RLSA-2026:22141 Moderate: go-fdo-client and go-fdo-server security update

This package provides a server-side implementation of the FIDO Device Onboard FDO specification, written in Go. FDO is an open standard for the late binding of device credentials, allowing for automated and secure on-boarding of devices when they are first powered on in their final location...

EUVD-2026-23630

NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 12 JumpToUser accepts an arbitrary entry point address from user-space registers without validation, allowing any Ring 3 user-mode process to jump to kernel addresses and execute...

CVE-2025-15061

CVE-2025-15061 affects Framelink Figma MCP Server. The flaw is in the fetchWithRetry method, where a user-supplied string is not properly validated before being used in a system call, enabling remote command execution with the service account’s privileges. Attack requires network access and no au...

CVE-2021-27256

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...

CVE-2020-17406

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the ping parameter provided to tools.sh. The issu...

EUVD-2020-7417

Malware in sbrugna...

EUVD-2020-7597

Malware in sbrugna...

EUVD-2007-4287

Malware in sbrugna...

EUVD-2004-0135

Malware in sbrugna...

EUVD-2020-7602

Malware in sbrugna...

EUVD-2020-7425

Malware in sbrugna...

EUVD-2022-49985

Malicious code in bioql PyPI...

EUVD-2023-36421

Malicious code in bioql PyPI...

EUVD-2023-57685

Malicious code in bioql PyPI...

EUVD-2022-46650

Malicious code in bioql PyPI...

CVE-2025-8650

Kenwood DMX958XR libSystemLib Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific...

(0Day) (Pwn2Own) Kenwood DMX958XR libSystemLib Command Injection Remote Code Execution Vulnerability

This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of...

CVE-2020-15610

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxphppecl.php. When parsing the modulo parameter, the process does...

CVE-2020-15424

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmodsecurity.php. When parsing the domain parameter, the process...

CVE-2020-11284

Locked memory can be unlocked and modified by non secure boot loader through improper system call sequence making the memory region untrusted source of input for secure boot loader in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructur...