Lazarus Group Uses npm Brandjacking Campaign to Target Developers

North Korean Lazarus Group targets npm developers with brandjacking packages that mimic trusted tools, drop malware and put credentials at risk...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: amd-xgbe: Fixed an issue with the data length underflow in SKB structures. A BUGON will be triggered in the include/linux/skbuff.h file, resulting in intermittent kernel panics when a data length underflow is detected. This...

Astra Linux - уязвимость в golang-1.15

In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy from net/http/httputil result in a situation where an attacker is able to drop arbitrary headers...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUGON on ENOMEM when dropping extent items for a range If we get -ENOMEM while dropping file extent items in a given range, at btrfsdropextents, due to failure to allocate memory when attempting to increment the...

EUVD-2026-17067

A Privilege Dropping / Lowering Errors/Time-of-check Time-of-use TOCTOU Race Condition vulnerability in cosmic-greeter can allow an attacker to regain privileges that should have been dropped and abuse them in the racy checking logic. This issue affects cosmic-greeter before...

CVE-2026-25704

A Privilege Dropping / Lowering Errors/Time-of-check Time-of-use TOCTOU Race Condition vulnerability in cosmic-greeter can allow an attacker to regain privileges that should have been dropped and abuse them in the racy checking logic. This issue affects cosmic-greeter before...

PT-2026-28805

Name of the Vulnerable Software and Affected Versions cosmic-greeter versions prior to https://github.Com/pop-os/cosmic-greeter/pull/426 Description A Time-of-check Time-of-use TOCTOU race condition exists in cosmic-greeter. This condition can allow an attacker to regain privileges that should ha...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : Sudo vulnerability (USN-8092-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8092-1 advisory. It was discovered that Sudo incorrectly checked return codes when dropping privileges to run the mailer. A local attacker could possibly use...

USN-8092-1: Sudo vulnerability

It was discovered that Sudo incorrectly checked return codes when dropping privileges to run the mailer. A local attacker could possibly use this issue to escalate privileges...

CVE-2026-21882

theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched in version 0.2.0...

CVE-2026-21882

CVE-2026-21882 affects theshit, a command-line utility that detects and fixes shell command mistakes. In versions prior to 0.2.0, improper privilege dropping enables local privilege escalation via command re-execution. The issue is demonstrated as a local attack with high impact on confidentialit...

CVE-2026-21882 theshit's Improper Privilege Dropping Allows Local Privilege Escalation via Command Re-execution

theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched in version 0.2.0...

CVE-2026-21882 theshit's Improper Privilege Dropping Allows Local Privilege Escalation via Command Re-execution

theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched in version 0.2.0...

PT-2026-22690

Name of the Vulnerable Software and Affected Versions theshit versions prior to 0.2.0 Description theshit is a command-line utility designed to detect and correct common errors in shell commands. A flaw in privilege handling prior to version 0.2.0 allows for local privilege escalation through...

CVE-2026-27195

Wasmtime CVE-2026-27195 describes a panic in the component-model-async path when a host drops a future returned by TypedFunc::call_async on a guest export after a second call without awaiting completion. In affected builds (with component-model-async enabled by default since Wasmtime 39.0.0), thi...

EUVD-2025-206589

In the Linux kernel, the following vulnerability has been resolved: dmaengine: stm32: dmamux: fix device leak on route allocation Make sure to drop the reference taken when looking up the DMA mux platform device during route allocation. Note that holding a reference to a device does not prevent i...

MiracleLinux 7 : zsh-5.0.2-34.el7.2 (AXSA:2020-4510:02)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-4510:02 advisory. zsh: insecure dropping of privileges when unsetting PRIVILEGED option CVE-2019-20044 Tenable has extracted the preceding description block directly from the...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002842)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002842 advisory. The hashbindelete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of...

CVE-2025-68362

In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187rxcb The rtl8187rxcb calculates the rx descriptor header address by subtracting its size from the skb tail pointer. However, it does not validate if the received...

SUSE-SU-2025:4505-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50253: bpf: make sure skb-len != 0 when redirecting to a tunneling device bsc1249912. - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in...