Microsoft Hyper-V 访问控制错误漏洞

Microsoft Hyper-V is an application from Microsoft Corporation USA. A system hypervisor virtualization technology that enables desktop virtualization. An access control error vulnerability exists in Microsoft Hyper-V. The vulnerability stems from a flaw in the access control mechanism and can be...

Microsoft MSHTML Framework 安全漏洞

The Microsoft MSHTML Framework is a software framework developed by Microsoft that is used for parsing and rendering HTML documents. There are security vulnerabilities in the Microsoft MSHTML Framework. Attackers can exploit these vulnerabilities to bypass certain features. The following products...

Microsoft GitHub Copilot and Visual Studio Code 命令注入漏洞

Microsoft GitHub Copilot and Visual Studio Code are a set of intelligent coding tools developed by the American company Microsoft. There is a command injection vulnerability present in Microsoft GitHub Copilot and Visual Studio Code. Attackers can exploit this vulnerability to bypass certain...

CIC-Trap4Phish: A Unified Multi-Format Dataset for Phishing and Quishing Attachment Detection

Phishing attacks represents one of the primary attack methods which is used by cyber attackers. In many cases, attackers use deceptive emails along with malicious attachments to trick users into giving away sensitive information or installing malware while compromising entire systems. The...

Fedora 42 : xorgxrdp / xrdp (2026-b409dad73e)

The remote Fedora 42 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-b409dad73e advisory. Release notes for xrdp v0.10.5 2026/01/27 Security fixes - CVE-2025-68670: Improper bounds checking of domain string length leads to Stack-based...

Fedora 43 : xorgxrdp / xrdp (2026-febea89ac3)

The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-febea89ac3 advisory. Release notes for xrdp v0.10.5 2026/01/27 Security fixes - CVE-2025-68670: Improper bounds checking of domain string length leads to Stack-based...

Important: Red Hat Security Advisory: Self-service automation portal 2.1 security update

Updated images are now available for Self-service automation portal 2.1, which include new features, bug fixes, and enhancements for Red Hat Ansible Automation Platform integration with Red Hat Developer Hub. Self-service automation portal 2.1 delivers an Ansible-first Red Hat Developer Hub user...

time vulnerable to stack exhaustion Denial of Service attack

Impact When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary,...

Denial of Service via Stack Exhaustion

Impact When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary,...

OPENSUSE-SU-2026:20177-1 Security update for golang-github-prometheus-prometheus

This update for golang-github-prometheus-prometheus fixes the following issues: Update to version 3.5.0: Security issues fixed: - CVE-2025-13465: prototype pollution in the .unset and .omit functions can lead to deletion of methods from global bsc1257329. - CVE-2025-12816: interpretation conflict...

CVE-2026-23104 ice: fix devlink reload call trace

In the Linux kernel, the following vulnerability has been resolved: ice: fix devlink reload call trace Commit 4da71a77fc3b "ice: read internal temperature sensor" introduced internal temperature sensor reading via HWMON. icehwmoninit was added to iceinitfeature and icehwmonexit was added to...

EUVD-2026-5438

In the Linux kernel, the following vulnerability has been resolved: ice: fix devlink reload call trace Commit 4da71a77fc3b "ice: read internal temperature sensor" introduced internal temperature sensor reading via HWMON. icehwmoninit was added to iceinitfeature and icehwmonexit was added to...

CVE-2026-23104

CVE-2026-23104 describes a Linux kernel ice driver issue where devlink reload can trigger a call trace due to mismatched cleanup of the internal hwmon state. The root cause is that ice_hwmon_init() is invoked during feature init and ice_hwmon_exit() was tied to ice_remove(), which could leave a d...

MAL-2026-703 Malicious code in @x-clients/features (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11011581541d17f28bb84a9e3ea5703dfc0f4834506875fa48f61ea79c87c30c The package @x-clients/features was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @x-clients/features (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11011581541d17f28bb84a9e3ea5703dfc0f4834506875fa48f61ea79c87c30c The package @x-clients/features was found to contain malicious code. Source: ossf-package-analysis...

USN-8006-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 8.0.45 in Ubuntu 20.04 LTS. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes...

USN-8006-1 mysql-8.0 vulnerabilities

Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 8.0.45 in Ubuntu 20.04 LTS. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes...

[SECURITY] Fedora 42 Update: openttd-15.1-1.fc42

OpenTTD is modeled after a popular transportation business simulation game by Chris Sawyer and enhances the game experience dramatically. Many features were inspired by TTDPatch while others are original...

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Custom JS vulnerability discovered by Webbernaut in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.15.7...

GHSA-VCF3-26XF-FW4M Salt Authentication Protocol Version Downgrade Allows Minion Impersonation

Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and circumventing protections introduced in response to prior issues...