Malicious code in react-svg-anchor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e014ccf1aaf52a0f5ad92a977b2fb987b63be3ae7bdf8fa9b5f8813f68040344 The package react-svg-anchor was found to contain malicious code. Source: ghsa-malware d539493dcc209d4d478ffa4a5893cd5cd01ee1d994700b9492b651c8aeb372...

SUSE CVE-2026-1229

The CombinedMult function in the CIRCL ecc/p384 package secp384r1 curve produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signing relying on this curve are not affected. The bug was fixed in v1.6.3...

MAL-2026-1115 Malicious code in chai-vest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b92343f543acb60949d618ec06160013b1536a63f3db5431a4e24b1eaac2ccae The package chai-vest was found to contain malicious code. Source: ghsa-malware 2d3a82ac6f8ebd7b7eba324f04e78d43fccef2f3ddf20c24014f4768dc50731d Any...

EUVD-2026-7384

CIRCL has an incorrect calculation in secp384r1 CombinedMult...

CIRCL has an incorrect calculation in secp384r1 CombinedMult

The CombinedMult function in the CIRCL ecc/p384 package secp384r1 curve produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signing relying on this curve are not affected. The bug was fixed in v1.6.3...

CVE-2026-1229

The CombinedMult function in the CIRCL ecc/p384 package secp384r1 curve produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signing relying on this curve are not affected. The bug was fixed in v1.6.3...

UBUNTU-CVE-2026-1229

The CombinedMult function in the CIRCL ecc/p384 package secp384r1 curve produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signing relying on this curve are not affected. The bug was fixed in v1.6.3...

CVE-2026-1229

The CombinedMult function in the CIRCL ecc/p384 package secp384r1 curve produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signing relying on this curve are not affected. The bug was fixed in v1.6.3...

CVE-2026-1229 Incorrect calculation in CIRCL secp384r1 CombinedMult

The CombinedMult function in the CIRCL ecc/p384 package secp384r1 curve produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signing relying on this curve are not affected. The bug was fixed in v1.6.3...

CVE-2026-1229

The CombinedMult function in the CIRCL ecc/p384 package secp384r1 curve produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signing relying on this curve are not affected. The bug was fixed in v1.6.3...

CVE-2026-1229

The CVE-2026-1229 issue concerns the CIRCL library’s secp384r1 implementation (CIRCL ecc/p384) where CombinedMult could yield an incorrect value for specific inputs. The root cause is fixed by using complete addition formulas in the library. Affected operations include ECDH and ECDSA signing on t...

CVE-2026-1229

The CombinedMult function in the CIRCL ecc/p384 package secp384r1 curve produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signing relying on this curve are not affected. The bug was fixed in v1.6.3...

CVE-2026-23216

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsitdecconnusagecount In iscsitdecconnusagecount, the function calls complete while holding the conn-connusagelock. As soon as complete is invoked, the waiter such as...

CVE-2026-23216

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsitdecconnusagecount In iscsitdecconnusagecount, the function calls complete while holding the conn-connusagelock. As soon as complete is invoked, the waiter such as...

CVE-2026-23216 scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsitdecconnusagecount In iscsitdecconnusagecount, the function calls complete while holding the conn-connusagelock. As soon as complete is invoked, the waiter such as...

CVE-2026-23216

Technical details for CVE-2026-23216 are not publicly provided in the supplied documents. The available description mentions a fix in iscsit_dec_conn_usage_count() and a kernel patch, but no vendor/product specifics.

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the call to the complete function when holding a lock. This could lead to reusing the lock after ...

SUSE CVE-2026-23151

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix memory leak in setsspcomplete Fix memory leak in setsspcomplete where mgmtpendingcmd structures are not freed after being removed from the pending list. Commit 302a1f674c00 "Bluetooth: MGMT: Fix possible UAFs...

CVE-2026-23193 scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count()

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsitdecsessionusagecount In iscsitdecsessionusagecount, the function calls complete while holding the sess-sessionusagelock. Similar to the connection usage count logic, the waiter...

CVE-2026-23193

CVE-2026-23193 affects the Linux kernel SCSI/ISCsi path (scsi: target: iscsi). The issue is a use-after-free in iscsit_dec_session_usage_count() where complete() is called while sess->session_usage_lock is held, risking use-after-free of iscsit_session during wakeup/deallocation. The fix relea...