Microsoft APM: Symlinks under `.apm/prompts/` and `.apm/agents/` are dereferenced during `apm install`, copying host-local file contents into the project tree

Summary Two primitive integrators in apm-cli enumerate package files with bare Path.glob / Path.rglob calls and read each match with Path.readtext, transparently following symbolic links. A symlink committed inside a remote APM dependency under .apm/prompts/.prompt.md or .apm/agents/.agent.md is...

GHSA-Q5PP-GVJG-H7V4 Microsoft APM: Symlinks under `.apm/prompts/` and `.apm/agents/` are dereferenced during `apm install`, copying host-local file contents into the project tree

Summary Two primitive integrators in apm-cli enumerate package files with bare Path.glob / Path.rglob calls and read each match with Path.readtext, transparently following symbolic links. A symlink committed inside a remote APM dependency under .apm/prompts/.prompt.md or .apm/agents/.agent.md is...

freerdp: FreeRDP: Denial of service due to use-after-free vulnerability

A flaw was found in FreeRDP. A remote attacker could exploit a use-after-free vulnerability in the xfSetWindowMinMaxInfo function. This occurs when a freed window pointer is dereferenced because the main thread concurrently deletes a window while the Remote Desktop Protocol RAIL channel thread is...

EUVD-2026-26601

An issue was discovered in VrmlDataIndexedFaceSet::TShape in the VRML V2.0 parser in Open CASCADE Technology OCCT V800rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because malformed VRML input can trigger dereference of a corrupt or unvalidated pointe...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unchecked event type, i.e., a dereferenced pointer, which could lead to an out-of-bounds read...

EUVD-2024-51801

Malicious code in bioql PyPI...

EUVD-2022-27660

Malicious code in bioql PyPI...

CVE-2025-10911

A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash...

DEBIAN-CVE-2024-7881

An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced...

UBUNTU-CVE-2024-7881

An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced...

PT-2025-3695

Name of the Vulnerable Software and Affected Versions arm64 CPU affected versions not specified Description The issue allows an unprivileged context to trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is...

CVE-2024-53129

In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop: Fix a dereferenced before check warning The 'state' can't be NULL, we should check crtcstate. Fix warning: drivers/gpu/drm/rockchip/rockchipdrmvop.c:1096 vopplaneatomicasynccheck warn: variable dereferenced...

DEBIAN-CVE-2024-53129

In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop: Fix a dereferenced before check warning The 'state' can't be NULL, we should check crtcstate. Fix warning: drivers/gpu/drm/rockchip/rockchipdrmvop.c:1096 vopplaneatomicasynccheck warn: variable dereferenced...

CVE-2024-53129

CVE-2024-53129 affects the Linux kernel DRM Rockchip VOP as described. The root cause was a NULL-dereference in vop_plane_atomic_async_check() where 'state' could be dereferenced before a NULL check; patch fixes crtc_state validation (rockchip_drm_vop.c:1096). Connected advisories confirm the iss...

CVE-2022-48954 s390/qeth: fix use-after-free in hsci

In the Linux kernel, the following vulnerability has been resolved: s390/qeth: fix use-after-free in hsci KASAN found that addr was dereferenced after br2deveventwork was freed. ================================================================== BUG: KASAN: use-after-free in...

CVE-2022-48861

In the Linux kernel, the following vulnerability has been resolved: vdpa: fix use-after-free on vpvdparemove When vpvdpa driver is unbind, vpvdpa is freed in vdpaunregisterdevice and then vpvdpa-mdev.pcidev is dereferenced in vpmodernremove, triggering use-after-free. Call Trace of unbinding driv...

CVE-2024-38544

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix seg fault in rxecompqueuepkt In rxecompqueuepkt an incoming response packet skb is enqueued to the resppkts queue and then a decision is made whether to run the completer task inline or schedule it. Finally the skb ...

CVE-2021-47307

CVE-2021-47307 affects the Linux kernel CIFS code; a NULL pointer dereference in cifs_compose_mount_options() could occur when the optional ref parameter contains a NULL node_name. The issue has been resolved in the kernel, with fixes committed in stable updates (references point to kernel commit...

CVE-2024-26950 wireguard: netlink: access device through ctx instead of peer

In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: access device through ctx instead of peer The previous commit fixed a bug that led to a NULL peer-device being dereferenced. It's actually easier and faster performance-wise to instead get the device from...

CVE-2024-26672 drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()'

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix variable 'mcafuncs' dereferenced before NULL check in 'amdgpumcasmugetmcaentry' Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpumca.c:377 amdgpumcasmugetmcaentry warn: variable dereferenced before check 'mcafunc...