CVE-2026-46333

A vulnerability was found in the Linux kernel that allows an unprivileged local user to read sensitive files normally restricted to the root user. The flaw occurs during process exit, where a brief window allows an attacker to intercept file access from a privileged process before it fully...

CVE-2026-44310 gitsign --verify panics on empty-certificate PKCS7 and exits 0, bypassing exit-code callers

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify in pkg/git/verifier.go unconditionally dereferences certs0 after sd.GetCertificates without checking the slice length. A CMS/PKCS7 signed message with...

CVE-2026-44310

CVE-2026-44310 (gitsign) : In CertVerifier.Verify(), after GetCertificates(), the code dereferences certs[0] without validating the slice length. A CMS/PKCS7 message can have an empty certificate set, causing an index-out-of-range panic. When invoked via the gitsign --verify path (git verify-comm...

EUVD-2026-30564

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify in pkg/git/verifier.go unconditionally dereferences certs0 after sd.GetCertificates without checking the slice length. A CMS/PKCS7 signed message with...

CVE-2026-44310 gitsign --verify panics on empty-certificate PKCS7 and exits 0, bypassing exit-code callers

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify in pkg/git/verifier.go unconditionally dereferences certs0 after sd.GetCertificates without checking the slice length. A CMS/PKCS7 signed message with...

SUSE CVE-2026-43482

In the Linux kernel, the following vulnerability has been resolved: schedext: Disable preemption between scxclaimexit and kicking helper work scxclaimexit atomically sets exitkind, which prevents scxerror from triggering further error handling. After claiming exit, the caller must kick the helper...

SUSE CVE-2026-43483

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Set/clear CR8 write interception when AVIC is deactivated Explicitly set/clear CR8 write interception when AVIC is deactivated to fix a bug where KVM leaves the interception enabled after AVIC is activated. E.g. if KVM...

BIT-DOTNET-SDK-2026-42899 ASP.NET Core Denial of Service Vulnerability

Loop with unreachable exit condition 'infinite loop' in ASP.NET Core allows an unauthorized attacker to deny service over a network...

BIT-DOTNET-2026-42899 ASP.NET Core Denial of Service Vulnerability

Loop with unreachable exit condition 'infinite loop' in ASP.NET Core allows an unauthorized attacker to deny service over a network...

Linux Distros Unpatched Vulnerability : CVE-2026-43482

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - schedext: Disable preemption between scxclaimexit and kicking helper work scxclaimexit atomically sets exitkind, which prevents scxerror from triggering further...

EUVD-2026-30018

In the Linux kernel, the following vulnerability has been resolved: schedext: Disable preemption between scxclaimexit and kicking helper work scxclaimexit atomically sets exitkind, which prevents scxerror from triggering further error handling. After claiming exit, the caller must kick the helper...

CVE-2026-43482

A flaw was found in the Linux kernel's schedext component. If a task is preempted between the scxclaimexit function and the subsequent helper work activation, and the BPF Berkeley Packet Filter scheduler fails to reschedule it, the system can become unresponsive. This can lead to a denial of...

CVE-2026-43483

The CVE-2026-43483 entry describes a Linux kernel KVM SVM issue where CR8 write interception is left enabled when AVIC is (de)activated. The underlying problem is an SVM implementation flaw that can cause a dangling CR8 intercept, which, when combined with a TPR sync bug fixed in a related commit...

CVE-2026-43482

The CVE affects the Linux kernel sched_ext path, where scx_claim_exit() atomically sets exit_kind and requires preemption to be disabled until the helper work is kicked. If a task is preempted between claiming exit and queuing the helper work, BPF scheduler recovery can fail to resume the task, c...

CVE-2026-43482

In the Linux kernel, the following vulnerability has been resolved: schedext: Disable preemption between scxclaimexit and kicking helper work scxclaimexit atomically sets exitkind, which prevents scxerror from triggering further error handling. After claiming exit, the caller must kick the helper...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of disabling preemption between the scxclaimexit and trigger-assisted work processes,...

PT-2026-40689

In the Linux kernel, the following vulnerability has been resolved: sched ext: Disable preemption between scx claim exit and kicking helper work scx claim exit atomically sets exit kind, which prevents scx error from triggering further error handling. After claiming exit, the caller must kick the...

CVE-2026-42899

Loop with unreachable exit condition 'infinite loop' in ASP.NET Core allows an unauthorized attacker to deny service over a network...

ASP.NET Core Denial of Service Vulnerability

Loop with unreachable exit condition 'infinite loop' in ASP.NET Core allows an unauthorized attacker to deny service over a network...

Malicious code in crazehub (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53d37c0e75f63e9da7adcc1f71f8b67a665d080342df6857a15dadc297e4f075 crazehub/init.py performs multiple user-hostile actions at import time. Lines 2-3 unconditionally run os.system"pip install phonenumbers" and...