CVE-2026-36044

@pensar/apex = 0.0.58 is vulnerable to OS command injection via the smartenumerate tool. The createSmartEnumerateTool function in src/core/agent/tools.ts constructs a shell command by concatenating unsanitized values from the extensions array and url parameter into a string passed to Node.js...

Debian dsa-6300 : node-shell-quote - security update

The remote Debian 12 / 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6300 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6300-1 [email protected] https://www.debian.org/security/...

scramble - Remote Code Execution

Exploit Title: scramble - Remote Code Execution Google Dork: inurl:/docs/api.json "dedoc/scramble" Date: 2026-05-07 Exploit Author: Joshua van der Poll https://github.com/joshuavanderpoll Vendor Homepage: https://scramble.dedoc.co Software Link: https://github.com/dedoc/scramble Version: =0.13.2,...

PT-2026-43897

In the Linux kernel, the following vulnerability has been resolved: EDAC/versalnet: Fix device node leak in mc probe of parse phandle returns a device node reference that must be released with of node put. The original code never freed r5 core node on any exit path, causing a memory leak. Fix thi...

CVE-2026-46030

EDAC/versalnet: Fix devicenode leak in mcprobe...

PT-2026-44156

Summary The built-in strip html filter in liquidjs uses a regex containing four lazy-quantified alternatives. When the input contains many |||/g, '' The regex contains four lazy patterns: 1. 2. 3. 4. For an input like 'script'.repeatN, the engine encounters N starting positions. At each one it mu...

PT-2026-43961

In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: take vmap purge lock in shrinker decay va pool node can be invoked concurrently from two paths: purge vmap area lazy when pools are being purged, and the shrinker via vmap node shrink scan. However, decay va pool node...

opentelemetry-js 安全漏洞

opentelemetry-js is an open-source framework from OpenTelemetry - CNCF, designed for collecting traces, metrics, and logs from applications. Versions of opentelemetry-js prior to 0.217.0 contained a security vulnerability. This vulnerability stemmed from improper error handling in the URL parsing...

PT-2026-43792

In the Linux kernel, the following vulnerability has been resolved: thermal/of: Fix reference leak in thermal of cm lookup In thermal of cm lookup, tr np is obtained via of parse phandle, but never released. Use the freedevice node cleanup attribute to automatically release the node and fix the...

PT-2026-44129

Summary A flaw in Deno's Node.js tls compatibility layer could cause a TLS client to transmit application data in plaintext after a connection retry. When autoSelectFamily was enabled and the first address-family attempt failed, the socket reinitialization path reused a stale TLS upgrade hook tha...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the hfsbnodecreate function in the hfsplus file system. This function returns a node when it...

CVE-2026-46067

mm/damon/core: validate damosquotagoal-nid for nodememcgused,freebp...

PT-2026-43887

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: validate damos quota goal-nid for node mem used,free bp Patch series "mm/damon/core: validate damos quota goal-nid". node memcg used,free bp DAMOS quota goals receive the node id. The node id is used for si meminfo...

PT-2026-43856

In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix use-after-free in testdrv probe The function testdrv probe retrieves the device node from the PCI device, applies an overlay, and then immediately calls of node putdn. This releases the reference held by the PCI...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an error in the testdrvprobe function in unittest that leads to the improper release of device...

systeminformation 操作系统命令注入漏洞

SystemInformation is a NPM software library developed by Sebastian Hildebrandt, which allows access to operating system information. Versions of SystemInformation from 4.17.0 to 5.31.5 contain a vulnerability related to operating system command injection. This vulnerability arises on Linux when t...

PT-2026-43905

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Free the node during ctrl cmd bye A node sends the BYE packet when it is about to go down. So the nameserver should advertise the removal of the node to all remote and local observers and free the node finally. But...

PT-2026-43870

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the total number of nodes Currently, the nameserver doesn't limit the number of nodes it handles. This can be an attack vector if a malicious client starts registering random nodes, leading to memory...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the qtrr server does not limit the number of nodes. This could allow malicious...

Budibase 安全漏洞

Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.39.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of the raw...