Interpretation Conflict

Overview Affected versions of this package are vulnerable to Interpretation Conflict in the JSON-RPC and MCP protocol message parsing. An attacker can bypass intermediary inspection or cause cross-implementation inconsistencies by sending protocol messages with non-standard field casing or Unicod...

CVE-2023-31364

Improper handling of direct memory writes in the input-output memory management unit could allow a malicious guest virtual machine VM to flood a host with writes, potentially causing a fatal machine check error resulting in denial of service...

CVE-2023-31364

CVE-2023-31364 involves improper handling of direct memory writes in the IOMMU. A malicious guest VM could flood the host with writes, potentially triggering a fatal machine check error (MCE) and denial of service. Connected details indicate an AMD-specific risk vector where guest VMs may flood t...

CVE-2023-31364

Improper handling of direct memory writes in the input-output memory management unit could allow a malicious guest virtual machine VM to flood a host with writes, potentially causing a fatal machine check error resulting in denial of service...

EUVD-2023-35675

Improper handling of direct memory writes in the input-output memory management unit could allow a malicious guest virtual machine VM to flood a host with writes, potentially causing a fatal machine check error resulting in denial of service...

CVE-2023-31364

Improper handling of direct memory writes in the input-output memory management unit could allow a malicious guest virtual machine VM to flood a host with writes, potentially causing a fatal machine check error resulting in denial of service...

CVE-2023-31364

Improper handling of direct memory writes in the input-output memory management unit could allow a malicious guest virtual machine VM to flood a host with writes, potentially causing a fatal machine check error resulting in denial of service...

curl: Curl Telnet Handler Buffer Overflow

Summary: I found a buffer overflow in curl's telnet protocol handler that allows remote memory corruption without authentication. The bug is in the CURLSBACCUM macro in lib/telnet.c line 69, where the bounds check lets you write one byte past the end of a 512-byte buffer. When curl receives 512+...

CVE-2026-27597

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possible to escape the security boundraries set by @enclave-vm/core, which can be used to achieve remote code execution RCE. The issue has been fixed in version 2.11.1...

PT-2026-22189

Name of the Vulnerable Software and Affected Versions versions affected versions not specified Description A flaw exists due to improper handling of direct memory writes in the input-output memory management unit. A malicious guest virtual machine VM could potentially overwhelm the host with writ...

DRUPAL-CONTRIB-2026-012

This module allows site builders to create so-called "theme\rule" config entities. These theme rules can render pages with different themes than the default when certain conditions match. The module uses simple GET request to disable or enable theme rules, which allows attackers to disable or...

@enclave-vm/broker (>=2.10.0 <=2.10.1), @enclave-vm/core (>=2.10.0 <=2.10.1) +1 more potentially affected by CVE-2026-27597 via @enclave-vm/ast (>=2.10.0 <=2.10.1)

@enclave-vm/ast NPM version =2.10.0, =2.10.0, =2.10.0, =2.10.0, =2.10.1 Source cves: CVE-2026-27597 Source advisory: SNYK:JS-ENCLAVEVMAST-15366962...

Theme Negotiation by Rules - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-012

This module allows site builders to create so-called "themerule" config entities. These theme rules can render pages with different themes than the default when certain conditions match. The module uses simple GET request to disable or enable theme rules, which allows attackers to disable or enab...

PT-2026-22083

Name of the Vulnerable Software and Affected Versions Drupal Theme Negotiation by Rules versions prior to 1.2.1 Description A Cross-Site Request Forgery CSRF issue exists in the Theme Negotiation by Rules module. The module allows site builders to create “theme rule” config entities to render pag...

ai-security-toolkit

...

AMD Guest Initiated Machine Check Errors - Lenovo Support US

No description provided...

MAL-2026-1020 Malicious code in @ai-studio-web/app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a29e5e23697b695bdd456d100ba49a1ef5c6f4450b46672dedcd164a073e8eb The package @ai-studio-web/app was found to contain malicious code. Source: ghsa-malware...

Security Bulletin: Multiple Vulnerabilities of IBM Java SDK affect Linux KVM Agent from IBM Tivoli Monitoring for Virtual Environments

Summary IBM java SDK is used by Linux KVM Agent from IBM Tivoli Monitoring for Virtual Environments. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows an remote attacker to cause a...

CVE-2026-2664

An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by writing to /proc/docker entries. The issue has been fixed in Docker Desktop...

CVE-2026-2664

Summary: CVE-2026-2664 is an out-of-bounds read in the grpcfuse kernel module used by Docker Desktop’s Linux VM on Windows, Linux, and macOS. Affected: Docker Desktop versions up to 4.61.0. Attack vector: local attacker could exploit by writing to /proc/docker entries, with impact described as un...