CVE-2026-43326

In the Linux kernel, the following vulnerability has been resolved: schedext: Fix SCXKICKWAIT deadlock by deferring wait to balance callback SCXKICKWAIT busy-waits in kickcpusirqworkfn using smpcondloadacquire until the target CPU's kicksync advances. Because the irqwork runs in hardirq context,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: The default value for “denominator” is initialized to 1. WHAT & HOW Variables that are used as denominators and may not be assigned to other values should be initialized to a non-zero value to avoid “DIVIDEBYZERO...

CVE-2026-0013

The CVE-2026-0013 advisory describes a vulnerability in PickActivity.java where the setupLayout flow can allow a DocumentsUI app to start any activity, enabling local escalation of privilege via a confused deputy without user interaction. The description notes no explicit exploitation prerequisit...

EUVD-2026-9231

In setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0013

In setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

OSV-2026-55 Use-of-uninitialized-value in vp9_quantize_fp_avx2

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=475583924 Crash type: Use-of-uninitialized-value Crash state: vp9quantizefpavx2 blockyrd vp9pickintermode...

OSV-2026-30 Use-of-uninitialized-value in vp9_quantize_fp_avx2

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=474614578 Crash type: Use-of-uninitialized-value Crash state: vp9quantizefpavx2 blockyrd vp9pickintermode...

CVE-2021-41207

TensorFlow is an open source platform for machine learning. In affected versions the implementation of ParallelConcat misses some input validation and can produce a division by 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow...

CVE-2021-41209

TensorFlow is an open source platform for machine learning. In affected versions the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...

CVE-2021-41201

TensorFlow is an open source platform for machine learning. In affeced versions during execution, EinsumHelper::ParseEquation is supposed to set the flags in inputhasellipsis vector and outputhasellipsis boolean to indicate whether there is ellipsis in the corresponding inputs and output. However...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000470)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000470 advisory. In the Linux kernel, picknextrtentity may return a type confused entry, not detected by the BUGON condition, as the confused entry will not be NULL, but listhead.The...

ROOT-APP-NPM-CVE-2020-8203 CVE-2020-8203 in @rootio/lodash.pick - Patched by Root

Root has patched CVE-2020-8203 in the @rootio/lodash.pick package for Root:npm. Multiple fixed versions available...

Malicious code in insomnia-plugin-random-pick (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8717488a1afc3be853313a0f8f243fa748188c0b321d8c9096182cf59bfbb1ed The package insomnia-plugin-random-pick was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-199136

Malicious code in insomnia-plugin-random-pick npm...

EUVD-2021-27580

Malicious code in bioql PyPI...

CVE-2025-57993

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Benjamin Pick Geolocation IP Detection geoip-detect allows Stored XSS.This issue affects Geolocation IP Detection: from n/a through = 5.5.0...

CVE-2025-54007

Deserialization of Untrusted Data vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Object Injection.This issue affects Post Grid and Gutenberg Blocks: from n/a through = 2.3.11...

Linux Distros Unpatched Vulnerability : CVE-2025-21897

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: schedext: Fix picktaskscx picking non-queued tasks when it's called without balance...

Malicious code in pick-redvelvet-member (npm)

The package pick-redvelvet-member was found to contain malicious code...

Malicious code in pick-some-keys (npm)

The package pick-some-keys was found to contain malicious code...