2100 matches found
CVE-2026-59196
pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted lockfile alias could be joined directly under a hoisted nodemodules directory. Traversal aliases could escape that directory, while reserved aliases such as .bin or .pnpm could overwrite pnpm-owned layout. This vulnerability is fix...
CVE-2026-59196
pnpm is vulnerable prior to versions 10.34.4 and 11.7.0 due to a crafted lockfile alias that can be joined under a hoisted node_modules directory, enabling traversal aliases to escape the directory and reserved aliases like .bin or .pnpm to overwrite pnpm-owned layout. The fixed versions are 10.3...
SUSE CVE-2026-53338
In the Linux kernel, the following vulnerability has been resolved: net: airoha: Add NULL check for ofreservedmemlookup in airohaqdmainithfwdqueues ofreservedmemlookup may return NULL if the reserved memory region referenced by the "memory-region" phandle is not found in the reserved memory table...
PT-2026-55313
Name of the Vulnerable Software and Affected Versions fast-mcp-telegram versions prior to 0.19.1 Description fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. While the verifier rejects the exact reserved token telegram, it fails to reject pa...
Linux Distros Unpatched Vulnerability : CVE-2026-53338
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: airoha: Add NULL check for ofreservedmemlookup in airohaqdmainithfwdqueues ofreservedmemlookup may return NULL if the reserved memory region referenced by...
CVE-2026-53338
In the Linux kernel, the following vulnerability has been resolved: net: airoha: Add NULL check for ofreservedmemlookup in airohaqdmainithfwdqueues ofreservedmemlookup may return NULL if the reserved memory region referenced by the "memory-region" phandle is not found in the reserved memory table...
UBUNTU-CVE-2026-53338
In the Linux kernel, the following vulnerability has been resolved: net: airoha: Add NULL check for ofreservedmemlookup in airohaqdmainithfwdqueues ofreservedmemlookup may return NULL if the reserved memory region referenced by the "memory-region" phandle is not found in the reserved memory table...
CVE-2026-53338
CVE-2026-53338 concerns the Linux kernel where airoha_qdma_init_hfwd_queues() dereferences the return of of_reserved_mem_lookup() without ensuring it is non-NULL. The issue occurs when the reserved memory region referenced by the memory-region phandle is missing from the reserved-memory table, po...
CVE-2026-53338
In the Linux kernel, the following vulnerability has been resolved: net: airoha: Add NULL check for ofreservedmemlookup in airohaqdmainithfwdqueues ofreservedmemlookup may return NULL if the reserved memory region referenced by the "memory-region" phandle is not found in the reserved memory table...
EUVD-2026-40972
In the Linux kernel, the following vulnerability has been resolved: net: airoha: Add NULL check for ofreservedmemlookup in airohaqdmainithfwdqueues ofreservedmemlookup may return NULL if the reserved memory region referenced by the "memory-region" phandle is not found in the reserved memory table...
CVE-2026-53338
In the Linux kernel, the following vulnerability has been resolved: net: airoha: Add NULL check for ofreservedmemlookup in airohaqdmainithfwdqueues ofreservedmemlookup may return NULL if the reserved memory region referenced by the "memory-region" phandle is not found in the reserved memory table...
CVE-2026-53338 net: airoha: Add NULL check for of_reserved_mem_lookup() in airoha_qdma_init_hfwd_queues()
In the Linux kernel, the following vulnerability has been resolved: net: airoha: Add NULL check for ofreservedmemlookup in airohaqdmainithfwdqueues ofreservedmemlookup may return NULL if the reserved memory region referenced by the "memory-region" phandle is not found in the reserved memory table...
CVE-2026-53288
A flaw was found in the Linux kernel, affecting systems running on the arm64 architecture. This vulnerability occurs during the early kernel mapping process, where an insufficient number of pages are reserved for kernel segments. This can lead to an overflow of data into adjacent memory pages,...
GHSA-FR4H-3CPH-29XV pnpm: Hoisted install imports lockfile alias outside node_modules
Summary The hoisted dependency alias issue tracked as GHSA-fr4h-3cph-29xv / CAND-PNPM-059 has been addressed in both pnpm and pacquet. A crafted lockfile alias could be joined directly under a hoisted nodemodules directory. Traversal aliases could escape that directory, while reserved aliases suc...
DEBIAN-CVE-2026-53304
In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Resolve soft lockup issue when opening /dev/sgX The parameter defreservedsize defines the default buffer size reserved for each Sgfd and should be restricted to a range between 0 and 1,048,576 see...
CVE-2026-53304
In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Resolve soft lockup issue when opening /dev/sgX The parameter defreservedsize defines the default buffer size reserved for each Sgfd and should be restricted to a range between 0 and 1,048,576 see...
EUVD-2026-39839
In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Resolve soft lockup issue when opening /dev/sgX The parameter defreservedsize defines the default buffer size reserved for each Sgfd and should be restricted to a range between 0 and 1,048,576 see...
PT-2026-52943
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A soft lockup occurs when opening /dev/sgX due to improper validation of the def reserved size module parameter. While the sg proc write dressz function enforces a size limit between 0 a...
CVE-2026-55699
CVE-2026-55699 affects pnpm. Prior to versions 10.34.2 and 11.5.3, manifest bin object keys such as "", ".", and ".." could bypass the bin-name guard. In a scenario where a malicious global package is installed, downstream global remove/update/add-replacement flows could re-derive those names and...
CVE-2026-55699 pnpm: reserved bin name deletes PNPM_HOME during global remove
pnpm is a package manager. Prior to 10.34.2 and 11.5.3, Manifest bin object keys such as "", ".", and ".." passed pnpm's bin-name guard. When a malicious package was installed globally, later global remove, update, or add-replacement flows could re-derive those names from the installed manifest a...