252142 matches found
PT-2026-43856
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A use-after-free issue exists in the testdrv probe function. The function retrieves the device node from the PCI device,...
Budibase 安全漏洞
Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.39.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of the raw...
CVE-2026-46020
mm/damon/core: validate damosquotagoal-nid for nodememused,freebp...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the qtrr server does not limit the number of nodes. This could allow malicious...
PT-2026-43870
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description The nameserver in the Qualcomm Router qrtr network subsystem does not limit the number of nodes it handles. A malicious clie...
PT-2026-43905
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A memory leak occurs in the QualComm Rapid Transport QRTR nameserver. When a node sends a BYE packet indicating it is going...
FUXA Vulnerable to Pre-auth RCE via Path Manipulation & Configuration Injection
Pre-auth RCE in FUXA via Logic Bypass Summary A Critical vulnerability chain exists in FUXA v.1.3.0-2706 that allows an unauthenticated remote attacker to achieve Full Remote Code Execution RCE as root. The exploit succeeds even when the platform is configured in its most secure state Secure Mode...
GHSA-P69W-MMFV-XRFJ FUXA Vulnerable to Pre-auth RCE via Path Manipulation & Configuration Injection
Pre-auth RCE in FUXA via Logic Bypass Summary A Critical vulnerability chain exists in FUXA v.1.3.0-2706 that allows an unauthenticated remote attacker to achieve Full Remote Code Execution RCE as root. The exploit succeeds even when the platform is configured in its most secure state Secure Mode...
Malicious Package
Overview mouse5212-super-formatter is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
MAL-2026-4826 Malicious code in wm-mapper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 380f281f71ec04bc9867a9b12d46852936494de6d2be3df55b1422bde2f5f01d [email protected] is an empty stub index.js is 35 bytes exporting , no description, no author published at an artificially high version 99.9.1...
Malicious code in wm-mapper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 380f281f71ec04bc9867a9b12d46852936494de6d2be3df55b1422bde2f5f01d [email protected] is an empty stub index.js is 35 bytes exporting , no description, no author published at an artificially high version 99.9.1...
CVE-2026-41164 nuts-node: JWT type confusion in v1 access token introspection allows VP replay as access token
nuts-node is the reference implementation of the Nuts specification. Prior to 6.2.3 and 5.4.31, the v1 access token introspection endpoint /auth/v1/introspectaccesstoken accepts any JWT signed by a key present on the node, without validating the JWT type, issuer-to-key binding, or required claims...
CVE-2026-41164 nuts-node: JWT type confusion in v1 access token introspection allows VP replay as access token
nuts-node is the reference implementation of the Nuts specification. Prior to 6.2.3 and 5.4.31, the v1 access token introspection endpoint /auth/v1/introspectaccesstoken accepts any JWT signed by a key present on the node, without validating the JWT type, issuer-to-key binding, or required claims...
EUVD-2026-31940
nuts-node is the reference implementation of the Nuts specification. Prior to 6.2.3 and 5.4.31, the v1 access token introspection endpoint /auth/v1/introspectaccesstoken accepts any JWT signed by a key present on the node, without validating the JWT type, issuer-to-key binding, or required claims...
CVE-2026-41164
nuts-node is the reference implementation of the Nuts specification. Prior to 6.2.3 and 5.4.31, the v1 access token introspection endpoint /auth/v1/introspectaccesstoken accepts any JWT signed by a key present on the node, without validating the JWT type, issuer-to-key binding, or required claims...
CVE-2026-41164
The CVE concerns nuts-node, the reference implementation of the Nuts spec. Prior to versions 6.2.3 (and 5.4.31 for the 5.x branch), the v1 access token introspection endpoint (/auth/v1/introspect_access_token) validates only standard JWTs, and does not enforce Nuts-specific checks such as JWT typ...
Malicious code in chainix (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93d9609d2eac0c0ff33aed557171138930255798aa649fa648b04814c8cb1908 Package presents itself as a pino-compatible logger README badges link to pinojs/pino, exports alias module.exports.pino = middleware but its exporte...
Security update for kubevirt
This update for kubevirt fixes the following issue: CVE-2026-7374: Fixed privilege escalation and node compromise via symlink following vulnerability bsc1265467 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2026:2077-1 Security update for kubevirt
This update for kubevirt fixes the following issue: CVE-2026-7374: Fixed privilege escalation and node compromise via symlink following vulnerability bsc1265467...
CVE-2026-7374 Kubevirt: kubevirt virt-handler: privilege escalation and node compromise via symlink following vulnerability
A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to...