9293 matches found
SUSE CVE-2026-46152
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rxresult ieee80211invokefastrx is documented as safe for parallel RX, but its per-invocation rxresult is declared static. Concurrent callers then share one instance and can overwri...
EUVD-2026-32965
CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the runtests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user approval prompt. cargo test compiles and executes arbitrary code: test binaries, build.rs build...
CVE-2026-46152
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rxresult ieee80211invokefastrx is documented as safe for parallel RX, but its per-invocation rxresult is declared static. Concurrent callers then share one instance and can overwri...
UBUNTU-CVE-2026-46152
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rxresult ieee80211invokefastrx is documented as safe for parallel RX, but its per-invocation rxresult is declared static. Concurrent callers then share one instance and can overwri...
CVE-2026-46152 wifi: mac80211: drop stray 'static' from fast-RX rx_result
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rxresult ieee80211invokefastrx is documented as safe for parallel RX, but its per-invocation rxresult is declared static. Concurrent callers then share one instance and can overwri...
CVE-2026-46152
CVE-2026-46152 affects the Linux kernel’s wifi/mac80211 subsystem. The root cause is that ieee80211_invoke_fast_rx() uses a static per-invocation rx_result, causing concurrent callers to share a single instance and potentially overwrite results between ieee80211_rx_mesh_data() and the switch on r...
EUVD-2026-32779
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rxresult ieee80211invokefastrx is documented as safe for parallel RX, but its per-invocation rxresult is declared static. Concurrent callers then share one instance and can overwri...
CVE-2026-46152
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rxresult ieee80211invokefastrx is documented as safe for parallel RX, but its per-invocation rxresult is declared static. Concurrent callers then share one instance and can overwri...
Fedora 45 : dolphin-emu (2026-4a6b728056)
The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-4a6b728056 advisory. Automatic update for dolphin-emu-2503a-16.fc45. Changelog Wed May 27 2026 Jeremy Newton - 2503a-16 - Fix RHBZ2454084 Tenable has extracted the preceding...
Deno's TLS retry copies stale upgrade hook, risking plaintext traffic
Summary A flaw in Deno's Node.js tls compatibility layer could cause a TLS client to transmit application data in plaintext after a connection retry. When autoSelectFamily was enabled and the first address-family attempt failed, the socket reinitialization path reused a stale TLS upgrade hook tha...
CVE-2026-45881
In the Linux kernel, the following vulnerability has been resolved: soc: mediatek: svs: Fix memory leak in svsenabledebugwrite In svsenabledebugwrite, the buf allocated by memdupusernul is leaked if kstrtoint fails. Fix this by using freekfree to automatically free buf, eliminating the need for...
UBUNTU-CVE-2026-45925
In the Linux kernel, the following vulnerability has been resolved: thermal/of: Fix reference leak in thermalofcmlookup In thermalofcmlookup, trnp is obtained via ofparsephandle, but never released. Use the freedevicenode cleanup attribute to automatically release the node and fix the leak. rjw:...
EUVD-2026-32411
In the Linux kernel, the following vulnerability has been resolved: EDAC/versalnet: Fix devicenode leak in mcprobe ofparsephandle returns a devicenode reference that must be released with ofnodeput. The original code never freed r5corenode on any exit path, causing a memory leak. Fix this by usin...
CVE-2026-46030 EDAC/versalnet: Fix device_node leak in mc_probe()
In the Linux kernel, the following vulnerability has been resolved: EDAC/versalnet: Fix devicenode leak in mcprobe ofparsephandle returns a devicenode reference that must be released with ofnodeput. The original code never freed r5corenode on any exit path, causing a memory leak. Fix this by usin...
CVE-2026-8994
The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The ajaxLoginWithNear function — registered as a wpajaxnopriv action and therefore reachable by unauthenticated users — accepts an attacker-supplied account POST parameter...
-GodSearch
GodSearch v20.0 — THE SOVEREIGN 💀 Universal Exploit Sear...
MAL-2026-4368 Malicious code in @beyondbday/vibe-terminal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9859c1af428f41ba7f7eb2a1db744705f5644ff2422629d94e3de1ecb59c9405 On every launch of the vibe CLI, dist/vibe.js queries the npm registry for the latest version of @beyondbday/vibe-terminal and, if newer than the...
Malicious code in @beyondbday/vibe-terminal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9859c1af428f41ba7f7eb2a1db744705f5644ff2422629d94e3de1ecb59c9405 On every launch of the vibe CLI, dist/vibe.js queries the npm registry for the latest version of @beyondbday/vibe-terminal and, if newer than the...
Malicious code in aes-decode-runner-pro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a84e76208311859e852fea114c26e1eff1202eeff9a463707c5ae0deec68725c aes-decode-runner-pro ships an opaque 326-byte AES-GCM ciphertext DEFAULTFINALENCODEDTEXT in src/config/defaults.js along with a hardcoded passphrase...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a remote code execution backdoor and an advanced credential stealer. A malicious actor exploited remapped historical tags to commit malicious commits, retroactively compromising over 700 versions of...