SUSE CVE-2026-43141

In the Linux kernel, the following vulnerability has been resolved: ntb: ntbhwswitchtec: Fix shift-out-of-bounds for 0 mw lut Number of MW LUTs depends on NTB configuration and can be set to zero, in such scenario rounddownpowoftwo will cause undefined behaviour and should not be performed. This...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: bnxtre: Avoid undefined behavior in bnxtqpliballocinithwq Undefined behavior occurs when bnxtqpliballocinithwq is called with hwqattr-auxdepth != 0 and hwqattr-auxstride == 0. In that case, “rounduppowoftwohwqattr-auxstride” is...

EUVD-2026-14379

Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow with a negative...

CVE-2026-4603

Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RSA public-key operations e.g., verify and encryption to collapse to...

EUVD-2021-1406

Malware in sbrugna...

EUVD-2022-1831

Malicious code in bioql PyPI...

MAL-2025-13255 Malicious code in @zalastax/nolb-pow (npm)

The package @zalastax/nolb-pow was found to contain malicious code...

Malicious code in @zalastax/nolb-pow (npm)

The package @zalastax/nolb-pow was found to contain malicious code...

CVE-2023-42446

Pow is a authentication and user management solution for Phoenix and Plug-based apps. Starting in version 1.0.14 and prior to version 1.0.34, use of Pow.Store.Backend.MnesiaCache is susceptible to session hijacking as expired keys are not being invalidated correctly on startup. A session may expi...

CVE-2020-5205

In Pow Hex package before 1.0.16, the use of Plug.Session in Pow.Plug.Session is susceptible to session fixation attacks if a persistent session store is used for Plug.Session, such as Redis or a database. Cookie store, which is used in most Phoenix apps, doesn't have this vulnerability...

DEBIAN-CVE-2024-38540

In the Linux kernel, the following vulnerability has been resolved: bnxtre: avoid shift undefined behavior in bnxtqpliballocinithwq Undefined behavior is triggered when bnxtqpliballocinithwq is called with hwqattr-auxdepth != 0 and hwqattr-auxstride == 0. In that case,...

Arithmetic overflows in cosmwasm-std

Some mathematical operations in cosmwasm-std use wrapping math instead of panicking on overflow for very big numbers. This can lead to wrong calculations in contracts that use these operations. Affected functions: - Uint256,512::pow / Int256,512::pow - Int256,512::neg Affected if overflow-checks ...

SUSE CVE-2024-26883

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stackmap overflow check on 32-bit arches The stackmap code relies on rounduppowoftwo to compute the number of hash buckets, and contains an overflow check by checking if the resulting value is 0. However, on 32-bit arche...

GHSA-3CJH-P6PW-JHV9 Pow Mnesia cache doesn't invalidate all expired keys on startup

Use of Pow.Store.Backend.MnesiaCache is susceptible to session hijacking as expired keys are not being invalidated correctly on startup. A cache key may become expired when all Pow.Store.Backend.MnesiaCache instances have been shut down for a period that is longer than the keys' remaining TTL and...

Pow Mnesia cache doesn't invalidate all expired keys on startup

Use of Pow.Store.Backend.MnesiaCache is susceptible to session hijacking as expired keys are not being invalidated correctly on startup. A cache key may become expired when all Pow.Store.Backend.MnesiaCache instances have been shut down for a period that is longer than the keys' remaining TTL and...

CVE-2023-42446 Pow Mnesia cache doesn't invalidate all expired keys on startup

Pow is a authentication and user management solution for Phoenix and Plug-based apps. Starting in version 1.0.14 and prior to version 1.0.34, use of Pow.Store.Backend.MnesiaCache is susceptible to session hijacking as expired keys are not being invalidated correctly on startup. A session may expi...

CVE-2023-42446 Pow Mnesia cache doesn't invalidate all expired keys on startup

Pow is a authentication and user management solution for Phoenix and Plug-based apps. Starting in version 1.0.14 and prior to version 1.0.34, use of Pow.Store.Backend.MnesiaCache is susceptible to session hijacking as expired keys are not being invalidated correctly on startup. A session may expi...

CVE-2023-42446 Pow Mnesia cache doesn't invalidate all expired keys on startup

Pow is a authentication and user management solution for Phoenix and Plug-based apps. Starting in version 1.0.14 and prior to version 1.0.34, use of Pow.Store.Backend.MnesiaCache is susceptible to session hijacking as expired keys are not being invalidated correctly on startup. A session may expi...

CVE-2023-42446

Pow is a Phoenix/Plug authentication library. CVE-2023-42446 affects Pow.Store.Backend.MnesiaCache in versions 1.0.14 up to, but not including, 1.0.34, where expired keys are not correctly invalidated on startup, allowing potential session hijacking if all MnesiaCache instances are down past a se...

Pow security breach

Pow is an open source, complete authentication and user management library built into Elixir that works out-of-the-box for Phoenix and Plug-based applications while being fully customizable. A security vulnerability exists in Pow versions 1.0.14 through 1.0.34, which stems from the vulnerability ...