Lucene search
K

3684 matches found

RedHat Linux
RedHat Linux
added 2026/05/11 6:39 p.m.9 views

golang: cmd/compile: possible memory corruption after bound check elimination

A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially...

9.8CVSS5.8AI score0.00536EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/11 4:23 p.m.7 views

cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names

A flaw was found in the Go programming language golang and its command-line tool cmd/go. A remote attacker could exploit this during the build process by crafting malicious SWIG Simplified Wrapper and Interface Generator file names that contain "cgo" and specific payloads. This could lead to code...

9CVSS6AI score0.00658EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/11 4:23 p.m.9 views

golang: cmd/compile: no-op interface conversion bypasses overlap checking

A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data...

7.1CVSS5.8AI score0.00261EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/11 4:23 p.m.7 views

golang: cmd/compile: possible memory corruption after bound check elimination

A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially...

9.8CVSS5.8AI score0.00536EPSS
Exploits0References8
Packet Storm News
Packet Storm News
added 2026/05/11 12:0 a.m.9 views

Janus: Compiler-Based Defense against Transient Execution Attacks Using ARM Hardware Primitives

We present Janus, a compiler-based security framework that mitigates transient execution attacks like Spectre and control-flow hijacking on ARM64 platforms. Janus integrates speculative execution and control flow dependencies with PA modifiers, using PA and BTI microarchitectural features to...

6AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/10 7:17 a.m.126 views

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

CVE-2025-32463 - No gcc required Privilege escalation to root vi...

9.3CVSS7.1AI score0.47467EPSS
Exploits70
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.15 views

PT-2026-38773

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

7.5CVSS6AI score0.17673EPSS
Exploits2References26
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.10 views

PT-2026-38851

Vulnerability in Oracle Java SE component: Compiler. Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...

4.8CVSS5.8AI score0.00522EPSS
Exploits0References5
OSV
OSV
added 2026/05/06 2:45 p.m.5 views

BIT-JAVA-MIN-2025-30691

Vulnerability in Oracle Java SE component: Compiler. Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...

4.8CVSS6.8AI score0.00522EPSS
Exploits0References4
OSV
OSV
added 2026/05/06 2:45 p.m.5 views

BIT-JAVA-2025-30691

Vulnerability in Oracle Java SE component: Compiler. Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...

4.8CVSS6.8AI score0.00522EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.8 views

PT-2026-37830

Vulnerability in Oracle Java SE component: Compiler. Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...

4.8CVSS6.8AI score0.00522EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.7 views

PT-2026-38037

Vulnerability in Oracle Java SE component: Compiler. Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...

4.8CVSS6.8AI score0.00522EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.11 views

PT-2026-37752

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

7.5CVSS6AI score0.17673EPSS
Exploits2References26
Packet Storm News
Packet Storm News
added 2026/05/04 12:0 a.m.6 views

FunFuzz: An LLM-Powered Evolutionary Fuzzing Framework

Modern fuzzers increasingly use Large Language Models LLMs to generate structured inputs, but LLM-driven fuzzing is sensitive to prompt initialization and sampling variance, which can reduce exploration efficiency and lead to redundant inputs. We present FunFuzz, a multi-island evolutionary fuzzi...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/04/30 1:30 a.m.10 views

[SECURITY] Fedora 42 Update: binaryen-126-1.fc42

Binaryen is a compiler and toolchain infrastructure library for WebAssembly, written in C++. It aims to make compiling to WebAssembly easy, fast, and effective: Easy: Binaryen has a simple C API in a single header, and can also be used from JavaScript. It accepts input in WebAssembly-like form bu...

7.1CVSS5.5AI score0.00181EPSS
Exploits1
Fedora
Fedora
added 2026/04/30 1:21 a.m.9 views

[SECURITY] Fedora 43 Update: binaryen-126-1.fc43

Binaryen is a compiler and toolchain infrastructure library for WebAssembly, written in C++. It aims to make compiling to WebAssembly easy, fast, and effective: Easy: Binaryen has a simple C API in a single header, and can also be used from JavaScript. It accepts input in WebAssembly-like form bu...

7.1CVSS5.5AI score0.00181EPSS
Exploits1
Amazon
Amazon
added 2026/04/30 12:0 a.m.8 views

Important: golang

Issue Overview: SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time in the Go toolchain cmd/go due to trust layer bypass. CVE-2026-27140 Arithmetic over induction variables in loops were not correctly checked for...

9.8CVSS6.7AI score0.00658EPSS
Exploits0
Amazon
Amazon
added 2026/04/30 12:0 a.m.18 views

Important: containerd

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

9.8CVSS7.1AI score0.00651EPSS
Exploits0
Amazon
Amazon
added 2026/04/30 12:0 a.m.9 views

Important: nerdctl

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

9.8CVSS6AI score0.00651EPSS
Exploits0
Amazon
Amazon
added 2026/04/30 12:0 a.m.10 views

Medium: credentials-fetcher

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

9.8CVSS5.7AI score0.00621EPSS
Exploits0
Rows per page
Query Builder