Malicious code in auth-javascript (npm)

Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...

Malicious code in iceberg-javascript (npm)

Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...

MAL-2026-3648 Malicious code in auth-javascript (npm)

Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...

Malicious code in @a91082900/test_package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8349cd7ce2c9ac2321dce8f80e5a46c0064b382fb7e54e975ff27a2dcab1254 The package's main file index.js executes at module load, with no exports and no user-invoked API. On import it issues...

MAL-2026-3680 Malicious code in @a91082900/test_package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8349cd7ce2c9ac2321dce8f80e5a46c0064b382fb7e54e975ff27a2dcab1254 The package's main file index.js executes at module load, with no exports and no user-invoked API. On import it issues...

CLSA-2026-1778599539 Fix CVE(s): CVE-2026-4878

SECURITY UPDATE: TOCTOU race condition in capsetfile - debian/patches/CVE-2026-4878.patch: open the target file and operate on /proc/self/fd/N so the inode is locked between the regular-file check and the xattr update - CVE-2026-4878...

Unity Linux 20.1060e / 20.1070e Security Update: flatpak (UTSA-2026-017590)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017590 advisory. Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the applyextra script sandbox, which allows attackers to modify a host-side executable file...

EUVD-2026-28682

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free by using callrcu for oplockinfo ksmbd currently frees oplockinfo immediately using kfree, even though it is accessed under RCU read-side critical sections in places like opinfoget and procshowfiles. Sinc...

CVE-2026-43470

In the Linux kernel, the following vulnerability has been resolved: nfs: return EISDIR on nfs3proccreate if dalias is a dir If we found an alias through nfs3docreate/nfsaddorobtain /dsplicealias which happens to be a dir dentry, we don't return any error, and simply forget about this alias, but t...

UBUNTU-CVE-2026-43376

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free by using callrcu for oplockinfo ksmbd currently frees oplockinfo immediately using kfree, even though it is accessed under RCU read-side critical sections in places like opinfoget and procshowfiles. Sinc...

CVE-2026-43376

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free by using callrcu for oplockinfo ksmbd currently frees oplockinfo immediately using kfree, even though it is accessed under RCU read-side critical sections in places like opinfoget and procshowfiles. Sinc...

CVE-2026-43178 procfs: fix possible double mmput() in do_procmap_query()

In the Linux kernel, the following vulnerability has been resolved: procfs: fix possible double mmput in doprocmapquery When user provides incorrectly sized buffer for build ID for PROCMAPQUERY we return with -ENAMETOOLONG error. After recent changes this condition happens later, after we unlocke...

CVE-2026-43178

In the Linux kernel, the following vulnerability has been resolved: procfs: fix possible double mmput in doprocmapquery When user provides incorrectly sized buffer for build ID for PROCMAPQUERY we return with -ENAMETOOLONG error. After recent changes this condition happens later, after we unlocke...

CVE-2026-43178

In the Linux kernel, the procfs component has a vulnerability in do_procmap_query() that can trigger a double mmput() of an mm_struct when a user passes an incorrectly sized buffer for PROCMAP_QUERY's build ID. The root cause is a change that defers cleanup after unlocking mmap_lock and per-VMA, ...

PT-2026-37518

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the procfs component within the do procmap query function. When a user provides an incorrectly sized buffer for the build ID during a PROCMAP QUERY, the system returns a...

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: landlock: Fix handling of disconnected directories CVE-2025-68736 In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Fix restoration of SVE context CVE-2026-23102 In the Linu...

Exploit for CVE-2025-40271

🔴 CVE-2025-40271: Vulnerabilidad Crítica de Uso-After-Free en...

Access Control Bypass

Overview MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Access Control Bypass via the exec function in the mindsdb/integrations/handlers/byomhandler/procwrapper.py component. An attacker can gain...

GHSA-9F6M-65V9-X9G2 MindsDB has an Improper Access Control Issue

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

MindsDB has an Improper Access Control Issue

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...