10791 matches found
CVE-2026-26032
Summary of CVE-2026-26032 (Apache Ivy): The PackagerResolver can repack downloaded artifacts via an Ant script in a subdirectory of buildRoot. If any Ivy coordinates contain "../" sequences, an attacker who can access a packager repository can escape the buildRoot and overwrite other files. The i...
EUVD-2026-44763
The PackagerResolver of Apache Ivy is able to download online artifacts and to repackage them in a format defined by a packager.xml file. This repackaging is done by an Ant script, which is stored in a subdirectory of the configured "buildRoot" directory. This subdirectory is calculated based on...
SUSE SLES16 Security Update : rust-keylime (SUSE-SU-2026:22583-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22583-1 advisory. Update to version 0.2.9+49. Security issues fixed: - CVE-2026-41676: openssl: Deriver:derive and PkeyCtxRef:derive can overflow...
MAL-2026-10613 Malicious code in ethereum-lib-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58bddf420dcb894a940b62fba777628f0c3a9d31dd7fa915afaea618c1914d52 Package [email protected] impersonates the widely-used ethereumjs-util library: the package name, README badge, repository, homepage, and auth...
June 9, 2026—KB5095051 (OS Build 28000.2269)
None None...
July 14, 2026—KB5099540 (OS Build 20348.5386)
None None...
July 14, 2026—KB5099536 (OS Build 26100.33158)
None None...
July 14, 2026—KB5099538 (OS Build 17763.9020)
None None...
July 14, 2026—KB5099535 (OS Build 14393.9339)
None None...
July 14, 2026—KB5099414 (OS Build 22631.7376)
None None...
July 14, 2026-KB5101014 Cumulative Update for .NET Framework 3.5 for Windows 11, version 26H1 (build 28000) and later
None None...
Grok Build Uploaded Entire Git Repositories to xAI Storage, Not Just Files It Read
xAI's Grok Build coding CLI was uploading entire Git repositories, full commit history and all, to a Google Cloud Storage bucket run by xAI, not just the files a coding task needed. A researcher publishing as cereblab, testing version 0.2.93, captured one of those uploads, cloned the git bundle o...
EUVD-2026-43554
FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, contains a symlink attack vulnerability in the downloadandcopy function within hopper/setup.py that extracts NVIDIA toolchain archives without validating symlinks or filtering tar members. A local attacker can pre-plant a symlink in the...
CVE-2026-62239
FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, contains a symlink attack vulnerability in the downloadandcopy function within hopper/setup.py that extracts NVIDIA toolchain archives without validating symlinks or filtering tar members. A local attacker can pre-plant a symlink in the...
CVE-2026-62239 FlashAttention Symlink Attack via tarfile.extractall in hopper/setup.py
FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, contains a symlink attack vulnerability in the downloadandcopy function within hopper/setup.py that extracts NVIDIA toolchain archives without validating symlinks or filtering tar members. A local attacker can pre-plant a symlink in the...
CVE-2026-62239
FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, contains a symlink attack vulnerability in the downloadandcopy function within hopper/setup.py that extracts NVIDIA toolchain archives without validating symlinks or filtering tar members. A local attacker can pre-plant a symlink in the...
CVE-2026-62239
FlashAttention (up to 2.8.3.post1) contains a symlink attack in hopper/setup.py: download_and_copy() extracts NVIDIA toolchain archives without validating symlinks or filtering tar members. A local attacker can plant a predictable symlink in the cache to redirect extracted binaries to a chosen lo...
CVE-2026-55773
CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions prior to 2.3.6, 3.4.1 and 4.9.0, under certain circumstances, improper input handling could allow Cedar-expression injection via unescaped toCedarExpr. The...
Security Bulletin: Vulnerability in bytes bundled with IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage
Summary IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage include the bytes library, which is affected by an integer overflow vulnerability. CVE-2026-25541 Vulnerability Details CVEID:CVE-2026-25541 DESCRIPTION: Bytes is a utility library for working with bytes. From version 1.2.1 ...
OPENSUSE-SU-2026:21333-1 Security update for nasm
This update for nasm fixes the following issues - CVE-2026-6067: heap buffer overflow vulnerability due to a lack of bounds checking in the objdirective function bsc1261986. - CVE-2026-6068: heap use after free vulnerability in response file processing bsc1261985. Changes for nasm: - Update to...