Lucene search
K

794 matches found

OSV
OSV
added 2026/05/20 10:10 a.m.8 views

RHSA-2026:19187 Red Hat Security Advisory: compat-openssl11 security update

Bulletin has no description...

7.4CVSS7AI score0.00444EPSS
Exploits1References7
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: “comedi”: checking the attached status of devices in compatible IOCTLs. Syzbot identified a issue 1 that causes the kernel to crash, seemingly due to the absence of the callback dev-getvalidroutes. This should never happen, as th...

5.8AI score0.0018EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ftruncate: passing a signed offset. The old ftruncate system call, which uses the 32-bit offt type, misses a sign extension when called in compat mode on 64-bit architectures. As a result, passing a negative length accidentally...

5.5CVSS6.2AI score0.00229EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: dmaengine: idxd: Fixed device leaks during the compat bind and unbind operations. Make sure to remove the references to the idxd device when using the compat bind and unbind sysfs interfaces...

5.5CVSS6AI score0.00193EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 12:0 a.m.9 views

Malicious code in @antv/g-compat (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/05/19 12:0 a.m.19 views

MAL-2026-3913 Malicious code in @antv/g-compat (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.11 views

@antv/f-engine (=0.0.2), @antv/f-my (=0.0.2) +3 more potentially affected by unknown CVE via @antv/g-compat (=1.0.11)

@antv/g-compat NPM version =1.0.11 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/g-compat and may be impacted: - @antv/f-engine =0.0.2 - @antv/f-my =0.0.2 - @antv/f-react =0.0.2 - @antv/f2-wx =0.0.2 - @antv/g =5.8.9, =5.12.0 Source cves: unknow...

5.5AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.21 views

@antv/f-engine (=0.0.2), @antv/f-my (=0.0.2) +3 more potentially affected by unknown CVE via @antv/g-compat (=1.0.11)

@antv/g-compat NPM version =1.0.11 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/g-compat and may be impacted: - @antv/f-engine =0.0.2 - @antv/f-my =0.0.2 - @antv/f-react =0.0.2 - @antv/f2-wx =0.0.2 - @antv/g =5.8.9, =5.12.0 Source cves: unknow...

5.5AI score
Exploits0
NVD
NVD
added 2026/05/15 3:16 a.m.33 views

CVE-2025-66660

Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRVSOCCMDIDSRIOVCHECKTACOMPAT to cause incorrect shared memory mapping, potentially resulting in unexpected behavior...

1.8CVSS0.00101EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/05/12 3:1 p.m.6 views

org.webjars.npm:bazel__typescript (=1.7.0), org.webjars.npm:cesium (>=1.96.0 <=1.137.0) +13 more potentially affected by CVE-2026-44290 via org.webjars.npm:protobufjs (>=6.11.3 <=8.0.0)

org.webjars.npm:protobufjs MAVEN version =6.11.3, =1.96.0, =1.0.0, =1.0.0, =10.13.0, =4.7.0, =0.3.35, =1.6.1, =0.5.2, =0.7.15 - org.webjars.npm:tiktok-live-connector =1.0.2 Source cves: CVE-2026-44290 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16643420...

7.5CVSS5.8AI score0.00374EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/12 3:0 p.m.6 views

org.webjars.npm:bazel__typescript (=1.7.0), org.webjars.npm:cesium (>=1.96.0 <=1.137.0) +13 more potentially affected by CVE-2026-44288 via org.webjars.npm:protobufjs (>=6.11.3 <=8.0.0)

org.webjars.npm:protobufjs MAVEN version =6.11.3, =1.96.0, =1.0.0, =1.0.0, =10.13.0, =4.7.0, =0.3.35, =1.6.1, =0.5.2, =0.7.15 - org.webjars.npm:tiktok-live-connector =1.0.2 Source cves: CVE-2026-44288 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16643235...

5.3CVSS5.8AI score0.00301EPSS
Exploits0
Snyk
Snyk
added 2026/05/07 4:33 a.m.11 views

Symlink Attack

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Symlink Attack via the isPathAllowed path check in lib/resolver-compat.js. An attacker can execute code outside the configured...

8.5CVSS6.4AI score0.00722EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/05/06 1:42 a.m.13 views

SUSE CVE-2026-31781

In the Linux kernel, the following vulnerability has been resolved: drm/ioc32: stop speculation on the drmcompatioctl path The drm compat ioctl path takes a user controlled pointer, and then dereferences it into a table of function pointers, the signature method of spectre problems. Fix this up b...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References3
NVD
NVD
added 2026/05/01 3:16 p.m.7 views

CVE-2026-31781

In the Linux kernel, the following vulnerability has been resolved: drm/ioc32: stop speculation on the drmcompatioctl path The drm compat ioctl path takes a user controlled pointer, and then dereferences it into a table of function pointers, the signature method of spectre problems. Fix this up b...

5.5CVSS0.00123EPSS
Exploits0References8
CVE
CVE
added 2026/05/01 2:15 p.m.11 views

CVE-2026-31781

CVE-2026-31781 concerns the Linux kernel drm/ioc32 compat ioctl path, where a user-controlled pointer was used to index a table of function pointers (spectre-like pattern). The issue is mitigated by applying array_index_nospec on the index to the function-pointer list, as described in the fix. Co...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References8Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/01 2:5 p.m.11 views

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: glibc: compat-libpthread-nonshared-2.42-12.hum1 aarch64, x8664 glibc-2.42-12.hum1 aarch64, x8664 glibc-all-langpacks-2.42-12.hum1 aarch64, x8664 glibc-benchtests-2.42-12.hum1 aarch64, x8664...

9.8CVSS5.8AI score0.00451EPSS
Exploits3References7
Github Security Blog
Github Security Blog
added 2026/04/21 8:38 p.m.51 views

lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files

Impact Using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Patches lxml 6.1.0 changes the default to resolveentities='internal', thus disallowing local file access by default. Workarounds Setting the resolveentitie...

7.5CVSS5.8AI score0.00324EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/04/20 8:12 a.m.6 views

MAL-2026-2945 Malicious code in moonbit-locale-compat (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d42bb32adb1fb5f388368b9e4ab382bfbc8cd7f62dab4c70a8563a448ce9c2af Campaign includes a chain of dependencies that finally exfiltrate sensitive environment variables to a hardcoded GitHub repository as exfiltration target, and ...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/20 8:12 a.m.6 views

Malicious code in moonbit-locale-compat (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d42bb32adb1fb5f388368b9e4ab382bfbc8cd7f62dab4c70a8563a448ce9c2af Campaign includes a chain of dependencies that finally exfiltrate sensitive environment variables to a hardcoded GitHub repository as exfiltration target, and ...

5.9AI score
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/04/18 9:30 a.m.8 views

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +39 more potentially affected by CVE-2026-32690 via apache-airflow (>=3.0.0 <=3.1.8)

apache-airflow PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0, =0.1.0, =1.4.3, =0.2.0, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =1.28.0rc1 and more Source cves: CVE-2026-32690 Source advisory: OSV:GHSA-W9R4-94FJ-XP69...

3.7CVSS5.7AI score0.00421EPSS
Exploits0
Rows per page
Query Builder