OpenTofu: Excessive resource usage in "tofu init" when installing dependencies from attacker-controlled server

Impact Unauthenticated denial of service. Summary When installing provider or module packages from attacker-controlled servers, the server may cause tofu initto enter an infinite loop sending garbage data to that server. Those who depend on modules or providers served from untrusted third-party...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix an off-by-8 bounds check in checkwsleas The bounds check uses u8 ea + nlen + 1 + vlen as the end of the EA name and value. However, eadata is located at offset sizeofstruct smb2filefulleainfo = 8 from ea, not at...

GHSA-98QH-XJC8-98PQ pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS

Summary pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. Impact A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count. With a large enough value, the client spends an unbounded amount of CPU time...

SUSE CVE-2026-31614

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix off-by-8 bounds check in checkwsleas The bounds check uses u8 ea + nlen + 1 + vlen as the end of the EA name and value, but eadata sits at offset sizeofstruct smb2filefulleainfo = 8 from ea, not at offset 0. The...

CVE-2026-31614

A flaw was found in the Linux kernel's Server Message Block SMB client. An untrusted server can exploit an out-of-bounds read vulnerability within the checkwsleas function. This flaw allows the server to read up to 8 bytes beyond the intended memory boundary, leading to information disclosure. Th...

CVE-2026-31613

A flaw was found in the Linux kernel's Server Message Block SMB client. A remote, untrusted server could send a specially crafted symlink error response, leading to an out-of-bounds read vulnerability. This could result in the disclosure of sensitive information from the kernel's memory to a loca...

EUVD-2026-25507

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix off-by-8 bounds check in checkwsleas The bounds check uses u8 ea + nlen + 1 + vlen as the end of the EA name and value, but eadata sits at offset sizeofstruct smb2filefulleainfo = 8 from ea, not at offset 0. The...

PT-2026-34966

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the SMB client within the check wsl eas function. A bounds check incorrectly uses the base pointer of the extended attribute EA instead of the ea data field, which is...

CVE-2026-33600

An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service...

CVE-2026-28295

A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode PASV response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the...

TP-LINK Tapo 安全漏洞

TP-LINK Tapo is a series of secure Wi-Fi cameras produced by TP-LINK Corporation. TP-LINK Tapo has a security vulnerability, which stems from issues with the certificate verification logic. This vulnerability may allow applications to accept identities of servers that are untrusted or not properl...

libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response

A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption...

MAL-2025-48690 Malicious code in hyatt-avatar (npm)

Package collects system info and sends to untrusted server, plus suspicious install scripts indicate malicious behavior. The package communicates with a domain associated with malicious activity...

EUVD-2025-20823

Malicious code in bioql PyPI...

EUVD-2023-58315

Malicious code in bioql PyPI...

CVE-2025-61591

Cursor is a code editor built for programming with AI. In versions 1.7 and below, when MCP uses OAuth authentication with an untrusted MCP server, an attacker can impersonate a malicious MCP server and return crafted, maliciously injected commands during the interaction process, leading to comman...

CVE-2025-61591 Cursor CLI's Cursor Agent MCP OAuth2 Communication is Vulnerable to Remote Code Execution

Cursor is a code editor built for programming with AI. In versions 1.7 and below, when MCP uses OAuth authentication with an untrusted MCP server, an attacker can impersonate a malicious MCP server and return crafted, maliciously injected commands during the interaction process, leading to comman...

CVE-2025-61591

Cursor is an AI-enabled code editor. CVE-2025-61591 affects Cursor versions 1.7 and below, where OAuth authentication with an untrusted MCP server allows an attacker to impersonate the MCP server and inject crafted commands during the interaction, leading to command injection and potential remote...

CVE-2025-61591 Cursor CLI's Cursor Agent MCP OAuth2 Communication is Vulnerable to Remote Code Execution

Cursor is a code editor built for programming with AI. In versions 1.7 and below, when MCP uses OAuth authentication with an untrusted MCP server, an attacker can impersonate a malicious MCP server and return crafted, maliciously injected commands during the interaction process, leading to comman...

CVE-2025-61591 Cursor CLI's Cursor Agent MCP OAuth2 Communication is Vulnerable to Remote Code Execution

Cursor is a code editor built for programming with AI. In versions 1.7 and below, when MCP uses OAuth authentication with an untrusted MCP server, an attacker can impersonate a malicious MCP server and return crafted, maliciously injected commands during the interaction process, leading to comman...