EUVD-2026-1670

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions up to and including 1.5.0, the application checks the validity of the username but appears to skip, misinterpret, or incorrectly validate the password when the provided username matches a...

CVE-2013-6801

Microsoft Word 2003 SP2 and SP3 on Windows XP SP3 allows remote attackers to cause a denial of service CPU consumption via a malformed .doc file containing an embedded image, as demonstrated by word2003forkbomb.doc, related to a "fork bomb" issue...

CVE-2019-16761

A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the [email protected] npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. All versions 1.0....

CVE-2019-16762

A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to...

expr-eval: expr-eval: Prototype Pollution

A prototype pollution flaw was found in expr-eval. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution...

The Ghost in the Machine: Unmasking CrazyHunter's Stealth Tactics

The Ghost in the Machine: Unmasking CrazyHunter's Stealth Tactics By Aswath A · January 6, 2026 CrazyHunter ransomware has emerged as a significant and concerning threat, highlighting the increasing sophistication of cybercriminal tactics. Trellix has been actively tracking this ransomware since...

PT-2026-6147

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a use-after-free issue within the mm/vma subsystem, specifically related to merging Virtual Memory Areas VMAs after a memory remapping operation mremap. The...

PT-2026-27745

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to tracing buffer management. Specifically, a double-free condition can occur in the tracing buffers mmap close function when a process forks an...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992979)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992979 advisory. In the Linux kernel, the following vulnerability has been resolved: s390: fix double free of GS and RI CBs on fork failure The pointers for guarded storage and runti...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992459)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992459 advisory. In the Linux kernel, the following vulnerability has been resolved: s390: fix double free of GS and RI CBs on fork failure The pointers for guarded storage and runti...

The Quantum State Continuity Problem and Temporal Enforcement against Fork Attacks

We introduce the Quantum State Continuity Problem QSCP, a security objective orthogonal to identity authentication that captures whether a systems current execution is a legitimate continuation of a unique past execution. We show that classical and stateless quantum authentication mechanisms fail...

American Fuzzy Lop plus plus 4.35c

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc...

EUVD-2025-203056

Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0-alpha.2, a GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permission...

SUSE CVE-2022-50674

In the Linux kernel, the following vulnerability has been resolved: riscv: vdso: fix NULL deference in vdsojointimens when vfork Testing tools/testing/selftests/timens/vforkexec.c got below kernel log: 6.838454 Unable to handle kernel access to user memory without uaccess routines at virtual...

CVE-2022-50674

CVE-2022-50674 affects the Linux kernel riscv architecture, specifically a NULL dereference in vdso_join_timens() during vfork. The issue manifests as kernel Oops with timens_commit/timens_on_fork traces when setting up vdso for a new process, as shown in the provided logs. The root cause is desc...

Linux Distros Unpatched Vulnerability : CVE-2025-13204

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance mod...

EUVD-2025-201615

A vulnerability has been found in TykoDev cherry-studio-TykoFork 0.1. This issue affects the function redirectToAuthorization of the file /.well-known/oauth-authorization-server of the component OAuth Server Discovery. Such manipulation of the argument authorizationUrl leads to os command...

CVE-2025-14204 TykoDev cherry-studio-TykoFork OAuth Server Discovery oauth-authorization-server redirectToAuthorization os command injection

A vulnerability has been found in TykoDev cherry-studio-TykoFork 0.1. This issue affects the function redirectToAuthorization of the file /.well-known/oauth-authorization-server of the component OAuth Server Discovery. Such manipulation of the argument authorizationUrl leads to os command...

TykoTech Fork 操作系统命令注入漏洞

TykoTech Fork is an AI integration tool for LionTech individual developers. An OS command injection vulnerability exists in TykoTech Fork version 0.1, which stems from misuse of the parameter authorizationUrl in the file /.well-known/oauth-authorization-server, which could lead to os command...

CVE-2025-32900

CVE-2025-32900 concerns the KDE Connect information-exchange protocol, where spoofable broadcast UDP traffic can temporarily alter the displayed device information. The issue affects multiple platforms prior to fixed versions: KDE Connect on Android < 1.33.0, KDE Connect on desktop < 25.04,...