141 matches found
CVE-2026-58370 Woodpecker < 3.15.0 - GitLab Approval Gate Bypass via Spoofable Commit Author Name
Woodpecker before 3.15.0 matches the ApprovalAllowedUsers bypass list against pipeline.Author. For the GitLab forge driver, pipeline.Author is populated from the git commit author name commit.author.name carried in the webhook payload, which is attacker-controlled and not verified by GitLab. A us...
SUSE CVE-2026-45966
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL pointer dereference in unixneedsrevalidation When receiving file descriptors via SCMRIGHTS, both the socket pointer and the socket's sk pointer can be NULL during socket setup or teardown, causing NULL pointer...
CVE-2026-45966
CVE-2026-45966 concerns a Linux kernel/AppArmor regression. When receiving file descriptors via SCM_RIGHTS, both sock and sock->sk can be NULL, leading to NULL pointer dereferences in __unix_needs_revalidation() and a crash. The issue stems from added NULL checks in a new function without ensu...
CVE-2026-45966 apparmor: fix NULL pointer dereference in __unix_needs_revalidation
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL pointer dereference in unixneedsrevalidation When receiving file descriptors via SCMRIGHTS, both the socket pointer and the socket's sk pointer can be NULL during socket setup or teardown, causing NULL pointer...
CVE-2026-45966 apparmor: fix NULL pointer dereference in __unix_needs_revalidation
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL pointer dereference in unixneedsrevalidation When receiving file descriptors via SCMRIGHTS, both the socket pointer and the socket's sk pointer can be NULL during socket setup or teardown, causing NULL pointer...
PT-2026-43833
Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.17 through 6.17 Description A NULL pointer dereference occurs in the unix needs revalidation function when receiving file descriptors via SCM RIGHTS. During socket setup or teardown, both the socket pointer and the...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of checking for sock and sock-sk pointers in unixneedsrevalidation, potentially leading to nul...
Astra Linux - Vulnerability in linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: wwan: mhi: fix memory leak in mhimbimdellink The MHI driver registers a network device without setting the needsfreenetdev flag, and does NOT call freenetdev when unregistering the network device, causing a memory leak. This...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fixed a null pointer crash in mtkdrmcrtcfinishpageflip. It is possible that mtkcrtc-event is NULL in mtkdrmcrtcfinishpageflip. The pendingneedsvblank value is set by mtkcrtc-event. However, in mtkdrmcrtcatomicFlush,...
Analysis of Personal Data Exposure in Thailand
In the digital era, personal data, particularly sensitive identifiers such as the Social Security Number and National Identification Number, have become a highly valuable asset, raising significant concerns regarding privacy and security. This study examines the risks associated with the online...
Exposing the Systematic Vulnerability of Open-Weight Models to Prefill Attacks
As the capabilities of large language models continue to advance, so does their potential for misuse. While closed-source models typically rely on external defenses, open-weight models must primarily depend on internal safeguards to mitigate harmful behavior. Prior red-teaming research has largel...
CVE-2026-23174 nvme-pci: handle changing device dma map requirements
In the Linux kernel, the following vulnerability has been resolved: nvme-pci: handle changing device dma map requirements The initial state of dmaneedsunmap may be false, but change to true while mapping the data iterator. Enabling swiotlb is one such case that can change the result. The nvme...
A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby
Posted by Natalie Silvanovich Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One effect of this change is increased 0-click attack surface, as efficient analysis often requires message media to...
Cybersecurity Competence for Organisations in Inner Scandinavia
A rapidly growing number of cybersecurity threats and incidents demands that Swedish organisations increase their efforts to improve their cybersecurity capacities. This paper presents results from interviews and a prior survey with key representatives from enterprises and public sector...
EUVD-2025-12921
Malicious code in bioql PyPI...
EUVD-2023-35215
Malicious code in bioql PyPI...
EUVD-2025-26166
Malicious code in bioql PyPI...
Smart Medical IoT Security Vulnerabilities: Real-Time MITM Attack Analysis, Lightweight Encryption Implementation, and Practitioner Perceptions in Underdeveloped Nigerian Healthcare Systems
The growing use of Internet of Things IoT technologies in Nigerian healthcare offers potential improvements in remote monitoring and data-driven care, but unsecured wireless communication in medical IoT mIoT devices exposes patient data to cyber threats. This study investigates such vulnerabiliti...
Linux Distros Unpatched Vulnerability : CVE-2025-39820
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add a null ptr check for dpuencoderneedsmodeset The drmatomicgetnewconnectorsta...
CVE-2025-55244
creationtimestamp| type| source ---|---|--- 2025-09-05 01:53:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ly2kht2irj2i 2025-09-05 03:01:18+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3ly2oamowsh2v 2025-09-05 06:26:50+00:00| seen|...