322 matches found
PT-2026-26677
Name of the Vulnerable Software and Affected Versions libde265 versions prior to 1.0.17 Description libde265 is an open source implementation of the h.265 video codec. A malformed H.265 PPS NAL unit can cause a segmentation fault in the pic parameter set::set derived values function...
Malicious code in f0-abstraction-resolver (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 224dc9dfb692343ce6baa1f2e8ce95e413f8a4d8d9991bea7c7272923cd7498c The package f0-abstraction-resolver was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-1347 Malicious code in f0-abstraction-resolver (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 224dc9dfb692343ce6baa1f2e8ce95e413f8a4d8d9991bea7c7272923cd7498c The package f0-abstraction-resolver was found to contain malicious code. Source: ossf-package-analysis...
SmartGraphical: A Human-In-The-Loop Framework for Detecting Smart Contract Logical Vulnerabilities Via Pattern-Driven Static Analysis and Visual Abstraction
Smart contracts are fundamental components of blockchain ecosystems; however, their security remains a critical concern due to inherent vulnerabilities. While existing detection methodologies are predominantly syntax-oriented, targeting reentrancy and arithmetic errors, they often overlook logica...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005619)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005619 advisory. In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: avoid scheduling in rtasosterm It's unsafe to use rtasbusydelay to handle a busy...
2m (=1.2.5), a-api-server (=1.3.0) +3876 more potentially affected by CVE-2026-27205 via flask (>=0.10.1 <=3.1.2)
flask PYPI version =0.10.1, =0.1.0, =0.10.0, =1.0.2, =1.0.0, =1.0.5, =1.8.8, =1.0.2, =0.3.1, =0.3.7.dev2 and more Source cves: CVE-2026-27205 Source advisory: OSV:GHSA-68RP-WP8R-4726...
CVE-2025-22873
A path traversal vulnerability has been identified in the Go os package affecting the Root abstraction, where improper handling of trailing path separators could allow access to the parent directory of a configured root directory. By supplying a filename ending in "../", an attacker may be able t...
KRONE: Hierarchical and Modular Log Anomaly Detection
Log anomaly detection is crucial for uncovering system failures and security risks. Although logs originate from nested component executions with clear boundaries, this structure is lost when they are stored as flat sequences. As a result, state-of-the-art methods risk missing true dependencies...
Relative Path Traversal
Overview Affected versions of this package are vulnerable to Relative Path Traversal via the dirFS filesystem abstraction. An attacker can perform unauthorized filesystem writes outside the intended base directory by supplying a crafted APK package containing malicious directory or symlink entrie...
Relative Path Traversal
Overview Affected versions of this package are vulnerable to Relative Path Traversal via the dirFS filesystem abstraction. An attacker can perform unauthorized filesystem writes outside the intended base directory by supplying a crafted APK package containing malicious directory or symlink entrie...
CVE-2021-0547
In onReceive of NetInitiatedActivity.java, there is a possible way to supply an attacker-controlled value to a GPS HAL handler due to a missing permission check. This could lead to local escalation of privilege that may result in undefined behavior in some HAL implementations with no additional...
CVE-2022-33275
Memory corruption due to improper validation of array index in WLAN HAL when received lmitemNum is out of range...
CVE-2022-50870
In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: avoid device tree lookups in rtasosterm rtasosterm is called during panic. Its behavior depends on a couple of conditions in the /rtas node of the device tree, the traversal of which entails locking and local IRQ...
PT-2025-53988
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s powerpc/rtas component where the rtas os term function, called during kernel panic, could potentially hang the system if devtree lock is held. This...
Energy-Efficient Multi-LLM Reasoning for Binary-Free Zero-Day Detection in IoT Firmware
Securing Internet of Things IoT firmware remains difficult due to proprietary binaries, stripped symbols, heterogeneous architectures, and limited access to executable code. Existing analysis methods, such as static analysis, symbolic execution, and fuzzing, depend on binary visibility and...
[SECURITY] Fedora 43 Update: kf6-knotifications-6.20.0-2.fc43
KDE Frameworks 6 Tier 3 solution with abstraction for system notifications...
A Bootiful Podcast: The legendary Bruce Eckel on language design, effects, abstraction, concurrency, and so much more
Hi, Spring fans! In this installment, I sit down with the legendary Bruce Eckel, who has probably forgotten more about programming languages than I will ever know, and whose book Thinking in Java helped launch me into a career...
[SECURITY] Fedora 41 Update: rust-astral-tokio-tar-0.5.6-1.fc41
A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all ...
EUVD-2022-55650
In the Linux kernel, the following vulnerability has been resolved: class: fix possible memory leak in classregister If classaddgroups returns error, the 'cp-subsys' need be unregister, and the 'cp' need be freed. We can not call ksetunregister here, because the 'cls' will be freed in callback...
Information Disclosure
typo3/cms-core is vulnerable to Information Disclosure. The vulnerability is due to improper handling of error messages in the File Abstraction Layer, which exposes full file paths during failed file-system operations, allowing an attacker to disclose sensitive system information...