37490 matches found
Malicious code in @sectest429/hello-npm-world (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 479b9303d76a49dfacb402f0a906e32686b5d276e23f429678150e73e506550d The package advertises a single function module.exports = function helloname but ships a preinstall.js lifecycle script that runs automatically on np...
MAL-2026-10478 Malicious code in @sectest429/hello-npm-world (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 479b9303d76a49dfacb402f0a906e32686b5d276e23f429678150e73e506550d The package advertises a single function module.exports = function helloname but ships a preinstall.js lifecycle script that runs automatically on np...
wpDiscuz <= 5.3.5 - SQL Injection
A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request. id: CVE-2020-13640 info: name: wpDiscuz = 5.3.5 - SQL Injection author: Sourabh-Sahu severity:...
Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. dot dot in the 1 file parameter to document.php or 2 backtopage parameter in a create action to comm/action/fiche.php. id:...
📄 Google Pixel 10 Codec3P VPU fw_debug_buf Use-After-Free / Privilege Escalation
C proof of concept and vulnerability write-up for CVE-2026-0125 affecting the Google Pixel 10 Codec3P VPU driver. The issue is a race condition involving the fwdebugbuf pointer in the VPU kernel driver. The issue was fixed in the June 2026 Pixel Security Bulletin. Issue description There are...
EulerOS 2.0 SP12 : kernel (EulerOS-SA-2026-2595)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Input: alps - fix use-after-free bugs caused by dev3registerworkCVE-2025-68822 ext4: reject mount if bigalloc with sfirstdatablock !=...
Unbreakable Enterprise kernel security update
5.15.0-322.203.3.3 - locking/rtmutex: Skip removewaiter when waiter is not enqueued Davidlohr Bueso Orabug: 39706512 - rtmutex: Use waiter::task instead of current in removewaiter Keenan Dong Orabug: 39706512 CVE-2026-43499 5.15.0-322.203.3.2 - KVM: x86/mmu: Ensure hugepage is in by slot before...
EulerOS 2.0 SP12 : kernel (EulerOS-SA-2026-2535)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Input: alps - fix use-after-free bugs caused by dev3registerworkCVE-2025-68822 ext4: reject mount if bigalloc with sfirstdatablock !=...
Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities
Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2026-1933 DESCRIPTION: A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks,...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: bonding: Fixed a use-after-free in bondxmitbroadcast. bondxmitbroadcast reuses the original skb for the last slave determined by bondislastslave and clones it for others. Concurrent slave enslave/release operations may mutat...
SUSE SLED15: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2026:2800-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2800-1 advisory. The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issu...
Security Bulletin: Security vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access
Summary Security vulnerabilities have been addressed in IBM Verify Identity Access and IBM Security Verify Access Vulnerability Details CVEID:CVE-2025-14923 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issues were fixed: CVE-2025-40216: iouring/rsrc: don't rely on user vaddr alignment bsc1259764. CVE-2025-40341: futex: Don't leak robustlist pointer on exec race bsc1255029. CVE-2025-71294:...
SUSE-SU-2026:2800-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-40216: iouring/rsrc: don't rely on user vaddr alignment bsc1259764. - CVE-2025-40341: futex: Don't leak robustlist pointer on exec race bsc1255029. -...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP7 RT kernel was updated to fix various security issues The following security issues were fixed: CVE-2025-10263: arm64: cputype: Add C1-Ultra definitions bsc1266290. CVE-2025-40216: iouring/rsrc: don't rely on user vaddr alignment bsc1259764. CVE-2025-40341: futex:...
SUSE-SU-2026:2799-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP7 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-10263: arm64: cputype: Add C1-Ultra definitions bsc1266290. - CVE-2025-40216: iouring/rsrc: don't rely on user vaddr alignment bsc1259764. - CVE-2025-40341:...
📄 NTLM Relay to Self Attack Module for Active Directory Privilege Escalation
This is a Metasploit module designed for Windows/Active Directory environments that performs an advanced NTLM relay-to-self attack to escalate privileges on a compromised machine...
kernel security, bug fix, and enhancement update
5.14.0-687.19.1 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...
EUVD-2026-24979
comm: FIFO/pipe inputs are drained before comparison data loss / hang...
GHSA-3WFC-MGPM-9RQ6 comm: FIFO/pipe inputs are drained before comparison (data loss / hang)
The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The arefilesidentical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input pat...