1401 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-46000
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rxrpc: Fix conn-level packet handling to unshare RESPONSE packets The security operations that verify the RESPONSE packets decrypt bits of it in place - however...
Linux Distros Unpatched Vulnerability : CVE-2026-39831
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Verify method for FIDO/U2F security key types [email protected], sk-ssh- [email protected] did not check the User Presence flag. Signatur...
npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation. Called staged publishing, the feature is now generally available on...
SUSE CVE-2026-39831
The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...
CVE-2026-39831
The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...
CVE-2026-39831 Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh
The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...
EUVD-2026-31395
The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...
CVE-2026-39831
CVE-2026-39831 involves the Verify() method for FIDO/U2F security key types ([email protected], [email protected]) where the User Presence flag was not checked. This allowed signatures generated without physical user interaction to be accepted, enabling unattended use of...
CVE-2026-39831 Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh
The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...
CVE-2026-39831
The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...
GO-2026-5019 Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh
The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, where the Verify method does not check the presence flag of the user. This allows signatures generate...
PT-2026-42710
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The Verify method for FIDO/U2F security key types [email protected] and [email protected] failed to check the User Presence flag. This...
Unity Linux 20.1060e / 20.1070e Security Update: PackageKit (UTSA-2026-016629)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016629 advisory. PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable ...
MAL-2026-3979 Malicious code in @antv/g2-ssr (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Incomplete List of Disallowed Inputs
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs inadequate input validation in the validateCommandFlags and validateArgsForLocalFileAccess functions. An attacker can execute arbitrary commands on the server by bypassi...
CVE-2026-44223 vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters
vLLM is an inference and serving engine for large language models LLMs. From to before 0.20.0, the extracthiddenstates speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the EngineCore process. The crash ...
CVE-2026-44223
vLLM is an inference and serving engine for large language models LLMs. From to before 0.20.0, the extracthiddenstates speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the EngineCore process. The crash ...
Cisco Unified Communications Manager IM & Presence Service Remote Code Execution Vulnerability (regreSSHion) (cisco-sa-openssh-rce-2024)
According to its self-reported version, CCisco Unified Communications Manager IM & Presence Service is affected by a vulnerability. - A remote code execution vulnerability exists in Cisco Unified Communications Manager IM & Presence Service due to a signal handler race condition found in sshd,...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: net-sysfs: added a check to ensure netdevice is present before using speedshow. When disabling the netdevice or during system shutdown, a panic may occur when accessing the sysfs path, because the device has already been removed...