CVE-2025-59610

CVE-2025-59610 represents a memory corruption vulnerability that occurs when processing IOCTL requests with mismatched API versions, caused by concurrent modification of a user-space buffer. The CVSS 3.1 vector (L/H/C/I/A) indicates a Local, High complexity, High privileges required, no user inte...

USN-8352-1 libreoffice vulnerability

Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parameters in crafted OOXML documents. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code...

CVE-2026-45923

A flaw was found in the Linux kernel's net: usb: catc driver. A malformed Universal Serial Bus USB device can present endpoint descriptors with transfer types that differ from what the driver expects. This can lead to the driver attempting to use incorrect endpoint types, potentially causing...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the catcprobe function in the net/usb/catc driver. This function uses hardcoded endpoint pipelines to...

MAL-2026-4794 Malicious code in indextts-cli (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc206ef48bfccaec8e81aac2b666e2d54a4a027e8432cc1d08d3823cf333caca setup.py executes git clone --depth 1 --branch dev-3.12 https://github.com/gabry-lab/index-tts during the buildpy / egginfo / sdist / bdistwheel...

libheif 缓冲区错误漏洞

LibHEIF is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of LibHEIF prior to 1.21.2 contain a buffer error vulnerability. This vulnerability arises from the fact that the number of samples declared in the saiz frame exceeds the...

MAL-2026-4741 Malicious code in aurafarmer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 967bdc07ba43b92a320ad0ef81975a5547d24b987eda5b8cdf863fc7c18245e0 The package advertises an aurex CLI. Its login flow aurex/main.py around line 108 prompts the user for email and password and POSTs them as JSON to a...

Malicious code in aurafarmer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 967bdc07ba43b92a320ad0ef81975a5547d24b987eda5b8cdf863fc7c18245e0 The package advertises an aurex CLI. Its login flow aurex/main.py around line 108 prompts the user for email and password and POSTs them as JSON to a...

CVE-2026-45557

Technitium DNS Server aggressively tries to fetch missing RRSIG records or mismatched DNSKEY records. An attacker in control of a domain can cause a vulnerable system to generate excessive network traffic. Fixed in 15.0...

Technitium DNS Amplification

RISK EVALUATION Technitium DNS Server aggressively tries to fetch missing RRSIG records or mismatched DNSKEY records. An attacker in control of a domain can cause a vulnerable system to generate excessive network traffic. 2. RECOMMENDED PRACTICES Fixed in version 15.0. 3. DESCRIPTION Technitium...

kernel: crypto: algif_aead - Revert to operating out-of-place

A flaw was found in the Linux kernel's algifaead cryptographic algorithm interface. An incorrect in-place operation causes source and destination data mappings to differ during cryptographic processing. A low-privileged local attacker can exploit this flaw to corrupt the contents of sensitive...

CVE-2026-4430

Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7...

CVE-2026-4430

Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7...

Improperly Implemented Security Check for Standard

Overview Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard due to missing concurrent procedure validation in the SecurityMode and handleHandoverRequiredMain functions. An attacker can cause mismatches between security contexts, potentially...

kernel: crypto: algif_aead - Revert to operating out-of-place

A flaw was found in the Linux kernel's algifaead cryptographic algorithm interface. An incorrect in-place operation causes source and destination data mappings to differ during cryptographic processing. A low-privileged local attacker can exploit this flaw to corrupt the contents of sensitive...

Incorrect Authorization

Overview keystone is a package that provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. Affected versions of this package are vulnerable to Incorrect Authorization in the POST /v3/credentials endpoint. An attacker...

Mismatched Memory Management Routines

Overview Affected versions of this package are vulnerable to Mismatched Memory Management Routines via the cglib process. An attacker can cause the server to crash by sending specially crafted input that triggers an invalid pointer error. Remediation Upgrade thrift to version 0.23.0 or higher...

UBUNTU-CVE-2025-48431

Mismatched Memory Management Routines vulnerability in Apache Thrift cglib language bindings. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. Description: Specially crafted requests can crash an cglib-based Thrift server...

UBUNTU-CVE-2026-33602

A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to a denial of service...

Nimiq 安全漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.3.0 contained a security vulnerability. This vulnerability stemmed from a panic being triggered by HistoryTreeProof::verify in the nimiq-transaction when processing proofs with incorrect formats...