MAL-2026-2527 Malicious code in sjs-biginteger (npm)

sjs-biginteger typosquats big.js on npm. Published April 7, 2026 by throwaway account vanes.s.p.orit.a, the package ships legitimate big.js source and hides its payload in a dependency: sjs-lint-build1. On install, the dependency’s postinstall hook fetches the attacker’s SSH public key from a C2...

Cisco IOS XE Software Secure Copy Protocol Server DoS (cisco-sa-scp-dos-duAdXtCg)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A denial of service DoS vulnerability exists in Secure Copy Protocol SCP server feature of Cisco IOS XE Software due to improper handling of a malformed SCP request. An authenticated, local attacker ca...

osslsigncode 缓冲区错误漏洞

Osslsigncode is a small tool developed by Michał Trojnara as an individual developer. It implements some of the functions of the Microsoft tool signtool.exe. Versions of Osslsigncode prior to version 2.12 contained a buffer error vulnerability. This vulnerability stemmed from multiple signature...

PT-2026-31643

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in several signature verification paths. During verification of a PKCS7 signature, the code copies the digest value from a parsed...

Unbreakable Enterprise kernel security update

6.12.0-200.74.27.2 - ipv6: use RCU in ip6xmit Eric Dumazet Orabug: 39186444 CVE-2025-40135 - netfilter: nftables: fix use-after-free in nftablesaddchain Inseo An Orabug: 39181102 CVE-2026-23231 - dst: fix races in rt6uncachedlistdel and rtdeluncachedlist Eric Dumazet Orabug: 39181101 CVE-2026-230...

CLSA-2026-1775689506 libarchive: Fix of CVE-2024-20696

CVE-2024-20696: fix heap buffer overflow via negative copy length in RAR4 reader...

CLSA-2026-1775647149 libarchive: Fix of CVE-2024-20696

CVE-2024-20696: fix heap buffer overflow via negative copy length in RAR4 reader...

NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module

A flaw was found in NGINX. A remote attacker can exploit a buffer overflow vulnerability within the ngxhttpdavmodule module. This occurs when the NGINX configuration uses DAV module MOVE or COPY methods in conjunction with prefix location and alias directives. Successful exploitation may lead to...

kernel: macvlan: fix possible UAF in macvlan_forward_source()

In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlanforwardsource Add RCU protection on struct macvlansourceentry-vlan. Whenever macvlanhashdelsource is called, we must clear entry-vlan pointer before RCU grace period starts. This allows...

CVE-2026-27144

CVE-2026-27144 is a Go compiler issue where a no-op interface conversion can bypass overlap checking, potentially causing memory corruption at runtime during memory moves. The public advisories tie this to Go 1.26 (and related 1.25 branch updates) and list it under SUSE security fixes as CVE-2026...

EUVD-2026-19867

RustFS has an authorization bypass in multipart UploadPartCopy enables cross-bucket object exfiltration...

RustFS has an authorization bypass in multipart UploadPartCopy enables cross-bucket object exfiltration

RustFS contains a missing authorization check in the multipart copy path UploadPartCopy. A low-privileged user who cannot read objects from a victim bucket can still exfiltrate victim objects by copying them into an attacker-controlled multipart upload and completing the upload. This breaks tenan...

ROS-20260408-73-0012

A vulnerability in the rcupreemptdeferredqshandler function of the kernel/rcu/treeplugin.h component of the Linux operating system kernel is related to simultaneous execution using a shared resource with incorrect synchronization. Exploitation of the vulnerability allows an attacker to cause a...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006691)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006691 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: reject unhashed sockets in bpfskassign The semantics for bpfskassign are as follows: sk =...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006791)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006791 advisory. In the Linux kernel, the following vulnerability has been resolved: rcu: Protect -deferqsiwpending from data race On kernels built with CONFIGIRQWORK=y, when...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006776)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006776 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/mm/pat: fix VMPAT handling in COW mappings PAT handling won't do the right thing in COW...

ROS-20260408-73-0026

A vulnerability in the drivers/soc/qcom/mdtloader.c component of the Linux kernel is related to buffer copying without input data validation. Exploitation of the vulnerability allows an intruder to gain unauthorized access to protected information...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006654)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006654 advisory. In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix call timer start racing with call destruction The rxrpccall struct has a timer used to...

ROS-20260408-73-0032

A vulnerability in the btrfscopyroot function of the btrfs component of the Linux kernel is related to buffer copying without input data validation. Exploitation of the vulnerability allows an attacker to cause a denial of service...

ROS-20260408-73-0030

A vulnerability in the blkstacklimits function of the block/blk-settings.c component of the Linux kernel is related to buffer copying without input data validation. Exploitation of the vulnerability allows an attacker to cause a denial of service...