CVE-2024-53326

LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LINQPad.AutoRefManager::PopulateFromCache, leading to code execution...

GHSA-PJ6Q-4VQ4-R8CG Ech0 allows PUT /api/echo/like/:id unauthenticated: anonymous callers to modify any echo's fav_count

Summary PUT /api/echo/like/:id at internal/router/echo.go:12 is registered on PublicRouterGroup with no authentication and no rate limit. Anonymous callers increment the favcount counter on any echo including private echoes by UUID, repeat the request without deduplication, and trigger a database...

Ech0 allows PUT /api/echo/like/:id unauthenticated: anonymous callers to modify any echo's fav_count

Summary PUT /api/echo/like/:id at internal/router/echo.go:12 is registered on PublicRouterGroup with no authentication and no rate limit. Anonymous callers increment the favcount counter on any echo including private echoes by UUID, repeat the request without deduplication, and trigger a database...

kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache

A flaw was found in the Linux kernel's NFSv4.0 server nfsd. A remote, unauthenticated attacker can exploit this heap overflow vulnerability in the NFSv4.0 LOCK replay cache. By using two cooperating NFSv4.0 clients, where one sets a lock with a large owner string and another requests a conflictin...

dirtyfrag

Dirty Frag: Universal Linux LPE Abstract !tuxasse...

Important: Red Hat Security Advisory: Satellite 6.16.8 Async Update

An update is now available for Red Hat Satellite 6.16 for RHEL 8 and RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache

A flaw was found in the Linux kernel's NFSv4.0 server nfsd. A remote, unauthenticated attacker can exploit this heap overflow vulnerability in the NFSv4.0 LOCK replay cache. By using two cooperating NFSv4.0 clients, where one sets a lock with a large owner string and another requests a conflictin...

GHSA-GR3R-CRP5-QRRM Compromised tag of intercom-php published via GitHub

Impact On April 30, 2026, a malicious commit was pushed to the intercom/intercom-php repository and tagged as version 5.0.2, using a compromised service account github-management-service. This occurred as part of the same supply chain attack that affected intercom-client on npm. The malicious...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 "Copy Fail" — Technical Deep Dive Severity:...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

Copy Fail 2 — Electric Boogaloo Unprivileged local privilege...

Security Bulletin: IBM Maximo Scheduler Optimizer uses flask-3.1.2-py3-none-any.whl which is vulnerable to CVE-2026-27205

Summary IBM Maximo Scheduler Optimizer uses flask-3.1.2-py3-none-any.whl which is vulnerable to CVE-2026-27205. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-27205 DESCRIPTION: Flask is a web server gateway interface WSGI web...

Chromium: CVE-2026-7944 Insufficient validation of untrusted input in Persistent Cache

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Insecure Deserialization

pdfminer.six vulnerable to insecure deserialization. The vulnerability is due to the unsafe use of Python pickle for deserializing CMap cache files without proper validation, which allows an attacker to place a malicious pickle file in an accessible location and execute arbitrary code or escalate...

curl: Shared HSTS cache accessed without lock

This is finding F5 in Andrew's report https://github.com/curl/curl/blob/455bebc2c7/lib/hsts.cL160-L168 https://github.com/curl/curl/blob/455bebc2c7/lib/http.cL3571 https://github.com/curl/curl/blob/455bebc2c7/lib/url.cL1441 https://github.com/curl/curl/blob/455bebc2c7/lib/url.cL265...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

Vulnerability Overview | Item | Content...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

Copy-fail-CVE-2026-31431-Exploit-in-C Discovery and original d...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 — Live Code Corruption via Page Cache A novel...

GHSA-258C-965C-P3HC Daptin's Session Management Vulnerability Leads to Insufficient Session Expiration After Password Change

Summary A session invalidation vulnerability exists in daptin's authentication system where JSON Web Tokens JWTs remain fully valid after a user changes their password. The JWT validation middleware CheckJWT only verifies token signature, expiry, issuer, and signing algorithm — it does not check...

GHSA-M38G-VWW2-MVGX Talos Linux has a local privilege escalation from untrusted workloads

Summary A vulnerability in the Linux kernel's algifaead subsystem CVE-2026-31431, "copy.fail" allows an unprivileged container workload to corrupt arbitrary file page-cache pages via the AFALG crypto interface and splice. On Talos Linux, this vulnerability can be chained into a complete node...

Null Byte Interaction Error (Poison Null Byte)

Overview Affected versions of this package are vulnerable to Null Byte Interaction Error Poison Null Byte due to inadequate validation of domain name labels and lengths in the encodeDomainName and decodeDomainName components. An attacker can cause DNS cache poisoning, bypass domain validation, or...