BIT-JRE-2025-24855

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

BIT-JRE-2025-10911 Libxslt: use-after-free with key data stored cross-rvt

A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash...

Malicious code in playgod (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0aee4818420709f0d12c4a32c97671628fffdb1255fefd1895b2c3f880f8b2b The package playgod was found to contain malicious code. Source: ossf-package-analysis a700663ab039dd35fa24734d883219fff845bb0c6017a5e0dcb0191dfa4676...

CVE-2026-42264

Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser in the HTTP adapter are read via direct property access without hasOwnProperty guards, making th...

SUSE CVE-2026-43150

In the Linux kernel, the following vulnerability has been resolved: perf/arm-cmn: Reject unsupported hardware configurations So far we've been fairly lax about accepting both unknown CMN models at least with a warning, and unknown revisions of those which we do know, as although things do...

NPM: short-video-maker has a path traversal vulnerability

NPM: short-video-maker has a path traversal vulnerability discovered by ? in WordPress Npm short-video-maker versions = 1.3.4...

PT-2026-38995

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel within the perf/x86/intel/uncore component regarding die ID initialization and lookup. In the snbep pci2phy map init function, when nr node ids is...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There are security vulnerabilities in the Linux kernel. These vulnerabilities arise from errors in the snbeppci2phymapinit function during Intel uncore performance...

zebra 安全漏洞

Zebra is an open-source implementation of Zcash full node written in Rust by the Zcash Foundation. Versions of Zebra prior to 4.4.0 contained a security vulnerability, which was caused by a combined denial-of-service vulnerability in the block discovery pipeline. This vulnerability could allow...

PT-2026-39149

Name of the Vulnerable Software and Affected Versions ZEBRA versions prior to 4.4.0 Description A composite denial-of-service issue in the block discovery pipeline allows an unauthenticated remote attacker to permanently stop all new block discovery on a targeted node. The attack leverages three...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the incorrect cleanup of the affinitynode during kthread exit paths. This vulnerability may lead ...

PT-2026-38849

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

PT-2026-39000

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the f2fs file system where the f2fs finish read bio function may access uninitialized data in a folio if the system fails to read data from the device into that folio...

PT-2026-38934

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description When CONFIG PAGE OWNER is enabled, freeing KASAN shadow pages during vmalloc cleanup triggers expensive stack unwinding that acquires RCU read locks. Processing a large purge list withou...

zebra 安全漏洞

Zebra is an open-source Zcash implementation built using Rust by the Zcash Foundation. There were security vulnerabilities in versions 2.2.0 to 4.3.1 of Zebra. These vulnerabilities stemmed from the JSON-RPC HTTP middleware disconnecting connections when the request body was not fully received,...

Linux Distros Unpatched Vulnerability : CVE-2026-43349

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: fix to avoid uninit-value access in f2fssanitychecknodefooter syzbot reported a f2fs bug as below: BUG: KMSAN: uninit-value in...

query-parser-string is vulnerable to Prototype Pollution

NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object...

Prototype Pollution

Overview parse-ini is a Parse ini file to get the content and variables of the ini file as node object. Affected versions of this package are vulnerable to Prototype Pollution via the index.js file. An attacker can manipulate object properties and potentially execute arbitrary code or alter...

GHSA-54PG-9963-V8VG Compromised version of intercom-client published to npm

Impact On April 30, 2026, version 7.0.4 of intercom-client was published to npm using credentials obtained from a compromised developer account. This version was not produced by Intercom's build pipeline. The malicious version contained an obfuscated JavaScript payload that executed during packag...

CVE-2025-65122

Regex Denial of Service in youtube-regex npm package through version 1.0.5...