ROS-20260313-73-0011

A vulnerability in the vmcitransportpacket function of the Linux operating system kernel is related to errors in variable initialization. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

UBUNTU-CVE-2026-27940

llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the ggufinitfromfileimpl in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Using the subsequent fread writes 528+ bytes of attacker-controlled data past the buffer boundary. This is...

CVE-2026-27940

llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the ggufinitfromfileimpl in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Using the subsequent fread writes 528+ bytes of attacker-controlled data past the buffer boundary. This is...

EUVD-2026-7413

ImageMagick: Heap overflow in pcd decoder leads to out of bounds read...

SUSE CVE-2023-43637

Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the last 16 bytes predetermined to be "arfoobarfoobarfo". This issue happens because "deriveVaultKey" calls "retrieveCloudKey" which will always return "foobarfoobarfoobarfoobarfoobarfo...

UBUNTU-CVE-2026-3994

A vulnerability was detected in rui314 mold up to 2.40.4. This issue affects the function mold::ObjectFilemold::X8664::initializesections of the file src/input-files.cc of the component Object File Handler. Performing a manipulation results in heap-based buffer overflow. Attacking locally is a...

PT-2026-25036

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject dangerous JDBC properties, leading to remote code...

Oracle Linux 9 : gnutls (ELSA-2026-4188)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-4188 advisory. - Fix PKCS11 token initialization label overflow CVE-2025-9820 Tenable has extracted the preceding description block directly from the Oracle Linux...

gnutls security update

3.8.3-10fips - Add FIPS package change: add fips suffix to Release and set Epoch to 10 Orabug: 35925409 - Update FIPS module name for Oracle Linux Orabug: 35925409 3.8.3-10 - Fix PKCS11 token initialization label overflow CVE-2025-9820 - Fix name constraint processing performance issue...

EUVD-2026-11351

A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code...

CVE-2026-0940

A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code...

CVE-2026-0940

A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code...

CVE-2026-0940

CVE-2026-0940 concerns an improper initialization vulnerability in the BIOS of some ThinkPads. It could let a local privileged user modify data and execute arbitrary code. Affected software/hardware: ThinkPad BIOS firmware (on affected ThinkPad models). Root cause: improper initialization. Impact...

CVE-2026-0940

A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code...

CVE-2026-0940

A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code...

CVE-2026-30235

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, this vulnerability occurs due to improper validation of OpenProject’s Markdown rendering, specifically in the hyperlink handling. This allows an attacker to inject malicious hyperlink payloads that perform DOM...

CVE-2026-30235

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, this vulnerability occurs due to improper validation of OpenProject’s Markdown rendering, specifically in the hyperlink handling. This allows an attacker to inject malicious hyperlink payloads that perform DOM...

PT-2026-24830

CVE-2026-0940 A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitra… https://t.co/vBlwyEDw2P...

Lenovo ThinkPad 安全漏洞

Lenovo ThinkPad is a portable computer by Lenovo Corporation. The Lenovo ThinkPad has a security vulnerability, which stems from improper initialization issues in the BIOS of certain ThinkPads. This vulnerability may allow local privileged users to modify data and execute arbitrary code...

📄 Nginx UI 2.3.3 Unauthenticated Backup Disclosure / Decryption

This Python proof‑of‑concept demonstrates an unauthenticated information disclosure vulnerability in Nginx UI tracked as CVE-2026-27944. The vulnerability allows a remote attacker to access the /api/backup endpoint without authentication and retrieve a backup archive of the server configuration...