CVE-2026-46209

In the Linux kernel, the following vulnerability has been resolved: drm/gem: Fix inconsistent plane dimension calculation in drmgemfbinitwithfuncs drmgemfbinitwithfuncs computes sub-sampled plane dimensions using plain integer division: unsigned int width = modecmd-width / i ? info-hsub : 1;...

CVE-2026-41704

CVE-2026-41704 affects BOSH Director prior to v282.1.12. The issue arises from AgentClient#handle_method handling NATS responses: it may invoke inject_compile_log and format_exception, and the blobstore resource flow calls ResourceManager#get_resource(blob_id) followed by ResourceManager#delete_r...

kernel: ALSA: aloop: Fix racy access at PCM trigger

In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix racy access at PCM trigger The PCM trigger callback of aloop driver tries to check the PCM state and stop the stream of the tied substream in the corresponding cable. Since both check and stop operations are...

GHSA-WP38-WHX3-XFFH AVideo has Blind SSRF in YPTWallet Donation Webhook via Missing isSSRFSafeURL() Check and CURLOPT_FOLLOWLOCATION Redirect Bypass

Summary An authenticated user can configure their own donation-notification webhook URL to point at internal/loopback/metadata hosts e.g. http://127.0.0.1:8080/..., http://169.254.169.254/latest/..., RFC1918 addresses. When any other user including a second account owned by the same attacker...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix error recovery leading to data corruption on ESE devices Extent Space Efficient ESE or thin provisioned volumes need to be formatted on demand during usual IO processing. The dasdeseneedsformat function checks for...

CVE-2026-23191

In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix racy access at PCM trigger The PCM trigger callback of aloop driver tries to check the PCM state and stop the stream of the tied substream in the corresponding cable. Since both check and stop operations are...

kernel: Fix of 39 CVEs

nfs: fix UAF in direct writes CVE-2024-26958 - NFSD: Fix the behavior of READ near OFFSETMAX CVE-2022-48827 - thermal: core: prevent potential string overflow CVE-2023-52868 - ath5k: fix OOB in ath5keepromreadpcalinfo5111 CVE-2021-47633 - RDMA/cma: Ensure rdmaaddrcancel happens before issuing...

EUVD-2021-27207

Malware in sbrugna...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-392013)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-392013 advisory. In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix error recovery leading to data corruption on ESE devices Extent Space Efficient ES...

EUVD-2022-7060

Malicious code in bioql PyPI...

CVE-2024-21640

Chromium Embedded Framework CEF is a simple framework for embedding Chromium-based browsers in other applications.CefVideoConsumerOSR::OnFrameCaptured does not check pixelformat properly, which leads to out-of-bounds read out of the sandbox. This vulnerability was patched in commit 1f55d2e...

CVE-2019-14916

An issue was discovered in PRiSE adAS 1.7.0. A file's format is not properly checked, leading to an unrestricted file upload...

CVE-2025-37938

The CVE-2025-37938 entry affects the Linux kernel tracing subsystem. The issue arises in the trace event verifier when formats like "%*p.." are used; if an event references data that is freed before being read, the verifier may dereference freed memory, risking a kernel crash. The description ind...

Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-48853: swiotlb: fix info leak with DMAFROMDEVICE bsc1228015. CVE-2024-26801: Bluetooth: Avoid potential use-after-free in hcierrorreset bsc1222413...

CVE-2023-50804

An issue was discovered in Samsung Mobile Processor, and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly check format typ...

CVE-2023-24033

The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T512 baseband modem chipsets do not properly check format types specified by the Session Description Protocol SDP module, which can lead to a denial of service...

SUSE CVE-2017-7299

The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, has an invalid read of size 8 because the code to emit relocs bfdelffinallink function in bfd/elflink.c does not check the format of the input file before trying to read the ELF reloc section header. The...

Improper Access Control in liukuo362573/yishaadmin

Description https://www.github.com/liukuo362573/yishaadmin has an endpoint "/admin/File/UploadFile" that allows uploading files without authentication. Root-cause Server doesn't check user's permission when attacker access the endpoint. After that, server will directly call UploadFile function wi...

vulhub

This repository is an offensive tool for building vulnerable environments based on Docker-Compose. It contains a collection of vulnerable applications and services, including CouchDB, FFmpeg, Git, and Jenkins, among others. The repository is maintained by phith0n and is licensed under the MIT...

vulhub111

This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable environments and exploits for various software and frameworks, including CouchDB, FFmpeg, Git, and more. The repository is maintained by Vulhub, a community-driven project for...