CVE-2026-21372

Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations...

CVE-2026-21382

CVE-2026-21382 describes a memory corruption issue in a Power Management IC when handling power management requests due to improperly sized input/output buffers. CVSS 3.1 base score 7.8 (HIGH), with LOCAL attack vector, LOW attack complexity, LOW privileges required, and HIGH impact to confidenti...

CVE-2026-21382 Buffer Copy Without Checking Size of Input in Power Management IC

Memory Corruption when handling power management requests with improperly sized input/output buffers...

CVE-2025-47389

CVE-2025-47389 describes memory corruption caused by a buffer copy operation failing due to an integer overflow during attestation report generation. Documents identify the issue as applicable to an Automotive Platform, with the CVSS v3.1 base score 7.8 (HIGH) and LOCAL attack vector, LOW attack ...

CVE-2025-47389 Buffer Copy Without Checking Size of Input in Automotive Platform

Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation...

CVE-2025-47389 Buffer Copy Without Checking Size of Input in Automotive Platform

Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation...

vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin

A flaw was found in Vim, an open-source command-line text editor. Specifically, an operating system OS command injection vulnerability exists in the netrw standard plugin. A remote attacker could exploit this by tricking a user into opening a specially crafted URL, such as one using the scp://...

vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin

A flaw was found in Vim, an open-source command-line text editor. Specifically, an operating system OS command injection vulnerability exists in the netrw standard plugin. A remote attacker could exploit this by tricking a user into opening a specially crafted URL, such as one using the scp://...

vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin

A flaw was found in Vim, an open-source command-line text editor. Specifically, an operating system OS command injection vulnerability exists in the netrw standard plugin. A remote attacker could exploit this by tricking a user into opening a specially crafted URL, such as one using the scp://...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. There are security vulnerabilities in Qualcomm Chipsets, and these vulnerabilities stem from the lack of verification of the size of data when it is copied to the target buffer, which may lead to encryption issues...

PT-2026-30635

Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the verifyBlob in the Model Pull API that improperly verifies manifest containing both config and layer digests. An attacker can access internal resources or services by sending crafted requests...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection in the GET /api/v1/main/flows/search endpoint. An attacker can execute arbitrary operating system commands by injecting malicious SQL payloads that leverage PostgreSQL's COPY ... TO PROGRAM ... functionality after...

Linux Distros Unpatched Vulnerability : CVE-2026-35385

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performe...

SUSE CVE-2026-23453

In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: Fix memory leak in XDPDROP for non-zero-copy mode Page recycling was removed from the XDPDROP path in emacrunxdp to avoid conflicts with AFXDP zero-copy mode, which uses xskbufffree instead. However, this...

SUSE CVE-2026-35385

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode...

CVE-2026-34612

Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra default docker-compose deployment contains a SQL Injection vulnerability that leads to Remote Code Execution RCE in the following endpoint "GET /api/v1/main/flows/search". Once a user is authenticated,...

CVE-2026-34612 Kestra: Remote Code Execution via SQL Injection

Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra default docker-compose deployment contains a SQL Injection vulnerability that leads to Remote Code Execution RCE in the following endpoint "GET /api/v1/main/flows/search". Once a user is authenticated,...

CVE-2026-34612

Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra default docker-compose deployment contains a SQL Injection vulnerability that leads to Remote Code Execution RCE in the following endpoint "GET /api/v1/main/flows/search". Once a user is authenticated,...

CVE-2026-34612

Kestra (open-source event-driven orchestration platform) prior to version 1.3.7 contains a SQL Injection that enables Remote Code Execution via the GET /api/v1/main/flows/search endpoint. After authentication, a crafted link can trigger payload execution by PostgreSQL using COPY ... TO PROGRAM .....