PT-2026-1533

Name of the Vulnerable Software and Affected Versions versions prior to 2025 Description A memory corruption issue exists during the deinitialization of a High-bandwidth Digital Content Protection HDCP session. HDCP is a form of digital copy protection designed to prevent copying of digital audio...

PT-2026-1543

Name of the Vulnerable Software and Affected Versions versions prior to 2025 Description A memory corruption issue exists when accessing resources within a kernel driver. The issue could allow for unexpected behavior or system instability. Recommendations At the moment, there is no information...

PT-2026-6116

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.18.0 10 Description The Linux kernel contains a flaw within the virtio net subsystem. Specifically, an inconsistency exists in how memory is allocated and freed for the RSS header. The initial allocation uses...

Fears Mount That US Federal Cybersecurity Is Stagnating—or Worse

Government staffing cuts and instability, including this year’s prolonged shutdown, could be hindering US digital defense and creating vulnerabilities...

PT-2025-53118

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the md/raid5 component. A double-free condition can occur during chunk-sized reads on disks with badblocks due to an unnecessary bio put call in...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a memory corruption that could lead to system instability...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a post-release reuse issue with usbgadgetstatework, which could lead to system instability...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a double-release problem in the MOST subsystem, which could lead to system instability...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a call to a function in an atomic context that could cause a sleep, potentially leading to system instabilit...

CVE-2023-53874

Summary: CVE-2023-53874 affects GOM Player 2.3.90.5360. The issue is a buffer overflow in the equalizer preset name input field, with exploitation described as overwriting the preset name by 260 'A' characters, leading to application instability or a crash. What’s affected: GOM Player version 2.3...

Qnap QTS and QuTS hero Improper Handling of URL Encoding (CVE-2024-48866)

An improper handling of URL encoding Hex Encoding vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a memory corruption that could lead to system instability...

PT-2026-2531

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An integer underflow issue exists in the cffrml receive function when handling packets with FCS disabled. The function extracts a length field from the packet header and subtracts 2 from...

PT-2025-53003

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue where the return value from change memory common is not properly propagated. The rodata=on security measure requires protection of the linear map alias...

kernel: ext4: fix undefined behavior in bit shift for ext4_check_flag_values

A vulnerability was identified in the Linux kernel's ext4 filesystem implementation due to a flaw in how it processes filesystem metadata. An attacker with local privileges could create a malicious ext4 filesystem image to trigger this issue. When the system attempts to mount this malicious image...

BIT-LIMESURVEY-2025-41075 Multiple vulnerabilities in Limesurvey

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optin that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service DoS attack, by exhausting server or client resources. The system is unable to break the redirect loop, which can...

thread-amount 安全漏洞

thread-amount is a tool by jez personal developer to get the number of threads in the current process. A security vulnerability exists in thread-amount versions prior to 0.2.2, which stems from a resource leak that could lead to system instability or process termination...

CVE-2025-41075

LimeSurvey 6.13.0 has a vulnerability in the /optin endpoint that causes infinite HTTP redirects, enabling a DoS by exhausting server or client resources. Multiple connected sources (NVD, OSV, Red Hat, CIRCL, Snyk) confirm the issue and its impact (service degradation, potential browser instabili...

Security Advisory 0126

Security Advisory 0126 . CSAF PDF Date: November 18, 2025 Revision | Date | Changes ---|---|--- 1.0 | November 18, 2025 | Initial release The following issues were discovered during regular penetration testing of Arista’s EOS. Issues detailed cover CloudVision Exchange CVX based features includin...

Malicious code in nana-telur46-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d4f4cef6f52723c3603f6e5e90b0395422af015a85e9fe696de32bf2015c1db This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...