EUVD-2026-38978

In the Linux kernel, the following vulnerability has been resolved: s390/bpf: Zero-extend bpf prog return values and kfunc arguments s390x ABI requires callers to zero-extend unsigned arguments and sign-extend signed arguments, and callees to zero-extend unsigned return values and sign-extend...

CVE-2023-31918

Jerryscript 3.0 commit 1a2c047 was discovered to contain an Assertion Failure via the parserparsefunctionarguments at jerry-core/parser/js/js-parser.c...

EUVD-2020-16068

Malware in sbrugna...

EUVD-2007-0553

Malware in sbrugna...

EUVD-2020-17078

Malware in sbrugna...

EUVD-2020-0198

Malware in sbrugna...

EUVD-2022-28035

Malicious code in bioql PyPI...

Improper Validation of Function Hook Arguments

Overview Affected versions of this package are vulnerable to Improper Validation of Function Hook Arguments in the /api/webhook endpoint via the affectedRevisionInfo function. An attacker can cause the server process to crash and disrupt service availability by sending a Gogs push event whose JSO...

Linux Distros Unpatched Vulnerability : CVE-2020-23320

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is an Assertion in 'contextp-nextscannerinfop-type == SCANNERTYPEFUNCTION' in parserparsefunctionarguments in JerryScript 2.2.0. CVE-2020-23320 Note that...

CVE-2025-38034

CVE-2025-38034 : The connected Azure Linux 3.0 Nessus entry confirms a Linux kernel issue affecting btrfs paths where btrfs__prelim_ref calls wrong order of oldref/newref, causing a NULL pointer dereference in trace_btrfs_prelim_ref_insert(). The backtrace shows the call path ending in prelim_ref...

Eval Injection

Overview letta is a Create LLM agents with long-term memory and custom tools Affected versions of this package are vulnerable to Eval Injection via the functionmessage process. An attacker can execute arbitrary code by manipulating the functionname or functionargs arguments. Remediation There is ...

PYSEC-2025-122

The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, ...

Updated libpcap packages fix security vulnerabilities

In affected libpcap versions during the setup of a remote packet capture the internal function sockinitaddress calls getaddrinfo and possibly freeaddrinfo, but does not clearly indicate to the caller function whether freeaddrinfo still remains to be called after the function returns. This makes i...

CVE-2024-43910

In the Linux kernel, the following vulnerability has been resolved: bpf: add missing checkfuncargregoff to prevent out-of-bounds memory accesses Currently, it's possible to pass in a modified CONSTPTRTODYNPTR to a global function as an argument. The adverse effects of this is that BPF helpers can...

CVE-2024-35229

ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to version 1.3.10, there is a very specific pattern fa,b; checkifaexecutedlast in Yul that exposes a bug in evaluation order of Yul function arguments. This vulnerability has been fixed in version 1.3.10. As a...

CVE-2024-35229 ZKsync Era evaluation order of Yul function arguments

ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to version 1.3.10, there is a very specific pattern fa,b; checkifaexecutedlast in Yul that exposes a bug in evaluation order of Yul function arguments. This vulnerability has been fixed in version 1.3.10. As a...

CVE-2023-31918

Jerryscript 3.0 commit 1a2c047 was discovered to contain an Assertion Failure via the parserparsefunctionarguments at jerry-core/parser/js/js-parser.c...

UBUNTU-CVE-2023-31918

Jerryscript 3.0 commit 1a2c047 was discovered to contain an Assertion Failure via the parserparsefunctionarguments at jerry-core/parser/js/js-parser.c...

SUSE CVE-2007-0555

PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service server crash and possibly access...

abi.encodePacked Allows Hash Collision

Lines of code Vulnerability details Impact From the solidity documentation: If you use keccak256abi.encodePackeda, b and both a and b are dynamic types, it is easy to craft collisions in the hash value by moving parts of a into b and vice-versa. More specifically, abi.encodePacked"a", "bc" ==...