over the device. To exploit this, an attacker needs prior authenticated access to the web management interface. Once the vulnerability is triggered, the attacker gains full system access. The impact includes potential configuration changes and arbitrary command execution. TOTOLINK has not provided a patch as the product is no longer supported. Users are advised to limit access and monitor for suspicious behavior. This vulnerability, tracked as CVE-2025-65606, was identified and reported by Leandro Kogan and documented by Timur Snoke.

A vulnerability was discovered in the Forcepoint One DLP Client that allows an attacker to bypass the vendor-implemented Python restrictions and execute arbitrary code. The vulnerability is due to the ability to reconstruct the ctypes FFI environment and apply a version-header patch to the ctypes.pyd module. This enables the attacker to restore ctypes functionality within the bundled Python 2.5.4 runtime, allowing direct invocation of DLLs, memory manipulation, and execution of arbitrary code. The Forcepoint One DLP Client shipped with a constrained Python 2.5.4 runtime that omitted the ctypes foreign function interface library, which was intended to mitigate malicious use. However, it was demonstrated that the restriction could be bypassed by transferring compiled ctypes dependencies from another system and applying a version-header patch to the ctypes.pyd module. Forcepoint acknowledged the issue and indicated that a fix would be included in an upcoming release, with the vulnerable Python runtime removed from Forcepoint One Endpoint builds after version 23.11. The impact of the vulnerability is significant, as arbitrary code execution within the DLP client may allow an attacker to interfere with or bypass data loss prevention enforcement, alter client behavior, or disable security monitoring functions. The exploitation of this vulnerability may reduce the effectiveness of DLP protections and weaken overall system security. To address the issue, users should upgrade to Endpoint versions that have been validated to no longer contain python.exe, specifically versions after 23.11. The vulnerability was reported by Keith Lee, and the document was written by Timur Snoke, with the solution provided by Forcepoint to mitigate the risk associated with the vulnerability.

A newly identified vulnerability in some UEFI-supported motherboard models leaves systems vulnerable to early-boot DMA attacks across architectures that implement UEFI and IOMMU. The firmware indicates that DMA protection is active, but it fails to correctly initialize the IOMMU, allowing a malicious PCIe device with physical access to read or modify system memory before the operating system's defenses load. This exposes sensitive data and enables pre-boot code injection on affected systems running unpatched firmware. Modern systems rely on UEFI firmware and the Input-Output Memory Management Unit to establish a secure foundation before the operating system loads. The UEFI initializes hardware and enforces early security policies while the IOMMU restricts peripheral devices from performing unauthorized memory accesses. A vulnerability discovered in certain UEFI implementations arises from a discrepancy between reported and actual DMA protection, allowing a malicious DMA-capable PCIe device to read or modify system memory before operating system-level safeguards are established. Vendors whose products are affected have begun releasing firmware updates to correct the IOMMU initialization sequence and properly enforce DMA protections throughout boot. Users and administrators should apply these updates as soon as they become available to ensure their systems are not exposed to this class of pre-boot DMA attacks. The flaw highlights the importance of ensuring correct firmware configuration even on systems not typically used in data centers, and prompt patching is especially important in environments where physical access cannot be fully controlled. By applying the latest firmware updates, users and administrators can restore proper DMA protections during early boot and reduce exposure to pre-boot DMA attacks.

Vulnerabilities have been identified in Siemens Gridscale X Prepay, a scalable energy management solution, that allow unauthenticated username enumeration and account lock bypass. These issues may permit unauthorized access or prolonged access to protected resources, even after an account has been administratively locked. The vulnerabilities increase the risk of unauthorized actions, data exposure, or misuse of sensitive organizational resources. An attacker can determine the validity of usernames by a response code, allowing them to identify valid accounts before attempting further compromise. This exposure can facilitate targeted attacks and is particularly concerning when the attacker is a former employee or insider. An attacker can also bypass the intended account lock protection by replaying or modifying previously captured valid responses. The issue appears related to session tokens that remain valid after logout or after an administrative account lock. Siemens has released a new version of the Gridscale X Prepay and recommends installing the provided security update for version 4.2.1 and below. To mitigate the vulnerabilities, it is also recommended to protect network access with suitable controls such as firewalls, network segmentation, and VPNs, and to configure systems in accordance with Siemens' operational guidelines. The complete impact of this vulnerability is not yet known, and users are advised to follow the recommended security practices to ensure the secure operation of the Gridscale X Prepay system.

TOTOLINK AX1800 routers are vulnerable due to a lack of authentication in the telnet endpoint. This vulnerability, CVE-2025-13184, allows arbitrary command execution. An unauthenticated HTTP request can enable telnet access, leading to remote code execution. Attackers could gain root-level privileges, affecting configuration and file systems. This allows modification of DNS routing and interception of traffic on the local network. WAN access is also possible if the router management is externally reachable. Currently, there is no practical solution besides a firmware update. Mitigation involves restricting access to the web management interface and treating the router as untrusted. Blocking or monitoring unexpected telnet traffic on the device is also recommended. The CERT/CC documents this vulnerability and thanks the reporter.

PCIe IDE, a security feature in the PCIe 6.0 standard, aims to encrypt and protect data transmitted over PCIe links. Three vulnerabilities were discovered that could allow attackers to manipulate data on the protected links. These vulnerabilities, affecting data integrity, could lead to a receiver processing stale or corrupted data. An attacker with local access could exploit these issues by crafting specific PCIe traffic. The PCI-SIG issued an Engineering Change Notice to address these vulnerabilities in upcoming and current PCIe versions. The changes involve enhancing the IDE implementation to prevent data manipulation. Hardware and firmware updates are necessary to correct these issues and ensure compliance. System and component suppliers are expected to release these vital firmware updates. End-users need to apply these updates to secure their systems. These vulnerabilities have been properly disclosed and were addressed through cooperative efforts. Implementing these updates is crucial, particularly in systems where IDE protects crucial data.

Duc, an open-source disk management tool, has a buffer overflow vulnerability. This vulnerability, identified as CVE-2025-13654, allows for out-of-bounds memory reads. Attackers can exploit this by providing malformed input to the tool. Such exploitation can lead to application crashes or the disclosure of sensitive memory contents. The vulnerability resides in the buffer_get function within the buffer.c file. It is caused by unsigned subtraction in a length check, leading to an oversized memcpy operation. Enterprises using Duc for disk indexing may face crashes or data exposure. The vulnerability has been patched in version 1.4.6 of Duc. Users are strongly advised to update to this latest version. All versions prior to 1.4.6 are vulnerable.