Suricata security vulnerabilities

Suricata is a network IDS, IPS, and NSM engine developed by the Open Information Security Foundation. Versions of Suricata prior to 8.0.3 and 7.0.14 contained security vulnerabilities. These vulnerabilities stemmed from the possibility of consuming excessive memory during the parsing of specially...

CVE-2025-27821

Summary: CVE-2025-27821 is an out-of-bounds write vulnerability in the Apache Hadoop HDFS native client, specifically in the URI parser. The issue affects Hadoop 3.2.0 up to, but not including, 3.4.2. Multiple sources (NVD, Red Hat, OSV, GHSA, CVE list, Snyk, and others) describe the same flaw an...

Apache Hadoop security vulnerabilities

Apache Hadoop is an open-source distributed system framework developed by the Apache Foundation in the United States. This product enables distributed processing of large amounts of data, featuring high reliability, scalability, and fault tolerance. ClickHouse is an open-source implementation of...

AZL-78428 CVE-2025-71152 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: net: dsa: properly keep track of conduit reference Problem description ------------------- DSA has a mumbo-jumbo of reference handling of the conduit net device and its kobject which, sadly, is just wrong and doesn't make sense...

CVE-2025-71152

In the Linux kernel, the following vulnerability has been resolved: net: dsa: properly keep track of conduit reference Problem description ------------------- DSA has a mumbo-jumbo of reference handling of the conduit net device and its kobject which, sadly, is just wrong and doesn't make sense...

CVE-2025-71152

CVE-2025-71152 is a vulnerability reported in the Linux kernel and appears in multiple OS advisories. Connected entries indicate patches for Root Linux (rootio-linux) across Debian 11/12/13 variants, and additional OSV records show Debian-based and Chainguard advisories patching Root packages. Pu...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37786)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37786 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: dsa: free routing table on probe...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37864)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37864 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: dsa: clean up FDB, MDB, VLAN entrie...

Azure Linux 3.0 Security Update: kernel (CVE-2024-38570)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-38570 advisory. - In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix potential glock use-after- fre...

Azure Linux 3.0 Security Update: samba (CVE-2021-3738)

The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-3738 advisory. - In DCE/RPC it is possible to share the handles cookies for resource state between multiple connections via a...

MiracleLinux 9 : nghttp2-1.43.0-5.el9.1 (AXSA:2023-6518:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6518:02 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 Tenable has extracted the preceding description...

CVE-2025-63648

A NULL pointer dereference in the dacpreplyplayqueueeditmove function src/httpddacp.c of owntone-server commit b7e385f allows attackers to cause a Denial of Service DoS via sending a crafted DACP request to the server...

MiracleLinux 9 : gnutls-3.7.6-23.el9_3.3 (AXSA:2024-7484:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7484:02 advisory. gnutls: timing side-channel in the RSA-PSK authentication CVE-2023-5981 gnutls: incomplete fix for CVE-2023-5981 CVE-2024-0553 gnutls: rejects...

Unicornscan 0.4.43

Unicornscan is an information gathering and correlation engine built for and by members of the security research and testing communities. It was designed to provide an engine that is Scalable, Accurate, Flexible, and Efficient. It is released for the community to use under the terms of the GPL...

Linux Distros Unpatched Vulnerability : CVE-2026-23528

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter- server-proxy, and Dask distributed are all run together...

Many Hands Make Light Work: An LLM-Based Multi-Agent System for Detecting Malicious PyPI Packages

Malicious code in open-source repositories such as PyPI poses a growing threat to software supply chains. Traditional rule-based tools often overlook the semantic patterns in source code that are crucial for identifying adversarial components. Large language models LLMs show promise for software...

ICE Agent Doxxing Platform was Crippled After Coordinated DDoS Attack

The activist website called "ICE List" was offline after a massive DDoS attack. The crash followed a leak of 4,500 federal agent names linked to the Renee Nicole Good shooting...

Cross-site Scripting (XSS)

Overview distributed is a Distributed scheduler for Dask Affected versions of this package are vulnerable to Cross-site Scripting XSS via the interaction between Jupyter Lab, jupyter-server-proxy, and the Dask dashboard. An attacker can execute arbitrary code by enticing a user to click a phishin...

aces-apps (=1.5.4), aggfly (>=0.1.0 <=0.1.5) +411 more potentially affected by CVE-2026-23528 via distributed (>=1.13.0 <=2025.9.2)

distributed PYPI version =1.13.0, =0.1.0, =0.3.9, =0.0.1, =0.2.0, =0.1.0, =0.0.13b20200721, =0.5.3b20221014 and more Source cves: CVE-2026-23528 Source advisory: OSV:PYSEC-2026-169...

PYSEC-2026-169

Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting XSS bug in the Dask...