CVE-2026-48525 PyJWT: Unauthenticated DoS via unbounded Base64URL decoding of unused payload segment in b64=false detached JWS

PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option "b64": false, RFC 7797, PyJWT performs Base64URL decoding of the compact-serialization payload segment before enforcing the detached-payload rules. For...

MAL-2026-4616 Malicious code in muaddib-scanner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8eea5d3ed390c4c82b5bfa89ac220f1d424fcaebe70fe71bbbe3bce66f0f48f package.json declares "loadash": "^1.0.0" as a runtime dependency. loadash is a well-known typosquat of lodash and is never required or imported...

MAL-2026-4639 Malicious code in pg-expense-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1d939ad3f0e8e9754bf3562f06692713a76d5c0f18ac13c956f9cb199ed0fbf On require/load, index.js unconditionally collects host identifiers hostname, username, platform, arch, cwd, pid and sends them as URL query paramete...

Unity Linux 20.1070e Security Update: mariadb (UTSA-2026-021664)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021664 advisory. MariaDB through 10.5.9 allows an application crash in findfieldintables and findorderinlist via an unused common table expression CTE. Tenable has extracted the...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: clk: Get runtime PM before walking the tree during disableunused. Doug reported 1 the following hung task: INFO: task swapper/0:1 was blocked for more than 122 seconds. Not tainted 5.15.149-21875-gf795ebc40eb8 1 “echo 0...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: btrfs: fixed the issue of adding a block group to the reclaim list and to the unused list during reclaiming. There is a potential parallel processing for retry operations in btrfsreclaimbgswork, as well as adding elements to t...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021628)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021628 advisory. In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: Initialize unused data in j1939sendone syzbot reported kernel-infoleak in...

MAL-2026-4701 Malicious code in venturo-playwright-runner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e63f5fe21c0fe70b9b120a217b3d1b14e765c47de231eb03d0d763c471fbd4e The package republishes Microsoft's @playwright/test under the unrelated name venturo-playwright-runner and falsifies its identity to claim Microsoft...

MINI-H5CJ-3V23-H75Q

Bulletin has no description...

CVE-2026-44159

Tyler Identity Local TID-L uses documented, default administrative credentials. Users are not required to change the credentials before deployment. TID-L has not been distributed since December 2020, and has not been supported since 2021...

CLSA-2026-1778493573 samba: Fix of CVE-2017-15275

CVE-2017-15275: Fix server heap memory information leak by zeroing unused area when messagepushstring grows the talloc buffer...

CLSA-2026-1778176200 samba: Fix of CVE-2017-15275

CVE-2017-15275: Fix server heap memory information leak by zeroing unused area when messagepushstring grows the talloc buffer...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6060: prevent crash on an unused port If the port isn't a CPU port nor a user port, 'cpudp' is a null pointer and a crash happened on dereferencing it in mv88e6060setupport: 9.575872 Unable to handle kernel NULL...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: install stub fence into potential unused fence pointers When using cpu to update page tables, vm update fences are unused. Install stub fence into these fence pointers instead of NULL to avoid NULL dereference when...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: exfat: Fixed the infinite loop in exfatreaddir If the file system is corrupted in such a way that a cluster links itself to another cluster in the cluster chain, and there is an unused directory entry in the cluster, the variable...

CVE-2026-31739 crypto: tegra - Add missing CRYPTO_ALG_ASYNC

In the Linux kernel, the following vulnerability has been resolved: crypto: tegra - Add missing CRYPTOALGASYNC The tegra crypto driver failed to set the CRYPTOALGASYNC on its asynchronous algorithms, causing the crypto API to select them for users that request only synchronous algorithms. This...

EUVD-2026-26552

In the Linux kernel, the following vulnerability has been resolved: crypto: tegra - Add missing CRYPTOALGASYNC The tegra crypto driver failed to set the CRYPTOALGASYNC on its asynchronous algorithms, causing the crypto API to select them for users that request only synchronous algorithms. This...

OESA-2026-2035 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

CVE-2026-31640 rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial In rxrpcpostresponse, the code should be comparing the challenge serial number from the cached response before deciding to switch to a newer response, but...

PT-2026-34992

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial In rxrpc post response, the code should be comparing the challenge serial number from the cached response before deciding to switch to a newer response, but...