CVE-2026-0146

In mfccoregetdecmetadataseinal of mfccoreregapi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0146

In mfccoregetdecmetadataseinal of mfccoreregapi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

Malicious code in chai-dec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5fbe1098e3267cf9e98fe2591e27b58f87fb44ca8c5475a5fde64fed8c2dd1c3 chai-dec impersonates the chai/pino ecosystem package name rides on chai; package.json keywords and exports — module.exports.pino = middleware —...

MAL-2026-5606 Malicious code in chai-dec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5fbe1098e3267cf9e98fe2591e27b58f87fb44ca8c5475a5fde64fed8c2dd1c3 chai-dec impersonates the chai/pino ecosystem package name rides on chai; package.json keywords and exports — module.exports.pino = middleware —...

PT-2026-44353

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read issue exists in the drm/amdgpu/vcn3 component when parsing decoding messages. This occurs because the system fails to properly check bounds against the end of the...

CVE-2026-46040

In the Linux kernel, the following vulnerability has been resolved: inotify: fix watch count leak when fsnotifyaddinodemarklocked fails When fsnotifyaddinodemarklocked fails in inotifynewwatch, the error path calls inotifyremovefromidr but does not call decinotifywatches to undo the preceding...

CVE-2026-46040

In the Linux kernel, the following vulnerability has been resolved: inotify: fix watch count leak when fsnotifyaddinodemarklocked fails When fsnotifyaddinodemarklocked fails in inotifynewwatch, the error path calls inotifyremovefromidr but does not call decinotifywatches to undo the preceding...

SUSE CVE-2026-31702

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix use-after-free of sbi in f2fscompresswriteendio In f2fscompresswriteendio, decpagecountsbi, type can bring the F2FSWBCPDATA counter to zero, unblocking f2fswaitonallpages in f2fsputsuper on a concurrent unmount CPU. The...

CVE-2026-31702 f2fs: fix use-after-free of sbi in f2fs_compress_write_end_io()

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix use-after-free of sbi in f2fscompresswriteendio In f2fscompresswriteendio, decpagecountsbi, type can bring the F2FSWBCPDATA counter to zero, unblocking f2fswaitonallpages in f2fsputsuper on a concurrent unmount CPU. The...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the improper order of calls to decpagecount in f2fscompresswriteendio. This could lead to accessi...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the aqlenablewrite function not being serialized during concurrent writing, potentially leading to an...

Malicious Package

Overview json-dec is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013143)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013143 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/sev: Make encdechypercall accept a size instead of npages encdechypercall accepted a page cou...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013260)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013260 advisory. In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusbdec.c driver, aka...

Amazon Web Services Research and Engineering Studio 安全漏洞

Amazon Web Services Research and Engineering Studio is a cloud-based research and engineering environment of Amazon, Inc. There is a security vulnerability in the version of Amazon Web Services Research and Engineering Studio from March 2025 to December 1, 2025. This vulnerability stems from the...

CVE-2026-0117

In mfcdecdqbuf of mfcdecv4l2.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2026-10845

In mfcdecdqbuf of mfcdecv4l2.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0117

In mfcdecdqbuf of mfcdecv4l2.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0117

In mfcdecdqbuf of mfcdecv4l2.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-23193

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsitdecsessionusagecount In iscsitdecsessionusagecount, the function calls complete while holding the sess-sessionusagelock. Similar to the connection usage count logic, the waiter...