1178 matches found
EUVD-2026-42373
Midscene Bridge Server through 1.10.3, fixed in commit 86f4118, contains a missing authentication and CORS misconfiguration vulnerability that allows unauthenticated remote attackers to hijack active bridge sessions by opening a cross-origin WebSocket connection to the local Socket.IO server, whi...
CVE-2026-59804
Midscene Bridge Server (affected: 1.10.3 and earlier) has a missing authentication and CORS misconfiguration that permits unauthenticated remote hijacking of active bridge sessions via a cross-origin WebSocket to the local Socket.IO server. The server does not validate Origin headers and requires...
EUVD-2026-25017
kill: 'kill -1' parsed as PID -1, sending SIGTERM to all processes system crash / DoS...
Linux Distros Unpatched Vulnerability : CVE-2026-53112
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: rtlwifi: pci: fix possible use-after-free caused by unfinished irqpreparebcntasklet The irqpreparebcntasklet is initialized in rtlpciinit and scheduled wh...
CVE-2026-53112
In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: pci: fix possible use-after-free caused by unfinished irqpreparebcntasklet The irqpreparebcntasklet is initialized in rtlpciinit and scheduled when RTLIMRBCNINT interrupt is triggered by hardware. But it is never...
CVE-2026-53112 wifi: rtlwifi: pci: fix possible use-after-free caused by unfinished irq_prepare_bcn_tasklet
In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: pci: fix possible use-after-free caused by unfinished irqpreparebcntasklet The irqpreparebcntasklet is initialized in rtlpciinit and scheduled when RTLIMRBCNINT interrupt is triggered by hardware. But it is never...
CVE-2026-52976 drm/xe: Fix error cleanup in xe_exec_queue_create_ioctl()
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix error cleanup in xeexecqueuecreateioctl Two error handling issues exist in xeexecqueuecreateioctl: 1. When xehwenginegroupaddexecqueue fails, the error path jumps to putexecqueue which skips xeexecqueuekill. If the VM...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: ACPI: APEI: Send SIGBUS to the current task if a synchronous memory error is not recovered. If a synchronous error is detected due to a user-space process triggering a 2-bit uncorrected error, the CPU will raise an exception,...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: net: nfc: Fixed a deadlock between nfcunregisterdevice and rfkillfopwrite. A deadlock can occur between nfcunregisterdevice and rfkillfopwrite due to the inverted lock order between devicelock and rfkillglobalmutex. The problemat...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: atm: fore200e: fixed a use-after-free issue in tasklets during device removal When the PCA-200E or SBA-200E adapter is detached, the fore200e is deallocated. However, the txtasklet or rxtasklet may still be running or pending,...
Malicious code in @my_name_is_khn/express-security-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b7e17fc1e874d13547ace24c7b21593ce1eb13337d0d877a89c7a372974ee42 On npm install, the package's postinstall hook scripts/inject.js locates the installer's host project root, identifies the main entry file index.js,...
MAL-2026-5550 Malicious code in @my_name_is_khn/express-security-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b7e17fc1e874d13547ace24c7b21593ce1eb13337d0d877a89c7a372974ee42 On npm install, the package's postinstall hook scripts/inject.js locates the installer's host project root, identifies the main entry file index.js,...
Malicious code in express-self-destruct (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0097503a7ecd7b5e3b97213de29b36d5e957a305f7829cc45f43aa5aa3da817 On npm install, the package's postinstall hook node scripts/inject.js walks up from the install directory to locate the consumer's project root and...
MAL-2026-5553 Malicious code in express-self-destruct (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0097503a7ecd7b5e3b97213de29b36d5e957a305f7829cc45f43aa5aa3da817 On npm install, the package's postinstall hook node scripts/inject.js walks up from the install directory to locate the consumer's project root and...
Improper Resource Shutdown or Release
Overview @boxlite-ai/boxlite is a BoxLite - Embeddable micro-VM runtime for secure, isolated code execution Affected versions of this package are vulnerable to Improper Resource Shutdown or Release due to improper handling of process termination signals in the timeout mechanism by using the...
Improper Resource Shutdown or Release
Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release due to improper handling of process termination signals in the timeout mechanism by using the catchable SIGALRM signal instead of the uncatchable SIGKILL signal. An attacker can cause resource...
offensive-claude-533
Offensive Security Research Config for Claude Code !TIP...
offensive-claude-604
Offensive Security Research Config for Claude Code !TIP...
offensive-claude-813
Offensive Security Research Config for Claude Code !TIP...
offensive-claude-982
Offensive Security Research Config for Claude Code !TIP...