CVE-2025-71300

CVE-2025-71300 affects the Linux kernel where U-Boot’s OP-TEE logic injects a reserved-memory node into the kernel device tree. A manually defined OP-TEE node in zynqmp.dtsi interferes with this process, causing memory access violations at runtime. The issue is described as resolved by reverting ...

CVE-2025-71300 Revert "arm64: zynqmp: Add an OP-TEE node to the device tree"

In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: zynqmp: Add an OP-TEE node to the device tree" This reverts commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe. OP-TEE logic in U-Boot automatically injects a reserved-memory node along with optee firmware node to...

CVE-2026-43292

In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: prevent RCU stalls in kasanreleasevmallocnode When CONFIGPAGEOWNER is enabled, freeing KASAN shadow pages during vmalloc cleanup triggers expensive stack unwinding that acquires RCU read locks. Processing a large...

BIT-PYTHON-MIN-2025-12084 Quadratic complexity in node ID cache clearing

When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents...

BIT-PYTHON-2025-12084 Quadratic complexity in node ID cache clearing

When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents...

Malicious code in msal-browser-1p (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b048f9df96df1367009fbcb80c4ad7b3ed89133bfe1fd86324c74e1c2d681c81 The package msal-browser-1p was found to contain malicious code. Source: ossf-package-analysis...

BIT-JRE-2025-7424 Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of...

BIT-JRE-2025-24855

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

BIT-JRE-2025-10911 Libxslt: use-after-free with key data stored cross-rvt

A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash...

Malicious code in playgod (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0aee4818420709f0d12c4a32c97671628fffdb1255fefd1895b2c3f880f8b2b The package playgod was found to contain malicious code. Source: ossf-package-analysis a700663ab039dd35fa24734d883219fff845bb0c6017a5e0dcb0191dfa4676...

CVE-2026-42264

Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser in the HTTP adapter are read via direct property access without hasOwnProperty guards, making th...

SUSE CVE-2026-43150

In the Linux kernel, the following vulnerability has been resolved: perf/arm-cmn: Reject unsupported hardware configurations So far we've been fairly lax about accepting both unknown CMN models at least with a warning, and unknown revisions of those which we do know, as although things do...

NPM: short-video-maker has a path traversal vulnerability

NPM: short-video-maker has a path traversal vulnerability discovered by ? in WordPress Npm short-video-maker versions = 1.3.4...

zebra 安全漏洞

Zebra is an open-source Zcash implementation built using Rust by the Zcash Foundation. There were security vulnerabilities in versions 2.2.0 to 4.3.1 of Zebra. These vulnerabilities stemmed from the JSON-RPC HTTP middleware disconnecting connections when the request body was not fully received,...

PT-2026-39000

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the f2fs file system where the f2fs finish read bio function may access uninitialized data in a folio if the system fails to read data from the device into that folio...

zebra 安全漏洞

Zebra is an open-source implementation of Zcash full node written in Rust by the Zcash Foundation. Versions of Zebra prior to 4.4.0 contained a security vulnerability, which was caused by a combined denial-of-service vulnerability in the block discovery pipeline. This vulnerability could allow...

PT-2026-38934

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description When CONFIG PAGE OWNER is enabled, freeing KASAN shadow pages during vmalloc cleanup triggers expensive stack unwinding that acquires RCU read locks. Processing a large purge list withou...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There are security vulnerabilities in the Linux kernel. These vulnerabilities arise from errors in the snbeppci2phymapinit function during Intel uncore performance...

Linux Distros Unpatched Vulnerability : CVE-2026-43349

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: fix to avoid uninit-value access in f2fssanitychecknodefooter syzbot reported a f2fs bug as below: BUG: KMSAN: uninit-value in...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the incorrect cleanup of the affinitynode during kthread exit paths. This vulnerability may lead ...