CVE-2026-48732 Warp: Remote SSH cwd can lead to unauthorized remote command execution

Warp is an agentic development environment. From 0.2023.03.21.08.02.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection issue in the legacy SSH background command path. Warp used the remote working directory reported by the session when building helper commands for...

EUVD-2026-38909

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix listxattr handling when the buffer is full BUG If an OCFS2 inode has both inline and block-based xattrs, listxattr can return a size larger than the caller's buffer when the inline names consume that buffer exactly...

CVE-2026-54269

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 8.6.0 and 7.6.3, protobufjs accepted certain schema-derived names that could collide with properties used by protobufjs runtime helpers. The known affected names are fields named hasOwnProperty, field or oneof names...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Added a check for granularity in the dml ceil/floor helpers. Why The wrapper functions for dcnbwceil2 and dcnbwfloor2 should check that granularity is non-zero, to avoid assertion errors and divide-by-zero errors...

PT-2026-49553

Name of the Vulnerable Software and Affected Versions Starlette versions 1.0.1 and earlier Description In the HTTPEndpoint component, the handler is selected by lowercasing the HTTP method and looking it up as an attribute using getattr without restricting the lookup to a known set of HTTP verbs...

CVE-2026-53693

A stored cross-site scripting vulnerability existed in MISP BSimVis tag rendering code. Several client-side rendering paths interpolated tag names, collection names, entity identifiers, cluster names, and tag metadata directly into HTML, HTML attributes, inline JavaScript event handlers, and CSS...

CVE-2026-53693 MISP BSimVis stored cross-site scripting in tag and cluster rendering paths via unescaped tag metadata and UI labels

A stored cross-site scripting vulnerability existed in MISP BSimVis tag rendering code. Several client-side rendering paths interpolated tag names, collection names, entity identifiers, cluster names, and tag metadata directly into HTML, HTML attributes, inline JavaScript event handlers, and CSS...

SUSE CVE-2025-71315

In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Convert to DRM's vblank timer Replace vkms' vblank timer with the DRM implementation. The DRM code is identical in concept, but differs in implementation. Vblank timers are covered in vblank helpers and initializer...

CVE-2025-71315

In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Convert to DRM's vblank timer Replace vkms' vblank timer with the DRM implementation. The DRM code is identical in concept, but differs in implementation. Vblank timers are covered in vblank helpers and initializer...

CVE-2025-71315

The CVE-2025-71315 entry describes a Linux kernel fix: the vkms vblank timer is replaced by the DRM vblank timer implementation, removing vkms’ hrtimer and routing through vkms’ handle_vblank_timeout via drm_crtc_helper_funcs. This clarifies the affected component as the vkms driver in the DRM su...

CVE-2025-71315 drm/vkms: Convert to DRM's vblank timer

In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Convert to DRM's vblank timer Replace vkms' vblank timer with the DRM implementation. The DRM code is identical in concept, but differs in implementation. Vblank timers are covered in vblank helpers and initializer...

TencentOS Server 2: kernel (TSSA-2026:0418)

"The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0418 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilitie...

TencentOS Server 3: kernel (TSSA-2026:0419)

"The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0419 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilitie...

CVE-2026-42866

Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/modules.py's writetxt, writecsv, writejson, and commented-but-shipping scanfile helpers open their output as openf"user.", where user comes unsanitized from the -u CLI flag or any line of a -U usernames file. A userna...

[SECURITY] Fedora 43 Update: perl-libwww-perl-6.83-1.fc43

The libwww-perl collection is a set of Perl modules which provides a simple a nd consistent application programming interface to the World-Wide Web. The main focus of the library is to provide classes and functions that allow you to write WWW clients. The library also contain modules that are of...

ROOT-APP-NPM-CVE-2025-27789 CVE-2025-27789 in @rootio/babel__helpers - Patched by Root

Root has patched CVE-2025-27789 in the @rootio/babelhelpers package for Root:npm. Multiple fixed versions available...

CVE-2026-46254

In the Linux kernel, the following vulnerability has been resolved: AppArmor: Allow apparmor to handle unaligned dfa tables The dfa tables can originate from kernel or userspace and 8-byte alignment isn't always guaranteed and as such may trigger unaligned memory accesses on various architectures...

MAL-2026-5160 Malicious code in bt-signal-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d56152c37c3a078b771d2578dd86495783b51b886c96aa7ebb66a7ec36d72a24 During import, package exfiltrates environment variables and cloud tokens to a hardcoded location. --- Category: MALICIOUS - The campaign has clearly malicious...

Malicious code in quant-backtest-helpers (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ed851ff141e13db6dd7c16a3d4f1b3b92eb9fa6a917f5243ba22ccb933554e43 During import, package exfiltrates environment variables and cloud tokens to a hardcoded location. --- Category: MALICIOUS - The campaign has clearly malicious...

MAL-2026-5152 Malicious code in quant-backtest-helpers (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ed851ff141e13db6dd7c16a3d4f1b3b92eb9fa6a917f5243ba22ccb933554e43 During import, package exfiltrates environment variables and cloud tokens to a hardcoded location. --- Category: MALICIOUS - The campaign has clearly malicious...