Harden-Runner 安全漏洞

Harden-Runner is a program open source by StepSecurity. It provides network exit filtering and runtime security for both GitHub-hosted and self-hosted runners. Harden-Runner versions 2.15.1 and earlier contained security vulnerabilities, which stemmed from an exploit that allowed DNS queries to...

Harden-Runner 安全漏洞

Harden-Runner is a program open source by StepSecurity. It provides network exit filter and runtime security for both GitHub-hosted and self-hosted runners. Harden-Runner versions 2.15.1 and earlier contained security vulnerabilities. These vulnerabilities stemmed from a DNS over HTTPS...

EUVD-2026-13148

ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing...

Allocation of Resources Without Limits or Throttling

Overview Microsoft.AspNetCore.Server.Kestrel.Core is a core components of ASP.NET Core Kestrel cross-platform web server. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to an incorrect exit condition in the HTTP/3 Encoder/Decoder strea...

CVE-2026-25667

The OSV entries and CVE describe a vulnerability in ASP.NET Core Kestrel (Microsoft .NET 8.0 < 8.0.22 and .NET 9.0

ROS-20260319-73-0017

A vulnerability in the normalexit function of the Grub2 operating system boot loader is related to the dereferencing of an expired pointer. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

EulerOS 2.0 SP11 : grub2 (EulerOS-SA-2026-1579)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service DoS risk. This flaw is a...

EulerOS 2.0 SP11 : grub2 (EulerOS-SA-2026-1607)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service DoS risk. This flaw is a...

GHSA-H75P-J8XM-M278 CoreDNS Loop Detection Denial of Service Vulnerability

Executive Summary A Denial of Service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator PRNG for generating a secret...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005751)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005751 advisory. In the Linux kernel, the following vulnerability has been resolved: MIPS: vpe-mt: fix possible memory leak while module exiting Afer commit 1fa5ae857bb1 driver core:...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005695)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005695 advisory. In the Linux kernel, the following vulnerability has been resolved: MIPS: vpe-mt: fix possible memory leak while module exiting Afer commit 1fa5ae857bb1 driver core:...

CVE-2025-48602

In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitati...

📄 MajorDoMo Console Eval Unauthenticated Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in MajorDoMo, an open-source home automation platform. The admin panels PHP console is accessible without authentication due to a missing exit after redirect in modules/panel.class.php. The redirect"/" call...

Unbreakable Enterprise kernel security update

5.4.17-2136.352.5.1 - xfrm: flush all states in xfrmstatefini Sabrina Dubroca Orabug: 39016499 - xfrm: also call xfrmstatedeletetunnel at destroy time for states that were never added Sabrina Dubroca Orabug: 39016499 - Revert 'xfrm: destroy xfrmstate synchronously on net exit path' Sabrina Dubroc...

MAL-2026-1232 Malicious code in @schedaero/yukon (npm)

Multiple evidences indicate malicious behavior: suspicious URL, data exfiltration, process exiting, and preinstall script execution. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b02868b7ba4a5e5bf754e692e348191e6974f2f707417f20f97b33f172cda4ca The package...

Malicious code in @schedaero/yukon (npm)

Multiple evidences indicate malicious behavior: suspicious URL, data exfiltration, process exiting, and preinstall script execution. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b02868b7ba4a5e5bf754e692e348191e6974f2f707417f20f97b33f172cda4ca The package...

MAL-2026-1231 Malicious code in @schedaero/shared (npm)

Malicious package due to suspicious URL, data exfiltration, forced process exit, preinstall script execution. Impersonating legit schedaero.com. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fde30d72c136b3e78352eecc9a614e37d812dc136aca7d2c685f2bdafd305207 The...

CVE-2026-27115 ADB Explorer is Vulnerable to Arbitrary Directory Deletion via Command-Line Argument

ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and below have an unvalidated command-line argument that allows any user to trigger recursive deletion of arbitrary directories on the Windows filesystem. ADB Explorer accepts an optional path argument to set a custom data...

SUSE CVE-2026-23113

In the Linux kernel, the following vulnerability has been resolved: iouring/io-wq: check IOWQBITEXIT inside work run loop Currently this is checked before running the pending work. Normally this is quite fine, as work items either end up blocking which will create a new worker for other items, or...

CVE-2026-27174 MajorDoMo Unauthenticated Remote Code Execution via Admin Console Eval

MajorDoMo aka Major Domestic Module allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to continue past a redirect call that lacks an exit statement, allowing unauthenticated requests to reach th...