252572 matches found
CVE-2026-43150 perf/arm-cmn: Reject unsupported hardware configurations
In the Linux kernel, the following vulnerability has been resolved: perf/arm-cmn: Reject unsupported hardware configurations So far we've been fairly lax about accepting both unknown CMN models at least with a warning, and unknown revisions of those which we do know, as although things do...
CVE-2026-43143
In the Linux kernel, the following vulnerability has been resolved: mfd: core: Add locking around 'mfdofnodelist' Manipulating a list in the kernel isn't safe without some sort of mutual exclusion. Add a mutex any time we access / modify 'mfdofnodelist' to prevent possible crashes...
CVE-2026-43143
In the Linux kernel, CVE-2026-43143 fixes a concurrency issue in the multi-function device (mfd) core: access/modification of the mfd_of_node_list was not mutex-protected, risking unsafe list manipulation and potential crashes. The fix adds a mutex to guard this list, reducing crash likelihood. P...
MAL-2026-3353 Malicious code in money-badger-open-rpc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a9d70a5231934ee14ab33334a3de0db40d5520fb4ef092a5a24cbdffff9751e The package money-badger-open-rpc was found to contain malicious code. Source: ossf-package-analysis...
copy.fail.ocp-poc
Copy Fail CVE-2026-31431 — Kubernetes Container Escape PoC...
Malicious code in carbonite-internal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4fec002c13bf1ef1b49658e5dc490ca30515cf414294154827adadab04cbc234 The package carbonite-internal was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3352 Malicious code in carbonite-internal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4fec002c13bf1ef1b49658e5dc490ca30515cf414294154827adadab04cbc234 The package carbonite-internal was found to contain malicious code. Source: ossf-package-analysis...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure to call ofnodeput to release device node references in the nct7363presentpwmfanin...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the CNID counting check used in the HFS file system. This bug can trigger errors when the MDB is...
PT-2026-37576
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the Linux kernel within the drm/atmel-hlcdc component. The atmel hlcdc plane atomic duplicate state callback copies the atmel hlcdc plane state structure...
PT-2026-37455
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential memory leak exists in the probe function of the ti fpc202 driver. This issue occurs because device node references are not consistently released, which can lead to memory...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the cpumaskofnode function in the LoongArch architecture being unable to handle NUMANONODE,...
Nginx-UI: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeover
An unauthenticated bootstrap takeover exists in nginx-ui during the initial installation window exposed by POST /api/install. When the instance is still uninitialized, POST /api/install is reachable without authentication and accepts attacker-controlled bootstrap data. The handler sets the...
Nginx-UI Settings API Exposes Protected Secrets
The GetSettings API handler api/settings/settings.go:24-65 serializes all settings structs to JSON and returns them to authenticated users. Many sensitive fields are tagged with protected:"true" - however, this tag is only enforced during writes via ProtectedFill in SaveSettings and is completely...
PT-2026-37837
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used...
PT-2026-37483
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A lack of mutual exclusion when manipulating the mfd of node list list in the kernel can lead to potential system crashes. This occurs because accessing or modifying the list without...
PT-2026-38298
Name of the Vulnerable Software and Affected Versions Hugo versions prior to 0.161.0 Description When building a site that utilizes Node-based asset pipelines such as PostCSS, Babel, or TailwindCSS, the software invokes configured Node tools without restrictions on file system access. This allows...
PT-2026-38035
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...
PT-2026-37536
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double free issue exists in the pruss clk mux setup function. The devm add action or reset function indirectly triggers pruss of free clk provider, which executes of node putclk mux np...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the devicenode reference count is not properly decremented after the ofparsephandle...