CVE-2026-8070

Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and write access to physical memory.Refer to the ' Security Update for Armoury Crate App ' section on the ASUS Security...

PT-2026-44001

Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when API TOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS allow origins="...

Astra Linux - уязвимость в ntfs-3g

The file handle created in fuselibopendir, and later used in fuselibreaddir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite...

Linux Distros Unpatched Vulnerability : CVE-2026-34159

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserializetensor skips all bounds validation when a tensor'...

Absolute Secure Access 缓冲区错误漏洞

Absolute Secure Access is an application developed by Absolute Corporation. It provides secure service edge SSE services optimized for mixed and mobile work environments. Versions of Absolute Secure Access prior to 14.50 contained a buffer error vulnerability. This vulnerability could lead to...

MyPortIO-Exploit

MyPortIO-Exploit Local privilege escalation via arbitrary phy...

CVE-2026-34159

llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserializetensor skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPHCOMPUTE messages. Combined...

CVE-2026-34159 llama.cpp: Unauthenticated RCE via GRAPH_COMPUTE buffer=0 bypass in llama.cpp RPC backend

llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserializetensor skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPHCOMPUTE messages. Combined...

CVE-2026-34159

The CVE-2026-34159 entry for llama.cpp describes an unauthenticated RCE via the RPC backend: prior to v.b8492, deserialize_tensor() omits bounds validation when tensor.buffer == 0, enabling an attacker to read/write arbitrary process memory through crafted GRAPH_COMPUTE messages. Combined with AL...

PT-2026-29570

Name of the Vulnerable Software and Affected Versions llama.cpp versions prior to b8492 Description A logic bug in the RPC backend's deserialize tensor function allows an unauthenticated attacker to read and write arbitrary process memory. This occurs because bounds validation is skipped when a...

CVE-2026-3437

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Portwell Engineering Toolkits version 4.8.2 could allow a local authenticated attacker to read and write to arbitrary memory via the Portwell Engineering Toolkits driver. Successful exploitation of this...

Portwell Engineering Toolkits 缓冲区错误漏洞

Portwell Engineering Toolkits is a software development and management toolkit developed by Portwell Company in Singapore. Version 4.8.2 of Portwell Engineering Toolkits contains a buffer error vulnerability. This vulnerability stems from improper restrictions on memory buffer operations, which m...

KLA90899 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities: 1. Out of bounds memory read vulnerability in Media can be exploited to cause denial of service. 2. Out of bounds memory...

CVE-2026-23763

VB-Audio Matrix and Matrix Coconut versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively, contain a local privilege escalation vulnerability in the VBMatrix VAIO virtual audio driver vbmatrixvaio64win10.sys. The driver allocates a 128-byte non-paged pool buffer and, upon receiving IOCT...

MiracleLinux 9 : dpdk-21.11.2-1.el9 (AXSA:2023-5000:03)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5000:03 advisory. dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs CVE-2022-2132 DPDK: out-of-bounds read/write in...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001340)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001340 advisory. An issue was discovered in Linux: KVM through Improper handling of VMIO|VMPFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still...

MiracleLinux 7 : httpd-2.4.6-99.1.0.8.el7.AXS7 (AXSA:2025-10561:05)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10561:05 advisory. CVE-2020-35452: modauthdigest: Fix single zero byte stack overflow CVE-2006-20001: moddav: out-of-bounds read/write CVEs: CVE-2020-35452 Apache HTT...

PT-2026-1082

Name of the Vulnerable Software and Affected Versions QNAP versions prior to QTS 5.2.7.3256 build 20250913 QNAP versions prior to QuTS hero h5.2.7.3256 build 20250913 QNAP versions prior to QuTS hero h5.3.1.3250 build 20250912 Description A use of externally-controlled format string vulnerability...

CVE-2025-14303

MSI MSI motherboards (Intel 600/700 series chipsets) are affected by CVE-2025-14303, a protection mechanism failure where IOMMU is not correctly initialized during early boot. This allows a DMA-capable PCIe device with physical access to read or modify arbitrary memory before the OS kernel and se...

ASRock Motherboards 安全漏洞

ASRock Motherboards is a series of motherboards from ASRock Taiwan, China. A security vulnerability exists in ASRock Motherboards, which stems from IOMMU not being properly enabled, which could allow an unauthenticated physical attacker to read or write arbitrary physical memory before the...