CVE-2026-43153

A flaw was found in the Linux kernel's XFS filesystem. The xfsattrleafhasname function has a problematic calling convention that can lead to incorrect buffer handling. This issue can result in the use of already released memory buffers, potentially causing memory corruption or system instability....

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom-adm: The calling convention for prepslavesg has been corrected. The calling convention for prepslavesg requires returning NULL in case of an error, along with providing an error log to the system. However, qcom-ad...

CVE-2026-40107

SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, tags with src attributes survive Mermaid's internal DOMPurify and land in SVG blocks. The SVG is injected via innerHTML with no secondary...

CVE-2026-24283 Multiple UNC Provider Kernel Driver Elevation of Privilege Vulnerability

...

CVE-2026-24283 Multiple UNC Provider Kernel Driver Elevation of Privilege Vulnerability

...

CVE-2026-27615

ADB Explorer is a fluent UI for ADB on Windows. In versions prior to Beta 0.9.26022, ADB-Explorer allows the ManualAdbPath settings variable, which determines the path of the ADB binary to be executed, to be set to a Universal Naming Convention UNC path in the application's settings file. This...

CVE-2026-27615 ADB-Explorer: UNC Path Support in ManualAdbPath Leads to Remote Code Execution (RCE)

ADB Explorer is a fluent UI for ADB on Windows. In versions prior to Beta 0.9.26022, ADB-Explorer allows the ManualAdbPath settings variable, which determines the path of the ADB binary to be executed, to be set to a Universal Naming Convention UNC path in the application's settings file. This...

EUVD-2026-8596

ADB Explorer is a fluent UI for ADB on Windows. In versions prior to Beta 0.9.26022, ADB-Explorer allows the ManualAdbPath settings variable, which determines the path of the ADB binary to be executed, to be set to a Universal Naming Convention UNC path in the application's settings file. This...

CVE-2026-27615 ADB-Explorer: UNC Path Support in ManualAdbPath Leads to Remote Code Execution (RCE)

ADB Explorer is a fluent UI for ADB on Windows. In versions prior to Beta 0.9.26022, ADB-Explorer allows the ManualAdbPath settings variable, which determines the path of the ADB binary to be executed, to be set to a Universal Naming Convention UNC path in the application's settings file. This...

EUVD-2022-55768

In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom-adm: fix wrong calling convention for prepslavesg The calling convention for preslavesg is to return NULL on error and provide an error log to the system. Qcom-adm instead provide error pointer when an error occur...

CVE-2022-50721

CVE-2022-50721 affects the Linux kernel via the dmaengine: qcom-adm module. The vulnerability stems from the function prep_slave_sg returning an error pointer on error instead of NULL, while consumers (e.g., nandc) expect NULL to indicate failure. This mismatch can lead to a kernel panic later in...

CVE-2022-50721 dmaengine: qcom-adm: fix wrong calling convention for prep_slave_sg

In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom-adm: fix wrong calling convention for prepslavesg The calling convention for preslavesg is to return NULL on error and provide an error log to the system. Qcom-adm instead provide error pointer when an error occur...

.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL

New research has uncovered exploitation primitives in the .NET Framework that could be leveraged against enterprise-grade applications to achieve remote code execution. WatchTowr Labs, which has codenamed the "invalid cast vulnerability" SOAPwn , said the issue impacts Barracuda Service Center RM...

Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF

...

CVE-2025-30201

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to version 4.13.0, a vulnerability in Wazuh Agent allows authenticated attackers to force NTLM authentication through malicious UNC paths in various agent configuration settings, potentially leadin...

CVE-2025-30201 Wazuh NetNTLMv2 Hash Theft In Multiple Centralized Configuration Capabilities

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to version 4.13.0, a vulnerability in Wazuh Agent allows authenticated attackers to force NTLM authentication through malicious UNC paths in various agent configuration settings, potentially leadin...

This Hacker Conference Installed a Literal Antivirus Monitoring System

At New Zealand's Kawaiicon cybersecurity convention, organizers hacked together a way for attendees to track CO2 levels throughout the venue—even before they arrived...

PT-2025-47793

Name of the Vulnerable Software and Affected Versions Wazuh versions prior to 4.13.0 Description Wazuh Agent, a platform for threat prevention, detection, and response, contains a flaw where authenticated attackers can trigger NTLM authentication through crafted UNC paths within agent configurati...

Malicious Package

Overview react-naming-convention is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

MAL-2025-49037 Malicious code in react-naming-convention (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4f1de3b293c216a9b6c48e3cdb120f41ef3a161e4aaa7be1aa115440108c0f4f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...