496 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-54904
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::AtomicReferenceupdate can enter a permanent busy retry loop when the current...
CVE-2026-54904
concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::AtomicReferenceupdate can enter a permanent busy retry loop when the current value is Float::NAN. The issue is caused by the interaction between AtomicReferenceupdate, which retries until compareandsetoldvalue,...
CVE-2026-54904
concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::AtomicReferenceupdate can enter a permanent busy retry loop when the current value is Float::NAN. The issue is caused by the interaction between AtomicReferenceupdate, which retries until compareandsetoldvalue,...
CVE-2026-54904 concurrent-ruby: `AtomicReference#update` livelocks when the stored value is `Float::NAN`
concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::AtomicReferenceupdate can enter a permanent busy retry loop when the current value is Float::NAN. The issue is caused by the interaction between AtomicReferenceupdate, which retries until compareandsetoldvalue,...
CVE-2026-54904
Technical details for CVE-2026-54904 are not publicly available in the provided documents. No affected versions, root cause, or fixes are described beyond the initial entry. Monitor for updates.
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop in the AtomicReferenceupdate function when the current value is Float::NAN. An attacker can cause indefinite busy retry loops and CPU exhaustion by supplying malicious numeric data. Remediation Upgrade concurrent-ruby to...
GHSA-H8W8-99G7-QMVJ Concurrent Ruby : `AtomicReference#update` livelocks when the stored value is `Float::NAN`
Summary Concurrent::AtomicReferenceupdate can enter a permanent busy retry loop when the current value is Float::NAN. The issue is caused by the interaction between: - AtomicReferenceupdate, which retries until compareandsetoldvalue, newvalue succeeds. - Numeric compareandset, which checks old ==...
PT-2026-51090
Name of the Vulnerable Software and Affected Versions concurrent-ruby versions prior to 1.3.7 Description The Concurrent::AtomicReferenceupdate function can enter a permanent busy retry loop when the current value is Float::NAN. This occurs due to the interaction between AtomicReferenceupdate,...
Hiding in Plain Floats: Steganographic Carriers for Indirect Prompt and Content Injection
Text-centered prompt-injection defenses assume that the malicious signal is visible in one of the inspected text views. We study a reproducible LLM01-style indirect prompt/content-injection failure mode where that assumption breaks: a payload caught in plain English slips past the same detector...
Malicious code in chai-as-float (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 57fa3a7c5d47c518f43c819b91f8ae0bbdffbcf6fce42a1ebbce89e7d9c29199 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview chai-as-float is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-4293 Malicious code in chai-as-float (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 57fa3a7c5d47c518f43c819b91f8ae0bbdffbcf6fce42a1ebbce89e7d9c29199 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Astra Linux – Vulnerability in Ruby 2.5
There is a buffer over-read issue in Ruby before version 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. This issue occurs during the conversion from strings to floats, including in methods like KernelFloat and Stringtof...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: hwmon: macsmc Fixed regressions in the Apple Silicon SMC hwmon driver. The recently added macsmc-hwmon driver contained several critical bugs in its sensor population logic and float conversion routines. Specifically: - The...
Astra Linux – Vulnerability in imagemagick
In ImageMagick versions before 7.0.9-0, there are values that are outside the representable range for the 'float' type, located in MagickCore/quantize.c...
CLSA-2026-1777444043 ruby: Fix of 2 CVEs
CVE-2021-28965: fix REXML XML round-trip vulnerability - CVE-2022-28739: fix buffer over-read in String-to-Float conversion...
PT-2026-33907
Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.4.0 through 3.4.0 Description OpenEXR provides the specification and reference implementation of the EXR file format, which is an image storage format used in the motion picture industry. Recommendations At the moment, there...
JLSEC-2026-143
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoderexecute in...
EUVD-2026-22114
ImageMagick has a heap buffer overflow when encoding JXL image with a 16-bit float...
ImageMagick has a heap buffer overflow when encoding JXL image with a 16-bit float
The JXL encoder has an heap write overflow when a user specifies that the image should be encoded as 16 bit floats...