EUVD-2026-32370

In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: fix recursive pcilockrescanremove locking in EEH event handling The recent commit 1010b4c012b0 "powerpc/eeh: Make EEH driver device hotplug safe" restructured the EEH driver to improve synchronization with the PCI...

CVE-2026-45904

CVE-2026-45904 – powerpc/eeh locking fix in Linux kernel : The vulnerability was resolved by a patchset that corrects recursive locking between EEH (Enhanced Error Handling) and PCI hotplug logic. The root cause was that eeh_handle_normal_event() acquired pci_lock_rescan_remove() before calling e...

CLSA-2026-1779127797 libpng15: Fix of CVE-2026-34757

CVE-2026-34757: Use snapshot-before-free and defer-free patterns to prevent use-after-free when a caller passes a pointer obtained from pnggetPLTE, pnggettRNS, pnggethIST, pnggettext, pnggetsPLT, or pnggetunknownchunks back into the corresponding setter issues 836 and 837...

vm2 安全漏洞

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.11.2 had a security vulnerability. This vulnerability stemmed from the neutralizeArraySpeciesBatch method...

CLSA-2026-1773830791 libssh: Fix of CVE-2026-3731

CVE-2026-3731: fix out-of-bounds read in sftpextensionsgetname and sftpextensionsgetdata when idx equals the extension count...

kernel: smb: client: Add check for next_buffer in receive_encrypted_standard()

In the Linux kernel, the following vulnerability has been resolved: smb: client: Add check for nextbuffer in receiveencryptedstandard Add check for the return value of cifsbufget and cifssmallbufget in receiveencryptedstandard to prevent null pointer dereference...

CVE-2025-39693

CVE-2025-39693: In the Linux kernel, the vuln affects the DRM AMD display path (drm/amd/display) where NULL pointers could be dereferenced via drm_atomic_get_new_connector_state() or drm_atomic_get_old_connector_state(). The description states the root cause is that these functions can return NUL...

CVE-2025-21844 smb: client: Add check for next_buffer in receive_encrypted_standard()

In the Linux kernel, the following vulnerability has been resolved: smb: client: Add check for nextbuffer in receiveencryptedstandard Add check for the return value of cifsbufget and cifssmallbufget in receiveencryptedstandard to prevent null pointer dereference...

DEBIAN-CVE-2024-38573

In the Linux kernel, the following vulnerability has been resolved: cppccpufreq: Fix possible null pointer dereference cppccpufreqgetrate and hisicppccpufreqgetrate can be called from different places with various parameters. So cpufreqcpuget can return null as 'policy' in some circumstances. Fix...

UBUNTU-CVE-2023-52680

In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing error checks to ctlget The ctlget functions which call scarlett2update were not checking the return value. Fix to check the return value and pass to the caller...

Prototype Pollution

plotly.js is vulnerable to Prototype pollution. The vulnerability is caused due to missing validation against the proto attribute and other internal getters and setters. An attacker can pollute the prototype with properties containing harmful values, which is subsequently used by application...

Information Disclosure

@strapi/utils, @strapi/strapi and @strapi/database is vulnerable to Information Disclosure. The vulnerability exists due to the use of getters for private attributes which allows an attacker to view sensitive attributes because the privateAttributes may be removed unintentionally...

SUSE CVE-2013-1737

Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass...

SUSE CVE-2014-1481

Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines...

SUSE CVE-2016-1679

The ToV8Value function in content/child/v8valueconverterimpl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not properly restrict use of getters and setters, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via...

UniswapConfig getters return wrong token config if token config does not exist

Handle @cmichelio Vulnerability details Vulnerability Details The UniswapConfig.getTokenConfigBySymbolHash function does not work as getSymbolHashIndex returns 0 if there is no config token for that symbol uninitialized map value, but the outer function implements the non-existence check with -1...

nodejs: memory corruption in napi_get_value_string_* functions

A flaw was found in nodejs. Calling napigetvaluestringlatin1, napigetvaluestringutf8, or napigetvaluestringutf16 with a non-NULL buf, and a bufsize of 0 will cause the entire string value to be written to buf, probably overrunning the length of the buffer...

JavaScriptCore GetterSetter Type Confusion

JSC: GetterSetter type confusion during DFG compilation The following JavaScript program, found by Fuzzilli and slightly modified, crashes JavaScriptCore built from HEAD and the current stable release /System/Library/Frameworks/JavaScriptCore.framework/Resources/jsc: let notAGetterSetter =...

Chrome V8 ElementsAccessorBase::CollectValuesOrEntriesImpl Type Confusion

Chrome: V8: Type confusion in ElementsAccessorBase::CollectValuesOrEntriesImpl CVE-2018-6064 Here's a snippet of the method. https://cs.chromium.org/chromium/src/v8/src/elements.cc?rcl=3cbf26e8a21aa76703d2c3c51adb9c96119500da&l=1051 static Maybe CollectValuesOrEntriesImpl Isolate isolate, Handle...

Google Chrome V8 - ElementsAccessorBase::CollectValuesOrEntriesImpl Type Confusion

Exploit for multiple platform in category dos / poc / Here's a snippet of the method. https://cs.chromium.org/chromium/src/v8/src/elements.cc?rcl=3cbf26e8a21aa76703d2c3c51adb9c96119500da&l=1051 static Maybe CollectValuesOrEntriesImpl Isolate isolate, Handle object, Handle valuesorentries, bool...