CVE-2026-31588

CVE-2026-31588 concerns the Linux kernel KVM MMIO handling bug where an MMIO write that spans multiple pages could reference on‑stack data, enabling a use‑after‑free path. The root cause is an internal temporary variable path during complete_emulated_mmio when emulated MMIO writes cross page boun...

CVE-2026-31569

The CVE-2026-31569 issue affects the Linux kernel’s LoongArch KVM path, where EIOINTC's coremap can be empty in eiointc_update_sw_coremap(), causing an out-of-bounds access to kvm_arch::phyid_map::phys_map[]. The described impact is system instability or a crash, with potential information disclo...

Oracle Database Server (April 2026 CPU)

The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2026 CPU advisory. - Security-in-Depth issue in the Spatial and Graph SQLite component of Oracle Database Server. This vulnerability cannot be exploited in the...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the KVM SEV not locking all vCPUs when SNP completes synchronization and encryption of VMSA. This...

Apache多款产品 输入验证错误漏洞

Apache ActiveMQ, among others, is a product of the Apache Foundation in the United States. Apache ActiveMQ is an open-source messaging middleware. Apache ActiveMQ Broker is a enterprise-level messaging proxy middleware that supports multiple protocols. Apache ActiveMQ All is a complete messaging...

PT-2026-34905

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix the descriptor address in kvm at swap desc Using "u64 user hva + offset" to get the virtual addresses of S1/S2 descriptors looks really wrong, if offset is not zero. What we want to get for swapping is hva + offse...

PT-2026-34945

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the KVM component regarding SEV Secure Encrypted Virtualization. The system fails to reject attempts to synchronize the vCPU state to its associated VMSA Virtual Machi...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of stack-local variables as source data during KVM x86 MMIO writes. When writing data tha...

PT-2026-34944

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the KVM SEV component where the sev mem enc register region function is not fully protected by the kvm-lock. Because the sev guest function is unstable unless kvm-lock...

PT-2026-34943

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the KVM SEV component where vCPUs are not locked during the synchronization and encryption of VMSAs for SNP guests. If userspace manipulates or runs a vCPU while its...

CVE-2026-41270

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery SSRF protection bypass vulnerability exists in the Custom Function feature. While the application implements SSRF protection via HTTPDENYLIST for axios and...

MAL-2026-3020 Malicious code in @bitwarden/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6fb2336936a86f37fc2018f8e68dc9989ffc3e79aa23297bf470de178201f50 The package @bitwarden/cli was found to contain malicious code. Source: ghsa-malware 8a8c7958926d5ec3795102e9114dfaa649ae3160afb9159ec2c46f044018b776...

Noir 安全漏洞

Noir is an open-source domain-specific language developed by noir-lang, used for SNARK proofs. Versions of Noir prior to 1.0.0-beta.19 contained a security vulnerability, caused by a nested array memory allocation error, which could lead to damage to the Brillig VM heap...

PT-2026-34832

Critical vulnerability in Anthropic Mythos and reported NSA adoption CVE-2026-21841 https://t.co/ZwHNBc0RF8 machinelearning ai...

Risk Models As Mediating Artifacts: A Postphenomenological Analysis of the CIIM Framework in Cybersecurity Practice

This article applies postphenomenological theory to the field of cybersecurity risk management, arguing that formal risk models function as mediating artifacts that shape how security practitioners or analysts perceive, interpret, and act on threats. Based on Don Ihde's taxonomy on human-technolo...

MAL-2026-2995 Malicious code in color-studio (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d197fd4183100bf9c61d06d5f63aea39f8b61429628f3a13522d8b511a0482bb The package color-studio was found to contain malicious code. Source: ghsa-malware 3ea22c97ba975ced2d26e899fe9ac900d3e1df68314536f95416cf2b03b65472 A...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013515)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013515 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/fpu: KVM: Set the base guest FPU uABI size to sizeofstruct kvmxsave Set the starting uABI siz...

Oracle Database Server Java VM Component Data Disclosure Vulnerability

Oracle Database Server is a relational database management system with a Java VM component that supports running Java programs in the database. A data disclosure vulnerability exists in Oracle Database Server. The vulnerability arises from a failure of the Java VM component to properly handle a...

CVE-2026-35229

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.30 and 21.3-21.21. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability...

Kyber Ransomware Double Trouble: Windows and ESXi Attacks Explained

Overview For executive leadership, the emergence of Kyber ransomware represents a significant and immediate threat due to its specialized, dual-platform deployment capability targeting mission-critical virtualization infrastructure VMware ESXi and core Windows file systems. This cross-platform...