EUVD-2025-209669

HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized command execution...

CVE-2026-22166 GPU DDK - Write UAF in KEGLGetPoolBuffers, WebGL reachable

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable subsequent exploit on the...

DEBIAN-CVE-2026-31556

In the Linux kernel, the following vulnerability has been resolved: xfs: scrub: unlock dquot before early return in quota scrub xchkquotaitem can return early after calling xchkfblockprocesserror. When that helper returns false, the function returned immediately without dropping dq-qqlock, which...

Linux Distros Unpatched Vulnerability : CVE-2026-31548

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: cfg80211: cancel pmsrfreewk in cfg80211pmsrwdevdown When the nl80211 socket that originated a PMSR request is closed, cfg80211releasepmsr sets the request...

CVE-2026-6775

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the WebRTC component...

@bentwnghk/chat (>=1.45.5 <=1.45.6), @clerk/elements (=0.0.2-snapshot.vc65ad98) +3 more potentially affected by CVE-2026-41248 via @clerk/nextjs (>=5.0.1-snapshot.vc65ad98 <=5.7.5)

@clerk/nextjs NPM version =5.0.1-snapshot.vc65ad98, =1.45.5, =1.2.8, =1.2.9 - @spike-npm-land/code =0.9.55 - spark-strand-login =1.0.1 Source cves: CVE-2026-41248 Source advisory: SNYK:JS-CLERKNEXTJS-16098250...

CVE-2026-5758

CVE-2026-5758 affects Mafintosh’s protocol-buffers-schema (JavaScript) versions around 3.6.0. The issue is prototype pollution in the library, enabling an attacker to alter application logic, bypass security checks, cause a denial of service, or potentially achieve remote code execution. The avai...

SUSE CVE-2026-39979

jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jvparsesized API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jvstringfmt, which reads until a NUL terminat...

CVE-2026-40027

ALEAPP Android Logs Events And Protobuf Parser through 3.4.0 contains a path traversal vulnerability in the NQVault.py artifact parser that uses attacker-controlled filenamefrom values from a database directly as the output filename, allowing arbitrary file writes outside the report output...

Time-Domain Voice Identity Morphing (TD-VIM): A Signal-Level Approach to Morphing Attacks on Speaker Verification Systems

In biometric systems, it is a common practice to associate each sample or template with a specific individual. Nevertheless, recent studies have demonstrated the feasibility of generating "morphed" biometric samples capable of matching multiple identities. These morph attacks have been recognized...

CVE-2026-34758

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, unauthenticated access to Notification test and Phone Number management endpoints allows SMS/Call/Email/WhatsApp abuse and phone number purchase. This issue has been patched in version 10.0.42...

1millionbot Millie chatbot 安全漏洞

1millionbot Millie chatbot is a chatbot system provided by the Spanish company 1millionbot, capable of offering intelligent dialogue and automated customer service capabilities. There is a security vulnerability in 1millionbot Millie chatbot, which stems from the possibility for users to use...

PT-2026-29084

Name of the Vulnerable Software and Affected Versions awesome-llm-apps versions prior to commit e46690f99c3f08be80a9877fab52acacf7ab8251 Description A cross-session information disclosure issue exists in the awesome-llm-apps project. The Streamlit-based GitHub MCP Agent stores user-supplied API...

FreeRDP 数字错误漏洞

FreeRDP is an open-source implementation of the Remote Desktop Protocol RDP by the FreeRDP team. Versions of FreeRDP prior to 3.24.0 contained a numerical error vulnerability. This vulnerability occurred when nBlockAlign was set to 0, resulting in a zero overflow error in the MS-ADPCM and IMA-ADP...

Security update for GraphicsMagick

This update for GraphicsMagick fixes the following issue: CVE-2026-25799: Division-by-Zero in YUV sampling factor validation leads to crash bsc1258786. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

EUVD-2026-10333

Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a certain number of leaked sockets is reached, blocklistd becomes unable to run the helper script: a child process is forked, but this child dereferences a null pointer and crashes...

PT-2026-23813

Name of the Vulnerable Software and Affected Versions WordPress JS Archive List plugin versions up to and including 6.1.7 Description The JS Archive List plugin for WordPress is susceptible to PHP Object Injection through the 'included' shortcode attribute. This occurs because of the...

MAL-2026-1161 Malicious code in xpack-sui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6569d492596cfa28e2627bd747ac4bd380bf9ff0e7ce0d931036e5f8de9ed276 The package xpack-sui was found to contain malicious code. Source: ghsa-malware 3fab32aa3396f63ec52f77a3d6ba319776c90390afa1264937a1537dde583443 Any...

CVE-2026-22720

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to create custom benchmarks may be able to inject script to perform administrative actions in VMware Aria Operations. To remediate CVE-2026-22720, apply the patches listed in the 'Fixed...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the PDB decoder when a memory allocation fails, leading to the use of a stale pointer. An attacker can cause a crash or trigger a single zero byte write by providing specially crafted input files. Remediation A fix was...