394 matches found
CVE-2026-46076
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Raise UD if unhandled VMMCALL isn't intercepted by L1 Explicitly synthesize a UD for VMMCALL if L2 is active, L1 does NOT want to intercept VMMCALL, nestedsvml2tlbflushenabled is true, and the hypercall is something...
CVE-2026-46076 KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Raise UD if unhandled VMMCALL isn't intercepted by L1 Explicitly synthesize a UD for VMMCALL if L2 is active, L1 does NOT want to intercept VMMCALL, nestedsvml2tlbflushenabled is true, and the hypercall is something...
Mezo: ERC-20 bridgeOut burn can be erased by a stale StateDB overwrite leading to full L1 bridge drain
Note: the fixed version of the validator client has been deployed for some time. Impact Potential full drain of L1 bridge without changing bridged balance on Mezo. Brief/Intro A malicious user can steal all ERC-20 tokens locked in the L1 bridge by repeatedly calling the bridgeOut precompile from ...
Improper Synchronization
Overview Affected versions of this package are vulnerable to Improper Synchronization through the bridgeOut precompile. An attacker can restore their ERC-20 token balance and allowance after a burn operation by exploiting stale state overwrites in the dual-context state management, enabling...
Improper Synchronization
Overview Affected versions of this package are vulnerable to Improper Synchronization through the bridgeOut precompile. An attacker can restore their ERC-20 token balance and allowance after a burn operation by exploiting stale state overwrites in the dual-context state management, enabling...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Loads the TSC multiplier of L1 based on L1’s state, not L2’s state. When emulating a nested VM-Exit, the TSC multiplier of L1 is loaded if L1’s desired ratio does not match the current ratio. This does not occur if L1’...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013809)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013809 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Don't recheck L1 intercepts when completing userspace I/O When completing emulation of...
CVE-2026-27842
Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration...
CVE-2026-20892
Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privileges to execute arbitrary commands...
EUVD-2026-11101
Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration...
EUVD-2026-11091
Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to obtain administrative access...
EUVD-2026-11087
Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privileges to execute arbitrary commands...
CVE-2026-27842
Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration...
CVE-2026-20892
Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privileges to execute arbitrary commands...
CVE-2026-24448
Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to obtain administrative access...
CVE-2026-27842
CVE-2026-27842 affects Micro Research MR-GM5L-S1 and MR-GM5A-L1. The issue is an authentication bypass (CWE-288 per JVNDB) that could let an attacker bypass authentication and change device configuration. Severity is reflected as CRITICAL in multiple sources, with CVSSv3.0/4.0 scores indicating n...
CVE-2026-27842
Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration...
CVE-2026-27842
Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration...
EUVD-2026-11102
Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration...
CVE-2026-24448
Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to obtain administrative access...