CVE-2026-2657

A vulnerability has been found in wren-lang wren up to 0.4.0. This impacts the function printError of the file src/vm/wrencompiler.c of the component Error Message Handler. Such manipulation leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclos...

PT-2026-20475

A vulnerability has been found in wren-lang wren up to 0.4.0. This impacts the function printError of the file src/vm/wren compiler.c of the component Error Message Handler. Such manipulation leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an alignment error in the virtnetinfo structure. This error may lead to memory access errors and...

ca.dataedu:savro_2.12 (>=0.9.1 <=0.12.1), ca.dataedu:savro_2.13 (>=0.9.1 <=0.12.1) +94 more potentially affected by CVE-2025-33042 via org.apache.avro:avro-compiler (>=1.10.0 <=1.11.4)

org.apache.avro:avro-compiler MAVEN version =1.10.0, =0.9.1, =0.9.1, =1.0.0, =1.0.0, =0.0.8, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =3.4.3, =3.4.4 - com.github.thake.avro4k:avro4k-maven-plugin =0.5.0 and more Source cves: CVE-2025-33042 Source advisory: OSV:GHSA-RP46-R563-JRC7...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the SpecificCompiler class, when handling untrusted Avro schemas. An attacker can execute code by supplying a malicious schema with commands injected in doc comment values, which can be executed during...

ca.dataedu:savro_2.12 (>=0.9.1 <=0.12.1), ca.dataedu:savro_2.13 (>=0.9.1 <=0.12.1) +94 more potentially affected by CVE-2025-33042 via org.apache.avro:avro-compiler (>=1.10.0 <=1.11.4)

org.apache.avro:avro-compiler MAVEN version =1.10.0, =0.9.1, =0.9.1, =1.0.0, =1.0.0, =0.0.8, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =3.4.3, =3.4.4 - com.github.thake.avro4k:avro4k-maven-plugin =0.5.0 and more Source cves: CVE-2025-33042 Source advisory: SNYK:JAVA-ORGAPACHEAVRO-15282783...

Verifiable Provenance of Software Artifacts with Zero-Knowledge Compilation

Verifying that a compiled binary originates from its claimed source code is a fundamental security requirement, called source code provenance. Achieving verifiable source code provenance in practice remains challenging. The most popular technique, called reproducible builds, requires difficult...

[SECURITY] Fedora 42 Update: rust-sccache-0.12.0-3.fc42

Sccache is a ccache-like tool. It is used as a compiler wrapper and avoids compilation when possible. Sccache has the capability to utilize caching in remote storage environments, including various cloud storage options, or alternatively, in local storage...

[SECURITY] Fedora 43 Update: rust-sccache-0.13.0-3.fc43

Sccache is a ccache-like tool. It is used as a compiler wrapper and avoids compilation when possible. Sccache has the capability to utilize caching in remote storage environments, including various cloud storage options, or alternatively, in local storage...

Google Go Code Execution Vulnerability

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A code execution vulnerability exists in Google Go due to unsafe handling of compiler flags in CgoPkgConfig. An attacker can exploit the vulnerability to execute arbitrary code on...

ROS-20260203-73-0032

A vulnerability in the bpfjitcomp.c component of the Linux operating system kernel is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Rust and Go Directed Fuzzing with LibAFL-DiFuzz

In modern SSDLC, program analysis and automated testing are essential for minimizing vulnerabilities before software release, with fuzzing being a fast and widely used dynamic testing method. However, traditional coverage-guided fuzzing may be less effective in specific tasks like verifying stati...

ROS-20260129-73-0054

A vulnerability in the JIT compiler of Mozilla Firefox, Firefox ESR and Thunderbird email client is related to incorrect code generation control. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality, integrity and availability of protected information...

Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A code execution vulnerability exists in Google Go due to unsafe handling of compiler flags in CgoPkgConfig. An attacker can exploit the vulnerability to execute arbitrary code on...

gcc-toolset-15-binutils security update

2.44-3.1 - Fix a potential illegal memory access when linking a corrupt input file. RHEL-130674...

CVE-2025-13952

A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the...

CVE-2025-13952

A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the...

CVE-2025-13952

A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the...

CVE-2025-13952

CVE-2025-13952 involves the GPU shader compiler library: loading a web page containing unusual GPU shader code can trigger a write-use-after-free crash in the GPU shader compiler, via a path that retains a freed memory pointer. Affected component is the GPU shader compiler library; specific produ...

CVE-2025-13952 GPU DDK - libusc UAF via WebGPU shaders at MergeConsecutiveBarriersBP

A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the...