BIT-NODE-2025-55131

A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other TypedArray instances like Uint8Array may contain leftover...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: CVE-2025-38321: smb: Log an error when closeallcacheddirs fails bsc1246328. CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd bsc1249256. CVE-2025-39890:...

vm2 security vulnerabilities

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.10.2 have security vulnerabilities; these vulnerabilities stem from Promise callback cleanup mechanisms...

PT-2026-4835

Name of the Vulnerable Software and Affected Versions D-Link DIR-615 versions up to 4.10 Description A flaw exists in the Web Management Interface component of D-Link DIR-615. Specifically, a manipulation of the ipaddr argument in the /wiz policy 3 machine.php file can lead to os command injectio...

PT-2026-4821

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.10.2 Description vm2 is a Node.js library used to create sandboxed environments for executing untrusted code. A flaw exists in versions prior to 3.10.2 where the sanitization of Promise.prototype.then and...

Benchmarking Machine Learning Models for IoT Malware Detection under Data Scarcity and Drift

The rapid expansion of the Internet of Things IoT in domains such as smart cities, transportation, and industrial systems has heightened the urgency of addressing their security vulnerabilities. IoT devices often operate under limited computational resources, lack robust physical safeguards, and...

PT-2026-4806

Name of the Vulnerable Software and Affected Versions kubevirt affected versions not specified Description A flaw exists in kubevirt where a user inside a virtual machine VM, with an active guest agent, can trigger a denial of service. By reporting an excessive number of network interfaces, the...

CVE-2025-71155

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: Fix gmaphelperzaponepage again A few checks were missing in gmaphelperzaponepage, which can lead to memory corruption in the guest under specific circumstances. Add the missing checks...

SUSE-SU-2026:0238-1 Security update for dpdk

This update for dpdk fixes the following issues: Update to version 24.11.4: - CVE-2025-23259: Fixed an attacker on a VM in the system can cause information disclosure and denial of service bsc1254161. Changelog: https://doc.dpdk.org/guides-24.11/relnotes/release2411.htmlid10...

SUSE-SU-2026:0213-1 Security update for ovmf

This update for ovmf fixes the following issues: - CVE-2022-36765: Fixed integer overflow to buffer overflow via local network vulnerability bsc1218680...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37936)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37936 advisory. - In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: KVM: Mask PEBSENABLE...

Azure Linux 3.0 Security Update: kernel (CVE-2025-23161)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23161 advisory. - In the Linux kernel, the following vulnerability has been resolved: PCI: vmd: Make vmddev::cfglock a...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21839)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21839 advisory. - In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Load DR6 with guest value only...

CVE-2026-23873 HUSTOJ is Vulnerable to Stored CSV Injection (Formula Injection) in Contest Rank Export

hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. All versions are vulnerable to CSV Injection Formula Injection through the contest rank export functionality contestrank.xls.php and admin/ranklistexport.php. The application fails to sanitize...

RUSTSEC-2026-0004 Triton VM Soundness Vulnerability due to Improper Sampling of Randomness

In affected versions of Triton VM, the verifier failed to correctly sample randomness in the FRI sub-protocol. Malicious provers can exploit this to craft proofs for arbitrary statements that this verifier accepts as valid, undermining soundness. Protocols that rely on proofs and the supplied...

EUVD-2026-3537

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.29 and 21.3-21.20. Easily exploitable vulnerability allows high privileged attacker having Authenticated User privilege with network access via Oracle Net to compromise Java VM...

CVE-2026-21975

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.29 and 21.3-21.20. Easily exploitable vulnerability allows high privileged attacker having Authenticated User privilege with network access via Oracle Net to compromise Java VM...

CVE-2025-55131

A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other TypedArray instances like Uint8Array may contain leftover...

CVE-2025-55131

CVE-2025-55131 relates to Node.js buffer allocation in the vm module with timeout, which can expose uninitialized memory in buffers (Buffer.alloc and Uint8Array) under specific timing. Connected advisories confirm the issue affects multiple Node.js packages across distributions (examples: nodejs1...

open-vm-tools: Insecure file handling

A vulnerability was found in open-vm-tools. A malicious actor with non-administrative privileges on a guest virtual machine VM may tamper with the local files to trigger insecure file operations within that VM...