CVE-2025-71340

CVE-2025-71340 affects the picklescan tool up to version 0.0.26, where malicious pickle files can invoke idlelib.pyshell.ModifiedInterpreter.runcode via reduce , allowing code execution when loaded with pickle.load(). This enables supply‑chain attacks on PyTorch models and saved Python objects. T...

CVE-2026-38640

CVE-2026-38640 concerns the Redox relibc library. A reachable unwrap in the __assert_fail function (/assert/mod.rs) of commit 61f42d allows attackers to cause a Denial of Service (DoS) via a crafted string. The connected sources confirm the issue and its basic description; no additional exploit d...

Ubuntu 20.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-8462-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8462-1 advisory. It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-8441-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8441-1 advisory. It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A...

GHSA-4MR2-FG2P-W63C Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails

Summary There is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported nginx.ingress.kubernetes.io/auth-type and auth-secret annotations, but the...

Astra Linux – Vulnerability in Qemu

In QEMU, the softmmu/physmem.c file, versions up to 7.0.0, can perform an uninitialized read on the translatefail path, resulting in an ioreadx or iowritex crash. NOTE: A third-party report states that the “Non-virtualization Use Case” described in the qemu.org reference applies here. In other...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: lib/testhmm.c: Handling of failures in allocating srcpfns and dstpfns The kcalloc function used in dmirrordeviceevictchunk will return null if the physical memory runs out. As a result, if srcpfns or dstpfns is dereferenced, a...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: smb: client: Fixed an oops due to uninitialized variables in smb2unlink. If SMB2openinit or SMB2closeinit fails e.g., due to reconnection, the iovs structure @rqst may remain uninitialized. As a result, calling SMB2openfree,...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fixed corruption in the listadd function within lpfcdraintxq. When parsing the txq list in lpfcdraintxq, the driver attempts to pass the requests to the adapter. If this attempt fails, a local “failmsg” string is set...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: nouveau/dmem: handling of kcalloc allocation failures The kcalloc function in nouveaudmemevictchunk will return null if the physical memory runs out. As a result, if we dereference srcpfns, dstpfns, or dmaaddrs, null pointer...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: dm thin: Fixed a use-after-free crash in dmsmregisterthresholdcallback. Reports of faults injecting into the pool metadata device: - BUG: KASAN: Use-after-free in dmpoolregistermetadatathreshold+0x40/0x80. - Reading of size 8 ...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: mm/vmalloc: fixed vmalloc, which may return null if called with GFPNOFAIL. The commit a421ef303008 "mm: allow !GFPKERNEL allocations for kvmalloc" includes support for GFPNOFAIL, but it creates a conflict with the commit...

EUVD-2026-37913

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2026-23026)

In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: gpi: Fix memory leak in gpiperipheralconfig Fix a memory leak in gpiperipheralconfig where the original memory pointed to by gchan-config could be lost if krealloc fails. The issue occurs when: 1. gchan-config...

Malicious code in @mastra/convex (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware acae13d27edf4e66aa693ee00ce3df3eb508a09c9bf7a9b934a9d3804653f3ce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @mastra/ai-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b23e19b24d58761bd64000978f4e6b11335a7ebd4fe1f7bfabb33ce050255a8f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5965 Malicious code in mastra (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 177b60c8d45a21867d69c269f21c334505b8c0298b497cbed321d403be4311f7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Ubuntu 22.04 LTS : Linux kernel (Azure) vulnerabilities (USN-8440-1)

"The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8440-1 advisory. Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the...

USN-8426-2 linux-azure vulnerabilities

It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 It was discovered that the Linux kernel did n...

Malicious code in tailwind-typography-style (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b5b1eea6bfed81a0e57b9af519c45155347e3937a20dc8ef4e9ab1cae6ff73d The package impersonates @tailwindcss/typography by name and ships a verbatim copy of tailwindlabs/tailwindcss-typography's src/ tree index.js,...