PT-2026-36418

In the Linux kernel, the following vulnerability has been resolved: spi: amlogic: spifc-a4: unregister ECC engine on probe failure and remove callback aml sfc probe registers the on-host NAND ECC engine, but teardown was missing from both probe unwind and remove-time cleanup. Add a devm cleanup...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013532)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013532 advisory. In the Linux kernel, the following vulnerability has been resolved: mmc: alcor: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its...

Exploit for CVE-2026-22686

CVE-2026-22686 Web Application PoC Critical Sandbox Escape...

Code Injection

Enclave is vulnerable to Code Injection. The vulnerability is due to exposure of a host-side Error object with an intact prototype chain to sandboxed code, which allows an attacker to traverse to the host Function constructor and execute arbitrary code in the Node.js host runtime...

EUVD-2026-2463

enclave-vm Vulnerable to Sandbox Escape via Host Error Prototype Chain...

enclave-vm Vulnerable to Sandbox Escape via Host Error Prototype Chain

A critical sandbox escape vulnerability exists in enclave-vm affected: 2.6.0, patched: 2.7.0 that can allow untrusted, sandboxed JavaScript to execute arbitrary code in the host Node.js runtime. When a tool invocation fails, enclave-vm exposes a host-side Error object to sandboxed code. This Erro...

Protection Mechanism Failure

Overview enclave-vm is a Sandbox runtime for secure JavaScript code execution Affected versions of this package are vulnerable to Protection Mechanism Failure via the exposure of a host-side Error object to sandboxed code, which retains its host realm prototype chain. An attacker can intentionall...

CVE-2026-22686 Sandbox Escape via Host Error Prototype Chain in enclave-vm

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.7.0, there is a critical sandbox escape vulnerability in enclave-vm that allows untrusted, sandboxed JavaScript code to execute arbitrary code in the host Node.js runtime. When a tool invocation fails,...

PT-2026-2792

Name of the Vulnerable Software and Affected Versions Enclave versions prior to 2.7.0 Description Enclave is a secure JavaScript sandbox used for safe AI agent code execution. A critical sandbox escape issue exists in enclave-vm, allowing untrusted JavaScript code to execute arbitrary code in the...

UBUNTU-CVE-2022-50846

In the Linux kernel, the following vulnerability has been resolved: mmc: via-sdmmc: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, it will lead two issues: 1. The memory that allocated in mmcallochost is leaked. 2. In the remove path, mmcremovehos...

PT-2025-54122

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The mmc add host function may return an error, and if this return value is ignored, memory allocated in mmc alloc host can be leaked. This memory leak can lead to a kernel crash during...

PT-2025-49459

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel where the mmc add host function's return value is not properly checked. If mmc add host returns an error, the allocated memory in mmc alloc host is...

OESA-2025-2468 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, the memory that allocated in mmcallochost will be...

EUVD-2022-55588

Malicious code in bioql PyPI...

PT-2025-38163

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The mmc add host function may return an error, and failing to check this return value can lead to a memory leak. This memory leak occurs because memory allocated in mmc alloc host is n...

CVE-2022-50347 mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()

In the Linux kernel, the following vulnerability has been resolved: mmc: rtsxusbsdmmc: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, the memory that allocated in mmcallochost will be leaked and it will lead a kernel crash because of deleting not...

PT-2025-38016

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel where the mmc add host function’s return value was not properly checked. Failing to check the return value could lead to a memory leak within the mmc...

UBUNTU-CVE-2022-50251

In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, the memory that allocated in mmcallochost will be leaked and it will lead a kernel crash because of deleting not added...

CVE-2022-50251 mmc: vub300: fix return value check of mmc_add_host()

In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, the memory that allocated in mmcallochost will be leaked and it will lead a kernel crash because of deleting not added...

kernel: mmc: toshsd: fix return value check of mmc_add_host()

A flaw was found in the Linux kernel's Toshiba SD/MMC card reader driver toshsd. The driver fails to check the return value of mmcaddhost. If this function fails, memory allocated by mmcallochost is leaked, and a subsequent driver removal attempt will crash the kernel by trying to delete a device...