CVE-2026-46049

A flaw was found in the ALSA Advanced Linux Sound Architecture ctxfi driver in the Linux kernel. When processing S/PDIF Sony/Philips Digital Interface Format passthrough playback at 32000 Hz, a missing update to the pllrate can cause an infinite loop. This can lead to a denial of service DoS for ...

EUVD-2022-6778

Malicious code in bioql PyPI...

CVE-2022-40082

Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function...

A week in security (April 12 – April 18)

Last week on Malwarebytes Labs: Text scams grow to steal hundreds of millions of dollars Apple patches security vulnerabilities in iOS and iPadOS. Update now! Hi, robot: Half of all internet traffic now automated "I sent you an email from your email account," sextortion scam claims "Follow me" to...

SUSE CVE-2025-40014

In the Linux kernel, the following vulnerability has been resolved: objtool, spi: amd: Fix out-of-bounds stack access in amdsetspifreq If speedhz AMDSPIMINHZ, amdsetspifreq iterates over the entire amdspifreq array without breaking out early, causing 'i' to go beyond the array bounds. Fix that by...

Hertz Confirms Data Breach After Hackers Stole Customer PII

Hertz confirms data breach linked to Cleo software flaw; Cl0p ransomware group leaked stolen data, exposing names, driver’s…...

Hertz data breach caused by CL0P ransomware attack on vendor

The Hertz Corporation, on behalf of Hertz, Dollar, and Thrifty brands, is sending breach notifications to customers who may have had their name, contact information, driver's license, and—in rare cases—Social Security Number exposed in a data breach. The car rental giant’s data was stolen in a...

SUSE CVE-2024-47664

In the Linux kernel, the following vulnerability has been resolved: spi: hisi-kunpeng: Add verification for the maxfrequency provided by the firmware If the value of maxspeedhz is 0, it may cause a division by zero error in hisicalceffectivespeed. The value of maxspeedhz is provided by firmware...

DEBIAN-CVE-2021-47603

In the Linux kernel, the following vulnerability has been resolved: audit: improve robustness of the audit queue handling If the audit daemon were ever to get stuck in a stopped state the kernel's kauditdthread could get blocked attempting to send audit records to the userspace audit daemon. With...

heinrich-hertz-schule-hamburg.de Cross Site Scripting vulnerability OBB-3570619

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Hertz path traversal vulnerability

Hertz is a Golang microservices HTTP framework open sourced by CloudWeGo. v0.3.0 of Hertz contains a path traversal vulnerability that stems from a failure of the normalizePath function to properly filter special elements in a resource or file path. An attacker could exploit this vulnerability to...

Path Traversal

github.com/cloudwego/hertz is vulnerable to path traversal. The vulnerability exists in normalizePath function of uri.go because the backslash restrictions are not properly implemented which allows an attacker to read any file in windows server...

GHSA-C9QR-F6C8-RGXF Hertz contains path traversal via normalizePath function

Hertz is a a high-performance and strong-extensibility Go HTTP framework that helps developers build microservices. Versions of Hertz prior to 0.3.1 contain a path traversal vulnerability via the normalizePath function. This issue has been patched in 0.3.1...

Hertz contains path traversal via normalizePath function

Hertz is a a high-performance and strong-extensibility Go HTTP framework that helps developers build microservices. Versions of Hertz prior to 0.3.1 contain a path traversal vulnerability via the normalizePath function. This issue has been patched in 0.3.1...

CVE-2022-40082

Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function...

CVE-2022-40082

Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function...

Path traversal

Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function...

CVE-2022-40082

Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function...

CVE-2022-40082

Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function...

CVE-2022-40082

CVE-2022-40082 affects Hertz (Go HTTP framework) v0.3.0 where the normalizePath function permits path traversal. The issue allows access to files outside the intended root and is described with a CVSS v3.1 base score of 7.5 (HIGH). A remediation exists: upgrade to v0.3.1, which is noted as patche...