MAL-2026-3352 Malicious code in carbonite-internal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4fec002c13bf1ef1b49658e5dc490ca30515cf414294154827adadab04cbc234 The package carbonite-internal was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in carbonite-internal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4fec002c13bf1ef1b49658e5dc490ca30515cf414294154827adadab04cbc234 The package carbonite-internal was found to contain malicious code. Source: ossf-package-analysis...

PT-2026-37828

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the cpumaskofnode function in the LoongArch architecture being unable to handle NUMANONODE,...

Nginx-UI: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeover

An unauthenticated bootstrap takeover exists in nginx-ui during the initial installation window exposed by POST /api/install. When the instance is still uninitialized, POST /api/install is reachable without authentication and accepts attacker-controlled bootstrap data. The handler sets the...

RHCOS 4 : OpenShift Container Platform 4.4.19 openshift (RHSA-2020:3579)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:3579 advisory. - kubernetes: Node disk DOS by writing to container /etc/hosts CVE-2020-8557 Note that Nessus has not tested for this issue but has instead...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the devicenode reference count is not properly decremented after the ofparsephandle...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure to call ofnodeput to release device node references in the nct7363presentpwmfanin...

PT-2026-38035

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

PT-2026-37837

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used...

PT-2026-37576

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the Linux kernel within the drm/atmel-hlcdc component. The atmel hlcdc plane atomic duplicate state callback copies the atmel hlcdc plane state structure...

PT-2026-37483

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A lack of mutual exclusion when manipulating the mfd of node list list in the kernel can lead to potential system crashes. This occurs because accessing or modifying the list without...

PT-2026-37455

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential memory leak exists in the probe function of the ti fpc202 driver. This issue occurs because device node references are not consistently released, which can lead to memory...

Nginx-UI Settings API Exposes Protected Secrets

The GetSettings API handler api/settings/settings.go:24-65 serializes all settings structs to JSON and returns them to authenticated users. Many sensitive fields are tagged with protected:"true" - however, this tag is only enforced during writes via ProtectedFill in SaveSettings and is completely...

PT-2026-38298

Name of the Vulnerable Software and Affected Versions Hugo versions prior to 0.161.0 Description When building a site that utilizes Node-based asset pipelines such as PostCSS, Babel, or TailwindCSS, the software invokes configured Node tools without restrictions on file system access. This allows...

Linux Distros Unpatched Vulnerability : CVE-2026-43165

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hwmon: nct7363 Fix a resource leak in nct7363presentpwmfanin When calling ofparsephandlewithargs, the caller is responsible to call ofnodeput to release the...

PT-2026-37552

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the LoongArch architecture, the cpumask of node function does not properly handle NUMA NO NODE, which is a valid index. Recommendations At the moment, there is no information about a...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the CNID counting check used in the HFS file system. This bug can trigger errors when the MDB is...

PT-2026-37536

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double free issue exists in the pruss clk mux setup function. The devm add action or reset function indirectly triggers pruss of free clk provider, which executes of node putclk mux np...

RHCOS 3 : OpenShift Container Platform 3.11.542 (RHSA-2021:3915)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3915 advisory. - kubernetes: Node disk DOS by writing to container /etc/hosts CVE-2020-8557 Note that Nessus has not tested for this issue but has instead...