9804 matches found
CVE-2026-55699
A flaw was found in pnpm, a package manager. When a malicious package with specially crafted manifest bin object keys such as "." or ".." is installed globally, subsequent package management operations like removal, update, or replacement could lead to the deletion of critical directories. This...
kernel: gfs2: Fix use-after-free in iomap inline data write path
A flaw was found in the Linux kernel's GFS2 filesystem. This memory corruption vulnerability, a use-after-free, occurs in the iomap inline data write path. The issue arises because a data buffer is released prematurely while still being referenced, leading to a write to freed memory. This could...
golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses
A flaw was found in golang.org/x/crypto/ssh. A remote malicious SSH peer can exploit this by sending unsolicited global request responses, which fills an internal buffer and blocks the connection's read loop. This prevents the associated resources from being released, leading to a resource leak p...
EUVD-2026-41801
A flaw has been found in GPAC 26.02.0. This affects the function nhmldumpsendframe of the file src/filters/writenhml.c of the component Media File Handler. Executing a manipulation can lead to null pointer dereference. The attack requires local access. The exploit has been published and may be...
MAL-2026-6728 Malicious code in dt-validator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0dd6dc392ad68861c938e7798773adf5359c835743e711a834d84221b481bdf The package's top-level public API dtvalidator.validate — colocated in all with legitimate helpers validateextension, validatesize, and...
FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations
The recently discovered financially-motivated FortiBleed campaign has been attributed to INC and Lynx ransomware operations, indicating that the verified, stolen credentials were intended for follow-on intrusions. "An operator tied to FortiBleed's infrastructure was found actively working...
CVE-2026-11781 Adminify < 4.2.10 - Contributor+ Sensitive Information Disclosure via Global Search AJAX
The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration search features, allowing users with a low-privilege role Contributor to disclose non-public content that WordPress would not otherwise expose to them,...
CVE-2026-11781
The CVE-2026-11781 entry affects the Adminify WordPress plugin prior to version 4.2.10. The vulnerability arises because the plugin does not perform per-user read-capability checks on results returned by an administration search feature. As a result, users with a low-privilege role (Contributor) ...
lodash: prototype pollution in _.unset and _.omit functions
A flaw was found in Lodash. A prototype pollution vulnerability in the .unset and .omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service...
GHSA-223R-M7GH-JXWW vulnerabilities
Vulnerabilities for packages: chromium...
EUVD-2026-40988
In the Linux kernel, the following vulnerability has been resolved: arm64: errata: Mitigate TLBI errata on various Arm CPUs A number of CPUs developed by Arm suffer from errata whereby a broadcast TLBI;DSB sequence may complete before the global observation of writes which are translated by an...
CVE-2026-53354 arm64: errata: Mitigate TLBI errata on various Arm CPUs
In the Linux kernel, the following vulnerability has been resolved: arm64: errata: Mitigate TLBI errata on various Arm CPUs A number of CPUs developed by Arm suffer from errata whereby a broadcast TLBI;DSB sequence may complete before the global observation of writes which are translated by an...
EUVD-2026-40976
In the Linux kernel, the following vulnerability has been resolved: arm64: mm: call pagetable dtor when freeing hot-removed page tables Since 5e8eb9aeeda3 "arm64: mm: always call PTE/PMD ctor in createpgdmapping" page-table allocation on ARM64 always calls pagetablepte,pmd,pud,p4dctor. This sets...
CVE-2026-7840
CVE-2026-7840 (UltraVNC repeater) : A global buffer overflow in the embedded HTTP administration server affects UltraVNC repeater versions up to 1.8.2.2. The functions wi_senderr() and wi_replyhdr() copy the caller-supplied HTTP request URI into a fixed 1000-byte buffer (hdrbuf) using unchecked s...
CVE-2026-58447
Invidious through 2.20260626.0, fixed in commit 77ad416, contains a broken object level authorization vulnerability that allows authenticated attackers to delete videos from other users' playlists by supplying an arbitrary global video index in the removevideo action of the playlist endpoint...
kernel: gfs2: Fix use-after-free in iomap inline data write path
A flaw was found in the Linux kernel's GFS2 filesystem. This memory corruption vulnerability, a use-after-free, occurs in the iomap inline data write path. The issue arises because a data buffer is released prematurely while still being referenced, leading to a write to freed memory. This could...
mariadb: Arbitrary code execution via global system variable manipulation by a high-privileged user
A flaw was found in MariaDB server. A high-privileged MariaDB user could exploit this vulnerability by manipulating specific global system variables, namely wsrepsstreceiveaddress or wsrepsstdonor. This manipulation could allow the user to execute arbitrary shell commands as the user ID of the...
mariadb: Arbitrary code execution via global system variable manipulation by a high-privileged user
A flaw was found in MariaDB server. A high-privileged MariaDB user could exploit this vulnerability by manipulating specific global system variables, namely wsrepsstreceiveaddress or wsrepsstdonor. This manipulation could allow the user to execute arbitrary shell commands as the user ID of the...
lodash: prototype pollution in _.unset and _.omit functions
A flaw was found in Lodash. A prototype pollution vulnerability in the .unset and .omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service...
PT-2026-54008
Name of the Vulnerable Software and Affected Versions Picklescan versions prior to 0.0.25 Description Picklescan fails to detect unsafe global functions within the Numpy library, which allows attackers to bypass static analysis. This issue enables the execution of arbitrary code during...