62 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/ucma: Protects the mc object during concurrent multicast operations. The commit mentioned in the “Fixes” section has been partially reverted to ensure that the allocation and erasure of multicast structures are locked...
PT-2026-41787
Name of the Vulnerable Software and Affected Versions OpenTelemetry eBPF Instrumentation versions prior to 0.9.0 Description A memory leak exists in the custom CappedConcurrentHashMap used for Java TLS state tracking. The remove function deletes entries from the map but fails to remove the...
PT-2026-37527
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the XFS file system where a small freemap at the end of the xattr entries array can experience a size underflow during array expansion. This can result in zero-length...
CVE-2026-27523
OpenClaw OpenClaw prior to version 2026.2.24 contains a sandbox bind-validation bypass vulnerability. The issue lets a bind source path that uses a symlinked parent with a non-existent leaf circumvent allowed-root and blocked-path checks, causing the path to resolve outside the sandbox and weaken...
Secure Group Key Agreement on Cyber-Physical System Buses
Cyber-Physical Systems CPSs rely on distributed embedded devices that often must communicate securely over buses. Ensuring message integrity and authenticity on these buses typically requires group-shared keys for Message Authentication Codes MACs. To avoid insecure fixed pre-shared keys and...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004849)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004849 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fwlevel Though...
kernel: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array
In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array The loop that detects/populates cache information already has a bounds check on the array size but does not account for cache levels with separate data/instructions...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989002)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989002 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/ucma: Protect mc during concurrent multicast leaves Partially revert the commit mentioned in...
CVE-2025-63294
WorkDo HRM SaaS HR and Payroll Tool 8.1 is affected by an Insecure Permissions issue. An authenticated user can create leave or resignation records on behalf of other users due to improper permission settings. Documents across multiple sources (NVD, Red Hat, CNNVD, CVE catalogs, and security feed...
EUVD-2023-1907
Malicious code in bioql PyPI...
EUVD-2022-52683
Malicious code in bioql PyPI...
CVE-2023-53428
CVE-2023-53428 affects the Linux kernel powercap subsystem, specifically the arm_scmi implementation. The issue arises when powercap zones are retrieved from platforms and registered in a hierarchical tree; the current recursive walk can cause kernel stack overflow for large trees. The fix replac...
Linux Distros Unpatched Vulnerability : CVE-2022-49964
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fwlevel Though acpifindlastcachelevel always returned signed value and the document...
SUSE CVE-2025-38230
In the Linux kernel, the following vulnerability has been resolved: jfs: validate AG parameters in dbMount to prevent crashes Validate dbagheight, dbagwidth, and dbagstart in dbMount to catch corrupted metadata early and avoid undefined behavior in dbAllocAG. Limits are derived from L2LPERCTL,...
CVE-2022-49964 arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level
In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fwlevel Though acpifindlastcachelevel always returned signed value and the document states it will return any errors caused by lack of a PPTT table, it...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Avoid out-of-bounds write to the cacheinfo array The loop that detects/populates cache information already includes a check on the array size. However, it does not take into account cache levels with separate...
CVE-2023-0641
A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password...
CVE-2022-34132
Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php...
CVE-2022-34133
Jorani v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the Comment parameter at application/controllers/Leaves.php...
CVE-2022-30931
Employee Leaves Management System ELMS V 2.1 is vulnerable to Cross Site Request Forgery CSRF via /myprofile.php...