CVE-2026-45976

CVE-2026-45976 affects the Linux kernel DRM/AMDGPU ras init path. The root cause is a memory leak: when amdgpu_nbio_ras_sw_init() fails inside amdgpu_ras_init(), the function returns without freeing the allocated con structure. The fix jumps to the release_con label to properly release the alloca...

Unity Linux 20.1070e Security Update: mojarra (UTSA-2026-016756)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016756 advisory. Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter. Tenable has extracted the...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

A data race flaw was discovered in the Linux kernel, between the allocation of the con variable and the setting of con-sock. This issue results in a NULL pointer dereferencing when accessing con-sock-sk in the net/tipc/topsrv.c file within the tipc protocol in the Linux kernel...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ARM: ep93xx: Added a terminator to gpiodlookuptable Without the terminator, if a conid is passed to gpiofind, and this conid does not exist in the lookup table, the function will not stop looping correctly. This could lead to a O...

Joy-Con Droid 安全漏洞

Joy-Con Droid is an open-source application developed by TeamJCD that transforms Android devices into game controllers. Versions of Joy-Con Droid prior to 1.0.93 contained security vulnerabilities, which were caused by path traversal attacks. These vulnerabilities could lead to issues with the...

PT-2026-2107

Name of the Vulnerable Software and Affected Versions Werkzeug versions prior to 3.1.5 Description Werkzeug’s safe join function improperly handles path segments containing Windows device names with file extensions or trailing spaces. Windows device names, such as CON and AUX, are implicitly...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000410)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000410 advisory. A flaw was found in Linux Kernel because access to the global variable fgconsole is not properly synchronized leading to a use after free in confontop. Tenable has...

Improper Handling of Windows Device Names

Overview Affected versions of this package are vulnerable to Improper Handling of Windows Device Names via the safejoin function. An attacker can cause the application to hang indefinitely by requesting a path ending with a Windows special device name, e.g. CON or NUL. Note: This is only vulnerab...

EUVD-2014-7233

Malware in sbrugna...

EUVD-2021-24584

Malware in sbrugna...

PT-2025-40377

Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description A cross-site scripting issue exists in AndSoft e-TMS version 25.03. This allows an attacker to execute JavaScript code in a victim’s browser by sending a malicious URL. The vulnerability is reflected...

UBUNTU-CVE-2025-39880

In the Linux kernel, the following vulnerability has been resolved: libceph: fix invalid accesses to cephconnectionv1info There is a place where generic code in messenger.c is reading and another place where it is writing to con-v1 union member without checking that the union member is active i.e...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to check if a con-v1 union member is active, which could lead to invalid access...

MAL-2025-42984 Malicious code in @zalastax/nolb-_con (npm)

The package @zalastax/nolb-con was found to contain malicious code...

Linux Distros Unpatched Vulnerability : CVE-2021-40540

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ulfiusurilogger in Ulfius HTTP Framework before 2.7.4 omits coninfo initialization and a coninfo-request NULL check for certain malformed HTTP requests...

Metasploit Weekly Wrap-Up 08/15/2025

Don’t forget to take the Metasploit User Engagement Survey! We had an awesome time at DEF CON and Black Hat with our very own zeroSteiner and jheysel-r7 presenting on five different occasions! We announced our user engagement survey there, and would love for all of you to participate until the en...

Linux Distros Unpatched Vulnerability : CVE-2020-25668

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Linux Kernel because access to the global variable fgconsole is not properly synchronized leading to a use after free in confontop...

The Booker Prize Longlist and Hacker Summer Camp

Welcome to this week's edition of the Threat Source newsletter. This week the Booker Prize Longlist was released and it featured several books I've read this year a couple that are on my TBR To Be Read, a couple that I had not heard of, and a couple that make me scratch my head and question why...

SUSE CVE-2025-27210

An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of path.join API...

CVE-2025-49489

Improper Resource Shutdown or Release vulnerability in ASR FalconLinux、Kestrel、LapwingLinux on Linux conmgr components allows Resource Leak Exposure. This vulnerability is associated with program files conmgr/dialertask.C. This issue affects FalconLinux、Kestrel、LapwingLinux: before v1536...