PT-2026-45484

Summary Type: Authorization bypass enabling workspace metadata + settings tampering. The PATCH /workspaces/workspace id endpoint is gated only by require workspace memberworkspace id default min role="member". Any member can rewrite the workspace's name, description, and the settings JSON blob. T...

Batch Me If You Can: Coverage-Guided RPKI Fuzzing at Scale

The Resource Public Key Infrastructure RPKI has become essential to secure inter-domain routing. Despite its critical role, RPKI software remains largely untested beyond shallow parsing. Existing fuzzers, like AFL++ or libFuzzer, do not work well for RPKI as they assume a single, self-contained...

lmdeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out

📋 Reframing 2026-05-02: implicit unsafe remote-code path, not "supply-chain" The accurate description of this vulnerability is: "getmodelarch and related helpers hardcode trustremotecode=True with no opt-out, creating an implicit unsafe remote-code load path on every model fetch." What this repor...

CVE-2026-44057

A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through 4.4.2 results in an unreachable code path that provides no effective bounds protection, which may allow a remote authenticated attacker to obtain limited information via crafted Spotlight RPC requests...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

The brcm80211 component in the Linux kernel, from version 6.5.10 onwards, has a use-after-free issue in the code for disconnecting devices via hotplug i.e., removing the USB connection. For attackers who have physical access and local privileges, “this could be exploited in a real-world scenario....

CVE-2024-55045

Firmament-Autopilot FMT-Firmware commit de5aec was discovered to contain a buffer overflow via the taskmavobcentry function at /comm/taskcomm.c...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007593)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007593 advisory. In the Linux kernel, the following vulnerability has been resolved: net: rds: don't hold sock lock when cancelling work from rdstcpresetcallbacks syzbot is reporting...

CVE-2026-5148

A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

CVE-2026-4395

Heap-based buffer overflow in the KCAPI ECC code path of wceccimportx963ex in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkeyraw buffer via a crafted oversized EC public key point. The WOLFSSLKCAPIECC code path copies the input to...

CVE-2026-3957

A flaw has been found in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. This vulnerability affects the function getLikeMovieList of the file source-code/src/main/java/com/moke/wp/wxweimai/controller/HomeController.java of the component Endpoint. Executing a manipulation...

EUVD-2025-201768

In startAlwaysOnVpn of Vpn.java, there is a possible way to disable always-on VPN due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48610

CVE-2025-48610 stems from a logic error in mem_protect.c __pkvm_guest_relinquish_to_host, enabling a local information disclosure without required privileges or user interaction. Affected component: Android/Linux kernel KVM (pkvm) code path. Impact: potential leakage of configuration data. Exploi...

CVE-2025-12464

A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individual network devices and moved to the net core code. The issue stems from the device's receive code still being able to process a short frame in loopback mode. This...

UBUNTU-CVE-2025-12464

A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individual network devices and moved to the net core code. The issue stems from the device's receive code still being able to process a short frame in loopback mode. This...

EUVD-2018-10920

Malware in sbrugna...

EUVD-2016-9051

Malware in sbrugna...

EUVD-2025-25145

Malicious code in bioql PyPI...

CVE-2025-10989 yangzongzhuan RuoYi selectAll improper authorization

A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This vulnerability affects unknown code of the file /system/role/authUser/selectAll. Performing manipulation of the argument userIds results in improper authorization. The attack can be initiated remotely. The exploit has bee...

CVE-2025-10989

CVE-2025-10989 affects yangzongzhuan RuoYi up to 4.8.1. The issue resides in the file /system/role/authUser/selectAll where manipulating the argument userIds leads to improper authorization. This can be exploited remotely, and the exploit has been publicly released. Multiple trusted sources consi...

CVE-2025-10276

A security vulnerability has been detected in YunaiV ruoyi-vue-pro up to 2025.09. This vulnerability affects unknown code of the file /crm/contract/transfer. The manipulation of the argument id/newOwnerUserId leads to improper authorization. Remote exploitation of the attack is possible. The...