1880 matches found
x86: Floating Point Divider State Sampling
ISSUE DESCRIPTION Researchers from the CISPA Helmholtz Center for Information Security have discovered Floating Point Divider State Sampling. It is detailed in a paper titled "TREVEX: A Black-Box Detection Framework For Data-Flow Transient Execution Vulnerabilities" For more information, see:...
OESA-2026-1968 llvm security update
LLVM is a compiler infrastructure designed for compile-time, link-time, runtime, and idle-time optimization of programs from arbitrary programming languages. Security Fixes: When using Arm Cortex-M Security Extensions CMSE, Secure stack contents can be leaked to Non-secure state via floating-poin...
Floating Point Value Injection (FPVI) Variant in AMD CPUs
Summary Researchers shared with AMD a report titled “TREVEX: A Black-Box Detection Framework For Data-Flow Transient Execution Vulnerabilities.” The researchers' paper introduced a Floating-Point Value Injection FPVI variant, which could allow an attacker with a deep understanding of...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007353)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007353 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: Restrict CPUBIGENDIAN to GNU as or LLVM IAS 15.x or newer Prior to LLVM 15.0.0, LLVM's...
Floating Point Divider State Sampling on AMD CPUs
CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2025-54505| A transient execution vulnerability within AMD CPUs may allow a local, user-privileged attacker to leak data via the floating-point divisor unit, potentially resulting in a loss of...
PT-2026-33582
Name of the Vulnerable Software and Affected Versions AMD CPUs affected versions not specified Description A transient execution vulnerability exists within AMD CPUs that allows a local user-privileged attacker to leak data via the floating point divisor unit. This issue, known as Floating Point...
JLSEC-2026-85 A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an...
A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INTMIN...
LibRaw uncompressed_fp_dng_load_raw integer overflow vulnerability
Talos Vulnerability Report TALOS-2026-2363 LibRaw uncompressedfpdngloadraw integer overflow vulnerability April 7, 2026 CVE Number CVE-2026-24450 SUMMARY An integer overflow vulnerability exists in the uncompressedfpdngloadraw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious...
Incorrect Type Conversion or Cast
Overview OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast in the LossyDctDecoderexecute process when decoding DWA or DWAB-compressed files containing FLOAT-type channels. An attacker can cause...
Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to rhino
Summary IBM webMethods BPM uses rhino to embed a JavaScript engine for executing internal scripts related to business logic and configuration. Vulnerability Details CVEID:CVE-2025-66453 DESCRIPTION: Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1,...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There are security vulnerabilities in the Linux kernel, stemming from defects in the sensor filling logic and floating-point conversion routines. These vulnerabilities m...
Malicious code in @pypestream/floating-ui-dom (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c054f1bdbe451e796bb0623296f4240c654e72b4ef794089dad3428bfed98fd2 The package @pypestream/floating-ui-dom was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2030 Malicious code in @pypestream/floating-ui-dom (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c054f1bdbe451e796bb0623296f4240c654e72b4ef794089dad3428bfed98fd2 The package @pypestream/floating-ui-dom was found to contain malicious code. Source: ghsa-malware...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...
[SECURITY] Fedora 43 Update: kiss-fft-131.2.0-1.fc43
KISS FFT - A mixed-radix Fast Fourier Transform based on the principle, "Keep It Simple, Stupid." There are many great fft libraries already around. Kiss FFT is not trying to be better than any of them. It only attempts to be a reasonably efficient, moderately useful FFT that can use fixed or...
[SECURITY] Fedora 44 Update: kiss-fft-131.2.0-1.fc44
KISS FFT - A mixed-radix Fast Fourier Transform based on the principle, "Keep It Simple, Stupid." There are many great fft libraries already around. Kiss FFT is not trying to be better than any of them. It only attempts to be a reasonably efficient, moderately useful FFT that can use fixed or...
CVE-2026-25790
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, multiple stack-based buffer overflows exist in the Security Configuration Assessment SCA decoder wazuh-analysisd. The use of sprintf with a...
CVE-2026-25790
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, multiple stack-based buffer overflows exist in the Security Configuration Assessment SCA decoder wazuh-analysisd. The use of sprintf with a...
CVE-2026-25790
Wazuh CVE-2026-25790 affects the Security Configuration Assessment (SCA) decoder in wazuh-analysisd, with stack-based buffer overflows from using sprintf(value, "%lf", …) into a fixed 128-byte buffer. The vulnerability exists in multiple locations within /src/analysisd/decoders/security_configura...
UBUNTU-CVE-2026-31884
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, division by zero in MS-ADPCM and IMA-ADPCM decoders when nBlockAlign is 0, leading to a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % blocksize where blocksize = context-common.format.nBlockAlign...