📄 MixPHP Framework 2.2.17 Deserialization / Arbitrary Code Execution

MixPHP Framework versions 2.x through 2.2.17 suffer from an insecure deserialization vulnerability that allows for remote code execution. Exploit Title: MixPHP Framework 2.2.17 - Unsafe Deserialization Remote Code Execution Date: 2026-05-14 Exploit Author: cardosource Vendor Homepage:...

OSV-2026-744 Heap-double-free in _dwarf_destruct_elf_nlaccess

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=513032442 Crash type: Heap-double-free Crash state: dwarfdestructelfnlaccess dwarfelfnlsetup dwarfinitpathdla...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: s390/iucv: MSGPEEK causes a memory leak in iucvsockdestruct. Passing the MSGPEEK flag to skbrecvdatagram increments the skb refcount skb-users, while iucvsockrecvmsg does not decrement the skb refcount at exit. This results in a...

php-8.5.5-var_destroy-uaf

PHP 8.5.5 — vardestroy destruct reentrancy UAF Siste...

CVE-2026-31474 can: isotp: fix tx.buf use-after-free in isotp_sendmsg()

In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix tx.buf use-after-free in isotpsendmsg isotpsendmsg uses only cmpxchg on so-tx.state to serialize access to so-tx.buf. isotprelease waits for ISOTPIDLE via waiteventinterruptible and then calls kfreeso-tx.buf. If a...

Linux Distros Unpatched Vulnerability : CVE-2026-31474

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - can: isotp: fix tx.buf use-after-free in isotpsendmsg isotpsendmsg uses only cmpxchg on so-tx.state to serialize access to so-tx.buf. isotprelease waits for...

AZL-75150 CVE-2025-71148 affecting package kernel for versions less than 6.6.121.1-1

In the Linux kernel, the following vulnerability has been resolved: net/handshake: restore destructor on submit failure handshakereqsubmit replaces sk-skdestruct but never restores it when submission fails before the request is hashed. handshakeskdestruct then returns early and the original...

OSV-2026-91 Use-after-poison in compress.cc

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=476224483 Crash type: Use-after-poison READ 1 Crash state: compress.cc LLVMFuzzerRunDriver selfdestruct...

Online shoppers at risk as Magecart skimming hits major payment networks

Researchers have been tracking a Magecart campaign that targets several major payment providers, including American Express, Diners Club, Discover, and Mastercard. Magecart is an umbrella term for criminal groups that specialize in stealing payment data from online checkout pages using malicious...

ROS-20260113-7347

A vulnerability in the linkdestruct function in the drivers/gpu/drm/amd/display/dc/link/linkfactory.c module of the amdgpu driver of the Linux kernel is related to the re-release of previously freed memory. Exploitation of the vulnerability could allow an attacker to affect the confidentiality,...

PT-2025-49477

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a use-after-free issue within the vc screen module. Specifically, a struct vc data pointer in the vcs write function can be freed by vc port destruct after a ca...

EUVD-2024-30773

Malicious code in bioql PyPI...

SUSE CVE-2025-39705

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a Null pointer dereference vulnerability Why A null pointer dereference vulnerability exists in the AMD display driver's DC module cleanup function dcdestruct. When display control context dc-ctx construction...

AZL-70792 CVE-2025-39705 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a Null pointer dereference vulnerability Why A null pointer dereference vulnerability exists in the AMD display driver's DC module cleanup function dcdestruct. When display control context dc-ctx construction...

UBUNTU-CVE-2025-39705

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a Null pointer dereference vulnerability Why A null pointer dereference vulnerability exists in the AMD display driver's DC module cleanup function dcdestruct. When display control context dc-ctx construction...

CVE-2025-39705 drm/amd/display: fix a Null pointer dereference vulnerability

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a Null pointer dereference vulnerability Why A null pointer dereference vulnerability exists in the AMD display driver's DC module cleanup function dcdestruct. When display control context dc-ctx construction...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from the drm/amd/display module not checking if dc-ctx is NULL in dcdestruct...

Linux Distros Unpatched Vulnerability : CVE-2024-31211

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress is an open publishing platform for the Web. Unserialization of instances of the WPHTMLToken class allows for code execution via its destruct magic...

CVE-2024-33028

Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released...

FBI Deletes PlugX Malware from Thousands of Computers

According to a DOJ press release, the FBI was able to delete the Chinese-used PlugX malware from "approximately 4,258 U.S.-based computers and networks." Details: To retrieve information from and send commands to the hacked machines, the malware connects to a command-and-control server that is...