139 matches found
Mongoose - NoSQL Injection
NoSQL injection vulnerability in Mongoose 8.9.5 affecting the populate function's match option. This vulnerability exists due to an incomplete fix for CVE-2024-53900. While direct $where injection is blocked, attackers can bypass this protection by nesting $where operators within logical operator...
SUSE CVE-2026-45989
In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix use-after-free in testdrvprobe The function testdrvprobe retrieves the devicenode from the PCI device, applies an overlay, and then immediately calls ofnodeputdn. This releases the reference held by the PCI core...
EUVD-2026-32285
In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix use-after-free in testdrvprobe The function testdrvprobe retrieves the devicenode from the PCI device, applies an overlay, and then immediately calls ofnodeputdn. This releases the reference held by the PCI core...
CVE-2026-45989 of: unittest: fix use-after-free in testdrv_probe()
In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix use-after-free in testdrvprobe The function testdrvprobe retrieves the devicenode from the PCI device, applies an overlay, and then immediately calls ofnodeputdn. This releases the reference held by the PCI core...
CVE-2026-45989
CVE-2026-45989: Linux kernel use-after-free in unittest testdrv_probe() is mitigated in openSUSE/Root environments by updating kernel-devel to 7.0.11-1.1. The initial description explains that testdrv_probe() retrieves a device_node from the PCI device, applies an overlay, and then calls of_node_...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: irqchip/gic-v3: A refcount leak was fixed in gicpopulateppipartitions. The offindnodebyphandle function returns a node pointer with a refcount incremented. We should use ofnodeput on it when there is no longer a need for it. A...
CVE-2024-53326
CVE-2024-53326 affects LINQPad before 5.52.01 Pro. The vulnerability is an unsafe deserialization in LINQPad.AutoRefManager::PopulateFromCache(), which leads to code execution. The connected sources confirm the same description across EUVD-2024-55573 and NVD/CVE records. Public exploitation detai...
PT-2026-38669
Name of the Vulnerable Software and Affected Versions LINQPad Pro edition versions prior to 5.52.01 Description Unsafe Deserialization occurs in the PopulateFromCache function within LINQPad.AutoRefManager, which can lead to remote code execution. Recommendations Update to version 5.52.01 or late...
CVE-2024-53326
LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LINQPad.AutoRefManager::PopulateFromCache, leading to code execution...
CVE-2024-53326
LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LINQPad.AutoRefManager::PopulateFromCache, leading to code execution...
CVE-2026-43224
In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix sgtable leak on mapping failures In an unlikely case when iopopulateareadma fails, which could only happen on a PAGEPOOL32BITARCHWITH64BITDMA machine, iozcrxmaparea will have an initialised and not freed table. ...
CVE-2021-28707
PoD operations on misaligned GFNs This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be started in populate-on-demand PoD mode, to provide a way for them to later easily have more memory assigne...
CVE-2021-28704
PoD operations on misaligned GFNs This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be started in populate-on-demand PoD mode, to provide a way for them to later easily have more memory assigne...
SUSE CVE-2022-50657
In the Linux kernel, the following vulnerability has been resolved: riscv: mm: add missing memcpy in kasaninit Hi Atish, It seems that the panic is due to the missing memcpy during kasaninit. Could you please check whether this patch is helpful? When doing kasanpopulate, the new allocated...
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.
...
Malicious code in billa-43 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82a42a69b8cf15c5a42c3ee2b54f2aecacde0e9d7aba1da4df938d42b6e15ada This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988807)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988807 advisory. In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Fix error handling in gicpopulateppipartitions ofgetchildbyname returns a node...
EUVD-2021-0512
Malware in sbrugna...
EUVD-2017-8213
Malware in sbrugna...
mm/vmalloc, mm/kasan: respect gfp mask in kasan_populate_vmalloc()
...