fast-jwt: JWT auth bypass due to empty HMAC secret accepted by async key resolver

Summary A critical authentication-bypass vulnerability in fast-jwt's async key-resolver flow allows any unauthenticated attacker to forge arbitrary JWTs that are accepted as authentic. When the application's key resolver returns an empty string '', for example via the common keysdecoded.header.ki...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Fix OOB read on empty string write When writing an empty string to either 'qwsign' or 'landingPage' sysfs attributes, the store functions attempt to access pagel - 1 before validating that the length 'l' is...

CVE-2026-29788

TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 30, conversion of empty strings to null allows disguising DPA reports as genuine self-deletion reports. This issue has been...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005074)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005074 advisory. In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bondoptionarpiptargetsset In function bondoptionarpiptargetsse...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38077)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38077 advisory. - In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Avoid...

MiracleLinux 7 : java-11-openjdk-11.0.7.10-4.el7 (AXSA:2020-011:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-011:04 advisory. OpenJDK: Incorrect bounds checks in NIO Buffers Libraries, 8234841 CVE-2020-2803 OpenJDK: Incorrect type checks in MethodType.readObject Libraries,...

os/exec: Unexpected paths returned from LookPath in os/exec

A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

OESA-2025-2834 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

CVE-2025-66568 ruby-saml Libxml2 Canonicalization errors can bypass Digest/Signature validation

The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through the libxml2 canonicalization process used by Nokogiri for document transformation, which allows an attacker to execute a Signature Wrappi...

OESA-2025-2792 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

DEBIAN-CVE-2025-65955

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. Clearing a font family calls...

CVE-2025-65955

ImageMagick’s Magick++ vulnerability CVE-2025-65955 manifests when Options::fontFamily is invoked with an empty string, causing a use-after-free/dangling font pointer in _drawInfo->font and potentially leading to crashes or heap corruption on cleanup or subsequent updates. The issue arises bec...

EUVD-2018-0522

Malware in sbrugna...

EUVD-2016-9426

Malware in sbrugna...

EUVD-2016-8802

Malware in sbrugna...

EUVD-2024-47542

Malicious code in bioql PyPI...

CVE-2025-47906 Unexpected paths returned from LookPath in os/exec

If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

Use of Incorrectly-Resolved Name or Reference

Overview std/os/exec is a Go standard library package std/os/exec Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference. Go Vulnerability Report: If the PATH environment variable contains paths which are executables rather than just directories, passing...

Linux Distros Unpatched Vulnerability : CVE-2024-6443

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In utf8trunc in zephyr/lib/utils/utf8.c, lastbytep can point to one byte before the string pointer if the string is empty. CVE-2024-6443 Note that Nessus relies...

usb: gadget: configfs: Fix OOB read on empty string write

...