CVE-2026-32990

A flaw was found in Apache Tomcat. This improper input validation vulnerability stems from an incomplete fix for a previous security issue CVE-2025-66614. This flaw may allow an attacker to bypass security controls or cause unexpected behavior within the application. Mitigation Mitigation for thi...

MiracleLinux 7 : tomcat-7.0.76-16.0.1.el7.AXS7 (AXSA:2024-8731:12)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8731:12 advisory. Fix file path bug introduced by the CVE-2021-25329 fix CVEs: CVE-2021-25329 The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to...

CVE-2025-55129

HackerOne community member Kassem S.kassems94 has reported that username handling in Revive Adserver was still vulnerable to impersonation attacks after the fix for CVE-2025-52672, via several alternate techniques. Homoglyphs based impersonation has been independently reported by other HackerOne...

PT-2025-49010

🚨 CVE-2025-55129 HackerOne community member Kassem S.kassem s94 has reported that username handling in Revive Adserver was still vulnerable to impersonation attacks after the fix for CVE-2025-52672, via several alternate techniques. Homoglyphs based impersonation has been independently reported b...

EUVD-2020-18378

Malware in sbrugna...

EUVD-2019-15320

Malware in sbrugna...

EUVD-2021-34644

Malicious code in bioql PyPI...

CVE-2025-38454

CVE-2025-38454: In the Linux kernel, ALSA: ad1816a: Fix potential NULL pointer deref in snd_card_ad1816a_pnp(); switches to pr_warn() when 'pdev' is NULL to avoid NULL pointer dereference. The description indicates the fix is kernel-side and targets the ad1816A soundcard driver; no details on aff...

CVE-2022-50173 drm/msm/mdp5: Fix global state lock backoff

In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Fix global state lock backoff We need to grab the lock after the early return for !hwpipe case. Otherwise, we could have hit contention yet still returned 0. Fixes an issue that the new CONFIGDRMDEBUGMODESETLOCK stu...

CVE-2022-50073 net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null

In the Linux kernel, the following vulnerability has been resolved: net: tap: NULL pointer derefence in devparseheaderprotocol when skb-dev is null Fixes a NULL pointer derefence bug triggered from tap driver. When tapgetuser calls virtionethdrtoskb the skb-dev is null in tap.c skb-dev is set aft...

CVE-2022-50043

CVE-2022-50043 is a Linux kernel vulnerability in ndisc_router_discovery where, on certain paths after grabbing rt and neigh, a nonzero lifetime with a metric change causes the code to delete the route and potentially reacquire rt/neigh without decrementing the previous neigh reference count, lea...

CVE-2022-49860 dmaengine: ti: k3-udma-glue: fix memory leak when register device fail

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-glue: fix memory leak when register device fail If deviceregister fails, it should call putdevice to give up reference, the name allocated in devsetname can be freed in callback function kobjectcleanup...

Linux Distros Unpatched Vulnerability : CVE-2022-49255

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: f2fs: fix missing free nid in f2fshandlefailedinode This patch fixes xfstests/generic/475...

CVE-2024-52289

This CVE concerns authentik, an open-source identity provider. In the OAuth2 provider, Redirect URIs are validated by a RegEx comparison. If no Redirect URIs are configured for a provider, authentik can automatically treat the first received redirect_uri as allowed, without escaping RegEx-special...

CVE-2024-50301 security/keys: fix slab-out-of-bounds in key_task_permission

In the Linux kernel, the following vulnerability has been resolved: security/keys: fix slab-out-of-bounds in keytaskpermission KASAN reports an out of bounds read: BUG: KASAN: slab-out-of-bounds in kuidval include/linux/uidgid.h:36 BUG: KASAN: slab-out-of-bounds in uideq include/linux/uidgid.h:63...

CVE-2024-8297 kitsada8621 Digital Library Management System jwt_refresh_token_middleware.go JwtRefreshAuth neutralization for logs

A vulnerability was found in kitsada8621 Digital Library Management System 1.0. It has been classified as problematic. Affected is the function JwtRefreshAuth of the file middleware/jwtrefreshtokenmiddleware.go. The manipulation of the argument Authorization leads to improper output neutralizatio...

CVE-2022-48936

Removed by vendor...

BIT-JUPYTERHUB-2024-41942 JupyterHub has a privilege escalation vulnerability with the `admin:users` scope

JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the admin:users scope, they may escalate their own privileges by making themselves a full admin user. The impact is relatively small in that...

CVE-2024-41074 cachefiles: Set object to close if ondemand_id < 0 in copen

In the Linux kernel, the following vulnerability has been resolved: cachefiles: Set object to close if ondemandid 0 in copen If copen is maliciously called in the user mode, it may delete the request corresponding to the random id. And the request may have not been read yet. Note that when the...

CVE-2024-41074 cachefiles: Set object to close if ondemand_id < 0 in copen

In the Linux kernel, the following vulnerability has been resolved: cachefiles: Set object to close if ondemandid 0 in copen If copen is maliciously called in the user mode, it may delete the request corresponding to the random id. And the request may have not been read yet. Note that when the...