EUVD-2026-38885

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix data loss caused by incorrect use of natentry flag Data loss can occur when fsync is performed on a newly created file before any checkpoint has been written concurrently with a checkpoint operation. The scenario is as...

MINI-RCJR-2FCV-HPV4

Bulletin has no description...

EUVD-2026-38715

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfqueue: hold bridge skb-dev while queued brpassframeup rewrites skb-dev from the ingress port to the bridge master before queueing bridge LOCALIN packets. NFQUEUE only holds references on state.in/out and bridge...

ROOT-OS-DEBIAN-13-CVE-2025-38660 CVE-2025-38660 in rootio-linux - Patched by Root

Root has patched CVE-2025-38660 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2026-23071 CVE-2026-23071 in rootio-linux - Patched by Root

Root has patched CVE-2026-23071 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2026-46245 CVE-2026-46245 in rootio-linux - Patched by Root

Root has patched CVE-2026-46245 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

Malicious code in analysis-chart (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1ab4349bcc1e8f4434817d242b136f6e6050d4acb234aa833d81ffd74942066 The package's postinstall hook install-hook.js, invoked via package.json scripts.postinstall fetches an opaque binary 'payload.bin' from...

ECHO-2791-8592-919C

Bulletin has no description...

CVE-2026-10645

Zephyr's ext2 directory-entry parser does not fully validate on-disk directory entry structure before copying the entry name and advancing traversal state. In ext2fetchdirentry subsys/fs/ext2/ext2diskops.c, the code only checks denamelen = EXT2MAXFILENAME and then copies the name with memcpy...

CVE-2026-48167

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the ImageColumn and ImageEntry components render raw database values without escaping HTML. Where the data passed to these components isn't validated, an attacker could plant...

MINI-46XQ-CHGG-9CCJ

Bulletin has no description...

CGA-PJG6-G657-F2MC

Bulletin has no description...

MINI-QPG7-2X4Q-8PXH

Bulletin has no description...

MINI-G23R-93C9-3HPR

Bulletin has no description...

ROOT-OS-UBUNTU-2204-CVE-2026-43116 CVE-2026-43116 in rootio-linux - Patched by Root

Root has patched CVE-2026-43116 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

PT-2026-51388

Name of the Vulnerable Software and Affected Versions Filament versions prior to 4.11.5 Filament versions prior to 5.6.5 Description The ImageColumn and ImageEntry components render raw database values without escaping HTML. If the data passed to these components is not validated, an attacker can...

MINI-GXF6-G8PW-CR3P

Bulletin has no description...

MINI-FG32-766H-868V

Bulletin has no description...

Malicious code in jsonschema-viewer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3692022b4caf5ac51d868aaae58e793520ac3bd36703841eb615942baf85bb87 The package's only function — main in src/jsonschemaviewer/main.py, registered as the jsonschema-viewer console script — invokes os.system to fetch a...

MAL-2026-6248 Malicious code in jsonschema-viewer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3692022b4caf5ac51d868aaae58e793520ac3bd36703841eb615942baf85bb87 The package's only function — main in src/jsonschemaviewer/main.py, registered as the jsonschema-viewer console script — invokes os.system to fetch a...