CVE-2026-32175

A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvmdevice leak in kvmipidestroy In kvmioctlcreatedevice, kvmdevice has allocated memory, kvmdevice-destroy seems to be supposed to free its kvmdevice struct, but kvmipidestroy is not currently doing this, that...

CVE-2026-6786

Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in...

PT-2026-30897

Name of the Vulnerable Software and Affected Versions pyLoad versions prior to 0.5.0b3.dev97 Description pyLoad is a free and open-source download manager written in Python. The safe extractall function in src/pyload/plugins/extractors/UnTar.py uses os.path.commonprefix for path traversal checks,...

openssl-encrypt has CORS wildcard with allow_credentials=True in standalone servers

Summary Both standalone servers configure CORS with alloworigins="", allowcredentials=True, allowmethods="", and allowheaders="". Affected Code python server/key-server/app/main.py:86-92 server/telemetry-server/app/main.py:23-29 app.addmiddleware CORSMiddleware, alloworigins=settings.corsorigins,...

SUSE CVE-2026-33223

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, the NATS message header Nats-Request-Info: is supposed to be a guarantee of identity by the NATS server, but the stripping of this header from inbound messages was...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992242)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992242 advisory. In the Linux kernel, the following vulnerability has been resolved: fs: prevent out-of-bounds array speculation when closing a file descriptor Google-Bug-Id: 1141993...

CVE-2023-54132

In the Linux kernel, the following vulnerability has been resolved: erofs: stop parsing non-compact HEAD index if clusterofs is invalid Syzbot generated a crafted image 1 with a non-compact HEAD index of clusterofs 33024 while valid numbers should be 0 lclustersize-1, which causes the following...

CVE-2022-50741

In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Disable useless interrupt to avoid kernel panic There is a hardware bug that the interrupt STMBUFHALF may be triggered after or when disable interrupt. It may led to unexpected kernel panic. And interrupt...

CVE-2023-54028

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix the error "trying to register non-static key in rxecleanuptask" In the function rxecreateqp, rxeqpfrominit is called to initialize qp, internally things like rxeinittask are not setup until rxeqpinitreq. If an error...

EUVD-2019-0496

Malware in sbrugna...

EUVD-2022-54508

Malicious code in bioql PyPI...

EUVD-2024-50693

Malicious code in bioql PyPI...

DEBIAN-CVE-2023-53339

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix BUGON condition in btrfscancelbalance Pausing and canceling balance can race to interrupt balance lead to BUGON panic in btrfscancelbalance. The BUGON condition in btrfscancelbalance does not take this race scenario in...

PT-2025-34422 · Unknown +1 · Alienware Wmi Wmax +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains an issue in the platform/x86/alienware-wmi-wmax component. A fix was implemented to address a missing empty member in the awcc dmi table array, specifically...

CVE-2025-38320

CVE-2025-38320 affects the Linux kernel on arm64/ptrace, describing a stack-out-of-bounds read in regs_get_kernel_stack_nth() detected by KASAN. The issue is illustrated by a long kernel trace showing a read of size 8 at a stack address belonging to task 1.sh/2550, with the buggy frame located in...

CVE-2022-50077

The CVE-2022-50077 entry concerns the Linux kernel AppArmor path aa_pivotroot, where a reference-count bug leaks a previously incremented “target” when aa_replace_current_label() returns success. The fix is to decrement the refcount of target in that code path (build_pivotroot() increased it earl...

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

CVE-2024-12226

CVE-2024-12226 affects Octopus Kubernetes: the Kubernetes worker/agent (versions 1–2) could log sensitive variables in clear-text to the Kubernetes script pod log. Root cause details beyond what’s stated are not provided. The issue has been fixed for both versions 1 and 2; apply the documented fi...

CVE-2024-56542

Summary of CVE-2024-56542: In the Linux kernel, drm/amd/display suffers a memleak during driver removal (amdgpu) due to incomplete cleanup in the takedown path. The trace shows memory manager not clean during takedown and a cascade through amdgpu_gtt_mgr_fini, amdgpu_ttm_fini, amdgpu_bo_fini, gmc...