GHSA-9RFG-V8G9-9367 Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring

Summary An attacker can make use of JSON-LD features to restructure a JSON-LD document that would change how Fedify interprets it without changing its Linked Data Signature, allowing them to alter a third-party signed activity they have received. Details The vulnerability essentially boils down t...

CVE-2026-5072

A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTPMSGMANAGEMENT message to set an unvalidated negative logannounceinterval value in the port's data set. When a subsequent...

CVE-2026-5072 ptp: Potential Denial of Service via PTP Interval Shift

A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTPMSGMANAGEMENT message to set an unvalidated negative logannounceinterval value in the port's data set. When a subsequent...

EUVD-2026-31413

A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTPMSGMANAGEMENT message to set an unvalidated negative logannounceinterval value in the port's data set. When a subsequent...

CVE-2026-5072

CVE-2026-5072 affects Zephyr’s PTP subsystem. A remote attacker can send a crafted PTP_MSG_MANAGEMENT to set an unvalidated negative log_announce_interval in a port’s data set. When a subsequent PTP_MSG_ANNOUNCE is processed, port_timer_set_timeout_random computes timeout as NSEC_PER_SEC >>...

Zephyr 安全漏洞

Zephyr is an open-source, scalable real-time operating system RTOS developed by Zephyr. There is a security vulnerability in Zephyr, caused by a bit offset issue. A remote attacker can set an unvalidated negative value of logannounceinterval by sending a specially crafted PTPMSGMANAGEMENT message...

PT-2026-42731

A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTP MSG MANAGEMENT message to set an unvalidated negative log announce interval value in the port's data set. When a subsequent PT...

ANT-2026-P2DWB2SK · mastodon · Signature-bypass

signature-bypass high GHSA-chgx-jx3p-rf73 Severity Claude high · Security research firm high · Maintainer unknown Discovered by Claude Mythos Preview REPORT Anthropic's analysis, sealed at approval. Disclosure to the maintainer was performed by Doyensec. ANT-2026-P2DWB2SK: LD-Signature bypass via...

CVE-2023-25716

Auth admin+ Stored Cross-Site Scripting XSS vulnerability in gqevu6bsiz Announce from the Dashboard plugin = 1.5.1 versions...

@bpa-solutions/assistant (>=13.5.0 <=13.5.0-dev), @mazaal-dev/piece-markdown-to-pdf (=0.0.2) +1 more potentially affected by CVE-2025-65108 via md-to-pdf (>=5.0.1 <=5.2.4)

md-to-pdf NPM version =5.0.1, =13.5.0, =0.11.1, =0.11.2 Source cves: CVE-2025-65108 Source advisory: SNYK:JS-MDTOPDF-14089788...

EUVD-2005-0566

Malware in sbrugna...

EUVD-2025-25097

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-38551

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix recursived rtnllock during probe The deadlock appears in a stack trace like:...

CVE-2025-38551

A flaw was found in the Linux kernel’s virtio-net driver, where a recursive rtnllock could be triggered during device probing. The deadlock occurs when a VIRTIONETSANNOUNCE request is received from the VMM while the driver is still in the probe stage. In this scenario, the configwork scheduled by...

SUSE CVE-2025-38551

In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix recursived rtnllock during probe The deadlock appears in a stack trace like: virtnetprobe rtnllock virtioconfigchangedwork netdevnotifypeers rtnllock It happens if the VMM sends a VIRTIONETSANNOUNCE request while...

DEBIAN-CVE-2025-38551

In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix recursived rtnllock during probe The deadlock appears in a stack trace like: virtnetprobe rtnllock virtioconfigchangedwork netdevnotifypeers rtnllock It happens if the VMM sends a VIRTIONETSANNOUNCE request while...

CVE-2025-38551

In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix recursived rtnllock during probe The deadlock appears in a stack trace like: virtnetprobe rtnllock virtioconfigchangedwork netdevnotifypeers rtnllock It happens if the VMM sends a VIRTIONETSANNOUNCE request while...

UBUNTU-CVE-2025-38551

In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix recursived rtnllock during probe The deadlock appears in a stack trace like: virtnetprobe rtnllock virtioconfigchangedwork netdevnotifypeers rtnllock It happens if the VMM sends a VIRTIONETSANNOUNCE request while...

CVE-2025-38551 virtio-net: fix recursived rtnl_lock() during probe()

In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix recursived rtnllock during probe The deadlock appears in a stack trace like: virtnetprobe rtnllock virtioconfigchangedwork netdevnotifypeers rtnllock It happens if the VMM sends a VIRTIONETSANNOUNCE request while...

CVE-2025-38551

In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix recursived rtnllock during probe The deadlock appears in a stack trace like: virtnetprobe rtnllock virtioconfigchangedwork netdevnotifypeers rtnllock It happens if the VMM sends a VIRTIONETSANNOUNCE request while...