CVE-2026-48190 Incorrect handling of permissions in External Interface Config Item List module

An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X...

CVE-2026-43110

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: validate bsscfg indices in IF events brcmffwehhandleifevent validates the firmware-provided interface index before it touches drvr-iflist, but it still uses the raw bsscfgidx field as an array index without a...

PT-2026-37420

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description In the brcmfmac component of the Linux kernel, the brcmf fweh handle if event function fails to perform a range check on the bsscfgidx field provided by the firmware. This allows the raw...

Astra Linux - уязвимость в libvirt

A flaw was discovered in libvirt. A refactoring of the code that retrieves the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case could lead to a NULL pointer being dereferenced, causing the...

ThriveX-Blog 安全漏洞

ThriveX-Blog is a blog management system by the individual developer LiuYuYang01. A security vulnerability exists in ThriveX-Blog versions 2.5.9 through 3.1.3, which originates from the unauthenticated /api/assistant/list endpoint and could lead to the disclosure of sensitive information...

Beyond Classification: Evaluating LLMs for Fine-Grained Automatic Malware Behavior Auditing

Automated malware classification has achieved strong detection performance. Yet, malware behavior auditing seeks causal and verifiable explanations of malicious activities -- essential not only to reveal what malware does but also to substantiate such claims with evidence. This task is challengin...

kernel: wifi: rtw89: avoid to add interface to list twice when SER

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: avoid to add interface to list twice when SER If SER L2 occurs during the WoWLAN resume flow, the add interface flow is triggered by ieee80211reconfig. However, due to rtw89wowresume return failure, it will cause the...

PT-2024-6094

Name of the Vulnerable Software and Affected Versions libvirt affected versions not specified Description A flaw was found in libvirt related to a NULL-pointer dereference. This issue occurs due to a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer, leading to...

OESA-2024-2011 libvirt security update

Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support. Security Fixes: A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces...

ROS-20240423-02

Vulnerability of gnew0 function of Libvirt virtualization management library is related to incorrect checking of negative array length before memory allocation. checking for negative array length before allocating memory. Exploitation of the vulnerability could allow an attacker to cause a denial...