vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass

A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...

kernel: crypto: algif_aead - Revert to operating out-of-place

A flaw was found in the Linux kernel's algifaead cryptographic algorithm interface. An incorrect in-place operation causes source and destination data mappings to differ during cryptographic processing. A low-privileged local attacker can exploit this flaw to corrupt the contents of sensitive...

kernel: Linux kernel: Denial of service and memory corruption in RDMA umad

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA umad User Mode Access Device component. A local user can exploit this vulnerability by manipulating input, causing an integer underflow that leads to an out-of-bounds memory write. This memory corruption can result in a denia...

Security update for python311

This update for python311 fixes the following issues: CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. CVE-2025-12781: inadequate parameter check can cause data integrity issues bsc1257108. CVE-2025-15282:...

HSEC-2024-0008 Sign extension error in the PPC64le FFI

Sign extension error in the PPC64le FFI Numeric arguments of FFI call on the PPC64le backend may result in incorrect runtime values. For the most part, this bug only causes availability and data integrity issues. However, in some circumstances, it may result in other, more complicated security...

HSEC-2024-0006 fromIntegral: conversion error

fromIntegral: conversion error fromIntegral may result in coercion errors when used with optimization flags -O1 or -O2 in the following situation: - Converting negative Int to Natural does not throw an arithmetic underflow error - Converting large Integer greater than 2^64 to Natural overflow. Fo...

HSEC-2024-0007 Sign extension error in the AArch64 NCG

Sign extension error in the AArch64 NCG Arithmetic operations may result in incorrect runtime results on the native aarch64 backend. For the most part, this bug only causes availability and data integrity issues. However, in some circumstances, it may result in other, more complicated security...

EUVD-2006-7019

Malware in sbrugna...

EUVD-2025-8214

Malicious code in bioql PyPI...

EUVD-2022-1066

Malicious code in bioql PyPI...

EUVD-2025-7039

Malicious code in bioql PyPI...

EUVD-2024-0089

Malicious code in bioql PyPI...

EUVD-2025-10498

Malicious code in bioql PyPI...

ROS-20250929-13

Vulnerability in Mozilla Firefox, Mozilla Firefox ESR, Mozilla Thunderbird email client is related to with an operation exceeding the memory buffer boundaries. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code Vulnerability in JavaScript Engine...

libvpx: Integer overflow in vpx_img_alloc()

A flaw was found in libvpx. When creating images, libvpx trusts the width, height, and alignment of the user input. However, it does not properly validate the provided values. This flaw allows an attacker to craft user inputs or trick the user into opening crafted files, where these types of valu...

CVE-2025-5987

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

Hash Collision Attack

vllm is vulnerable to hash collision and data integrity issues. The vulnerability is due to improper image serialization using only raw pixel bytes without metadata, allowing attackers to create images with identical hashes and exploit cache poisoning or access sensitive data...

Amazon Linux 2023 : compat-libpthread-nonshared, glibc, glibc-all-langpacks (ALAS2023-2025-988)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-988 advisory. In iconvdata/iso-2022-jp-3.c in the GNU C Library aka glibc 2.34, remote attackers can force iconv to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an...

CVE-2022-21354

Vulnerability in the Oracle iStore product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks...

CVE-2018-3316

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation component of Oracle Retail Applications subcomponent: Segment. Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...