webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper state management...

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash...

webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

kernel: Read root-owned files as an unprivileged user

A vulnerability was found in the Linux kernel that allows an unprivileged local user to read sensitive files normally restricted to the root user. The flaw occurs during process exit, where a brief window allows an attacker to intercept file access from a privileged process before it fully...

SUSE CVE-2026-8958

Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

Malicious code in @wengine-ai/claude-code-router-shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45e362000d036139e02a066a82ec157314a07796e0e855cdce184cc081ca4591 dist/index.js line 14 issues a fetch call to https://pub-0dc3e1677e894f07bbea11b17a29e032.r2.dev, an anonymous Cloudflare R2 bucket, and references...

MAL-2026-4443 Malicious code in @shinzepelly/libsignal-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 957954ced5e6fb2e8ab6a666adf496ca2edc7575a4e202b593d6698b5d89809f Package impersonates the legitimate libsignal-node library description copied verbatim: "Open Whisper Systems' libsignal for Node.js" under an...

Malicious code in @shinzepelly/libsignal-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 957954ced5e6fb2e8ab6a666adf496ca2edc7575a4e202b593d6698b5d89809f Package impersonates the legitimate libsignal-node library description copied verbatim: "Open Whisper Systems' libsignal for Node.js" under an...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021651)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021651 advisory. In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix a deadlock problem when config TC during resetting When config TC during the reset...

Rsync 安全漏洞

Rsync is a fast and versatile file copying tool developed by RsyncProject. It is used for both remote and local files. Versions of Rsync prior to 3.4.3 contained security vulnerabilities. These vulnerabilities stemmed from race conditions in the handling of daemon process files, where checks on...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021567)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021567 advisory. In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function When a reset notify IPC...

Unbreakable Enterprise kernel security update

5.4.17-2136.355.3.3 - ptrace: slightly saner 'getdumpable' logic Linus Torvalds Orabug: 39391459 CVE-2026-46333 5.4.17-2136.355.3.2 - scsi: target: iscsi: Fix use-after-free in iscsitdecsessionusagecount Maurizio Lombardi Orabug: 39368774 CVE-2026-23193 - scsi: target: iscsi: Fix use-after-free i...

dnsmasq: DHCPv6 CLID buffer overflow in helper process

A heap buffer overflow was discovered in dnsmasq's DHCP script helper process. When processing DHCPv6 client identifiers CLIDs, the helper hex-encodes the raw CLID bytes into a fixed-size buffer without length validation. Since DHCPv6 CLIDs can be up to 65,535 bytes, a crafted DHCPv6 packet can...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the overlay process. An attacker can cause a crash or potentially access sensitive memory contents by providing a crafted HEIF file that triggers incorrect indexing into the alpha buffer during image compositing...

Malicious code in clsx-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23e4e85f63d161234d84c774fdff696827934a27282be2ce9ff362a756246ee6 On npm install, dist/postinstall.js base64-decodes the URL https://api.npoint.io/984b75c022a70cf00c39, fetches JSON from this anonymous mutable...