2992 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Thermal/debugfs: Fixed two locking issues related to the thermal zone debug. With the current locking mechanism for thermal zones in the debugfs code, user space can open the “mitigations” file for a thermal zone before the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: cpu: Re-enable CPU mitigations by default for !X86 architectures. Rename the configuration for x86 to CPUMITIGATIONS, define it in the generic code, and apply it to all architectures except x86. A recent commit that turned...
Astra Linux – Vulnerability in Linux
A vulnerability was discovered in the Linux kernel’s EBPF verifier when handling internal data structures. Internal memory locations could be exposed to userspace. A local attacker with the permission to insert eBPF code into the kernel can exploit this vulnerability to leak internal kernel memor...
Astra Linux – Vulnerability in Linux
A issue was discovered in the Linux kernel through version 5.11.x. The kernel/bpf/verifier.c file contains unwanted out-of-bounds speculation during pointer arithmetic operations, which allows for side-channel attacks that circumvent Spectre mitigations and extract sensitive information from kern...
Fedora 43 : kernel (2026-3f85a4eba7)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3f85a4eba7 advisory. The 7.0.9-104/204 kernels contain a fix for a SKBFLSHAREDFRAG page-cache corruption vulnerability as well as some mitigations for PinTheft Tenable has...
Fedora 44 : kernel (2026-57965ac9f7)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-57965ac9f7 advisory. The 7.0.9-104/204 kernels contain a fix for a SKBFLSHAREDFRAG page-cache corruption vulnerability as well as some mitigations for PinTheft Tenable has...
CVE-2026-7860
CVE-2026-7860 describes an information-disclosure risk in Vaadin build tools: Vaadin Maven/Gradle plugins can print the full set of environment variables to build logs when a frontend build fails (non-zero exit). This can expose credentials/secrets in CI logs and artifacts. Affected ranges and fi...
Fedora 44 : kernel (2026-346fbec5d5)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-346fbec5d5 advisory. The 7.0.9-102/202 stable kernel builds contain additional mitigations for new code paths in fragnesia, and a couple of other security updates without fancy...
⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer. Then came the familiar ransom claim: the data was returned and deleted. The pattern is clear. One weak dependency c...
CVE-2026-26062 Fleet server may terminate unexpectedly when handling certain gRPC requests
Fleet is open source device management software. Prior to version 4.81.0, Fleet contained a denial-of-service DoS issue in the gRPC Launcher PublishLogs endpoint. In affected versions, certain unexpected input values were not handled gracefully, which could cause the Fleet server process to...
Exploit for CVE-2017-0144
💀 EternalBlue MS17-010 Exploitation Research Controlled r...
CVE-2026-44167
phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files eg. X509 certificates, RSA PKCS8 private or public keys, etc. This is a bypass of CVE-2024-27355. This vulnerability is fixed in 1.0.29, 2.0.54, and 3.0.52...
Five Attacks on X402 Agentic Payment Protocol
The x402 protocol revives the HTTP 402 Payment Required status code to enable web-native micropayments across APIs, content, and agents. It combines synchronous HTTP authorization with asynchronous blockchain settlement and introduces a cross-layer attack surface absent from conventional web and...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerabilities in picomatch-2.3.1.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerabilities in picomatch-2.3.1.tgz Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service ReDoS...
Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel
CVE-2026-31431 — "Copy Fail" Safe Detection Script A read-o...
Duplicate Advisory: Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8mp2-v27r-99xp. This link is maintained to preserve external references. Original Description Summary Denial-of-Service DoS vulnerability in the Mistune Markdown parser. The issue occurs when processing speciall...
Poly Clariti Manager – May 2026 Security Update
Multiple potential security vulnerabilities have been identified on Poly Clariti Manager, on-premises management platform. These vulnerabilities are related to Berkeley Internet Name Domain BIND, which is an open-source protocol. HP has released updates to mitigate the potential vulnerabilities. ...
Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel
check-copyfail check-copyfail.sh is a read-only Bash script...
Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel
CVE-2026-31431 "Copy Fail" — Safe Probe Suite !License: MIT...
Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel
copy-success — CVE-2026-31431 Compensating Control A defensiv...