476 matches found
SUSE CVE-2026-31748
In the Linux kernel, the following vulnerability has been resolved: comedi: medaq: Fix potential overrun of firmware buffer me2600xilinxdownload loads the firmware that was requested by requestfirmware. It is possible for it to overrun the source buffer because it blindly trusts the file format. ...
CVE-2026-43263
The CVE-2026-43263 entry concerns the Linux kernel chips-media wave5 driver. The vulnerability arises when multiple driver instances are created and destroyed, causing many interrupts and removal of decoder structures. The shared vpu_instance structure is not protected by a lock, allowing a poten...
ciguard: discover_pipeline_files follows symlinks out of scan root
Summary The discoverpipelinefiles function in src/ciguard/discovery.py introduced in v0.8.0 and used by the MCP scanrepo tool shipped in v0.8.1 walks a directory tree following symlinks, with cycle protection via tracking visited resolved paths. An attacker who can plant a symlink in a directory...
GHSA-JRM4-4PCF-4763 ciguard: Container image runs as root (no USER directive)
Summary The published ghcr.io/jo-jo98/ciguard container image inherits the default root user because the Dockerfile lacks a USER directive. ciguard is a static analyser with no need for root privileges; running as root inside a container makes any future container-runtime escape CVE more impactfu...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the JoinWorkflowSpec process. An attacker can gain unauthorized access to host networking, override service account assignments, modify pod security contexts, add tolerations, or enable service account token...
PT-2026-36924
ITEMS ADDED: Filters Add filter for Atmos PM-5173 Filters Add filter for audio layout PM-5118 Filters Add filters for video, audio, and subtitle codecs PM-5117 Metadata Add support for RottenTomatoes audience and average ratings to Nfo parser PM-5176 Metadata Detect Dolby Atmos PM-4004 Metadata...
EUVD-2026-26561
In the Linux kernel, the following vulnerability has been resolved: comedi: medaq: Fix potential overrun of firmware buffer me2600xilinxdownload loads the firmware that was requested by requestfirmware. It is possible for it to overrun the source buffer because it blindly trusts the file format. ...
CVE-2026-31747 comedi: me4000: Fix potential overrun of firmware buffer
In the Linux kernel, the following vulnerability has been resolved: comedi: me4000: Fix potential overrun of firmware buffer me4000xilinxdownload loads the firmware that was requested by requestfirmware. It is possible for it to overrun the source buffer because it blindly trusts the file format...
PT-2026-36383
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A buffer overrun can occur in the me2600 xilinx download function when loading firmware requested by request firmware. The function reads a data stream length into the file length variab...
firefox security update
140.10.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079773 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 140.10.0-1 - Update to 140.10.0 ESR...
Metasploit Wrap-Up 04/25/2026
Check Method Visibility Metasploit has supported check methods for many years now. It’s not always desirable to jump straight into exploiting a vulnerability but instead to determine if the target is vulnerable. Metasploit tries to be very conservative with classifying a target as “vulnerable”...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011023)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011023 advisory. In the Linux kernel, the following vulnerability has been resolved: cassini: Fix a memory leak in the error handling path of casinitone cassaturnfirmwareinit allocat...
CVE-2026-33805
CVE-2026-33805 affects @fastify/reply-from <= v12.6.1 and @fastify/http-proxy
Security update for govulncheck-vulndb
This update for govulncheck-vulndb fixes the following issues: Update to version 0.0.20260402T184258 2026-04-02T18:42:58Z jscPED-11136. Go CVE Numbering Authority IDs added or updated with aliases: GO-2026-4518 CVE-2026-32286 GHSA-jqcq-xjh3-6g23 GO-2026-4753 CVE-2026-33487 GHSA-479m-364c-43vc...
CVE-2024-40849
A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to break out of its sandbox...
CVE-2024-44219
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. A malicious application with root privileges may be able to access private information...
CVE-2024-44219
CVE-2024-44219 affects macOS Sequoia (15.1) where a permissions issue could allow a malicious application with root privileges to access private information. Public documents confirm the flaw and its fix in Sequoia 15.1; remediation is to upgrade to macOS 15.1 or later. The exact root cause is de...
CVE-2026-33903
Ella Core (private 5G core) is affected by CVE-2026-33903. Versions prior to 1.7.0 panic when processing a specially crafted NGAP LocationReport message, allowing an attacker to crash the process and cause service disruption for all connected subscribers. The fix is included in version 1.7.0, whi...
MAL-2026-2249 Malicious code in chai-as-added (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 121a09e21b10c98f705a02343e235a9800c57b33a81abf364a47c3af69b6ceb4 The package chai-as-added was found to contain malicious code. Source: ghsa-malware 8d5056d792b6ced90bb9fe5c9ebd1726cc6bd61554739bb67c933cf4f7f50840...
Malicious code in chai-as-added (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 121a09e21b10c98f705a02343e235a9800c57b33a81abf364a47c3af69b6ceb4 The package chai-as-added was found to contain malicious code. Source: ghsa-malware 8d5056d792b6ced90bb9fe5c9ebd1726cc6bd61554739bb67c933cf4f7f50840...