Mongoose - NoSQL Injection

NoSQL injection vulnerability in Mongoose 8.9.5 affecting the populate function's match option. This vulnerability exists due to an incomplete fix for CVE-2024-53900. While direct $where injection is blocked, attackers can bypass this protection by nesting $where operators within logical operator...

SUSE CVE-2026-45989

In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix use-after-free in testdrvprobe The function testdrvprobe retrieves the devicenode from the PCI device, applies an overlay, and then immediately calls ofnodeputdn. This releases the reference held by the PCI core...

EUVD-2026-32285

In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix use-after-free in testdrvprobe The function testdrvprobe retrieves the devicenode from the PCI device, applies an overlay, and then immediately calls ofnodeputdn. This releases the reference held by the PCI core...

CVE-2026-45989

In the Linux kernel CVE-2026-45989, a use-after-free occurs in testdrv_probe() where a released device_node (via of_node_put) may later be passed to of_platform_default_populate(), risking use-after-free of the freed pointer. The root cause is that pdev->dev.of_node is owned by the device mode...

CVE-2026-45989 of: unittest: fix use-after-free in testdrv_probe()

In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix use-after-free in testdrvprobe The function testdrvprobe retrieves the devicenode from the PCI device, applies an overlay, and then immediately calls ofnodeputdn. This releases the reference held by the PCI core...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: irqchip/gic-v3: A refcount leak was fixed in gicpopulateppipartitions. The function offindnodebyphandle returns a node pointer with a refcount incremented. We should use ofnodeput on it when there is no longer a need for it. A...

CVE-2024-53326

CVE-2024-53326 affects LINQPad before 5.52.01 Pro. The vulnerability is an unsafe deserialization in LINQPad.AutoRefManager::PopulateFromCache(), which leads to code execution. The connected sources confirm the same description across EUVD-2024-55573 and NVD/CVE records. Public exploitation detai...

CVE-2024-53326

LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LINQPad.AutoRefManager::PopulateFromCache, leading to code execution...

PT-2026-38669

Name of the Vulnerable Software and Affected Versions LINQPad Pro edition versions prior to 5.52.01 Description Unsafe Deserialization occurs in the PopulateFromCache function within LINQPad.AutoRefManager, which can lead to remote code execution. Recommendations Update to version 5.52.01 or late...

CVE-2024-53326

LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LINQPad.AutoRefManager::PopulateFromCache, leading to code execution...

CVE-2026-43224

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix sgtable leak on mapping failures In an unlikely case when iopopulateareadma fails, which could only happen on a PAGEPOOL32BITARCHWITH64BITDMA machine, iozcrxmaparea will have an initialised and not freed table. ...

CVE-2021-28707

PoD operations on misaligned GFNs This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be started in populate-on-demand PoD mode, to provide a way for them to later easily have more memory assigne...

CVE-2021-28704

PoD operations on misaligned GFNs This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be started in populate-on-demand PoD mode, to provide a way for them to later easily have more memory assigne...

SUSE CVE-2022-50657

In the Linux kernel, the following vulnerability has been resolved: riscv: mm: add missing memcpy in kasaninit Hi Atish, It seems that the panic is due to the missing memcpy during kasaninit. Could you please check whether this patch is helpful? When doing kasanpopulate, the new allocated...

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.

...

Malicious code in billa-43 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82a42a69b8cf15c5a42c3ee2b54f2aecacde0e9d7aba1da4df938d42b6e15ada This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988807)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988807 advisory. In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Fix error handling in gicpopulateppipartitions ofgetchildbyname returns a node...

EUVD-2017-8213

Malware in sbrugna...

EUVD-2021-0512

Malware in sbrugna...

mm/vmalloc, mm/kasan: respect gfp mask in kasan_populate_vmalloc()

...