jq: jq: Denial of Service via crafted JSON object causing hash collisions

A flaw was found in jq, a command-line JSON processor. A remote attacker could exploit this vulnerability by providing a specially crafted JSON object. This object leverages a weakness in jq's hashing algorithm, which uses a hardcoded, publicly known seed. By crafting the JSON object to cause has...

Ubuntu 24.04 LTS : Linux kernel (Azure) vulnerabilities (USN-8074-1)

"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8074-1 advisory. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory...

CVE-2026-0995

An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME...

The vulnerability of the graphics processor in microprogrammed software embedded in Qualcomm chips allows a hacker to cause memory corruption.

The vulnerability of the graphics processor in microprogrammed software embedded in Qualcomm’s integrated circuits is related to deficiencies in the authentication mechanism. Exploiting this vulnerability can allow an attacker to cause memory corruption by sending a sequence of specially crafted...

The vulnerability of the HTTP request processor daemon in the TRENDnet TEW-410APB wireless access point software allows a attacker to cause a service failure.

The vulnerability of the HTTP request processor in TRENDnet TEW-410APB wireless access points is related to the zero pointer swapping issue. Exploiting this vulnerability allows a remote attacker to cause service interruptions by sending a specially crafted POST request...

Amazon Linux 2 : kernel (ALASKERNEL-5.15-2025-068)

The version of kernel installed on the remote host is prior to 5.15.57-29.131. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-068 advisory. A flaw was found in hw. Aliases in the branch predictor may cause some AMD processors to predict the wrong...

CVE-2024-27379

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsinansubscribegetnlparams, there is no input validation check on halreq-numintfaddrpresent coming from userspace, which can lead to a heap overwrite...

Code-Projects Blood Bank Management System 安全漏洞

Code-Projects Blood Bank Management System is an open source blood bank management system from Code-Projects. A security vulnerability exists in Code-Projects Blood Bank Management System version 1.0, which stems from a problem in an unknown part of the password processor component that causes...

The vulnerability of the package processor on the MailSherlock audit platform, which allows a hacker to execute arbitrary SQL queries.

The vulnerability of the packet handler on the MailSherlock email audit platform relates to the lack of security measures for handling SQL query structures. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary SQL queries...

kernel: AMD: Cross-Thread Return Address Predictions

A flaw was found in HW. When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch, potentially resulting in information disclosure...

Code injection

An issue was discovered in the controller unit of the OpenRISC mor1kx processor. The read/write access permissions to the Exception Program Counter Register EPCR are not implemented correctly. User programs from an unauthorized privilege level can make read/write accesses to EPCR...

hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions

A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions...

hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS)

A flaw was found in hw. Incomplete cleanup of microarchitectural fill buffers on some Intel® Processors may allow an authenticated user to enable information disclosure via local access...

hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions

A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions...

hw: cpu: Intel: information disclosure via local access

A flaw was found in hw. The unprotected alternative channel of return branch target prediction in some IntelR Processors may allow an authorized user to enable information disclosure via local access...

hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW)

A flaw was found in hw. Incomplete cleanup in specific special register write operations for some Intel® Processors may allow an authenticated user to enable information disclosure via local access...

hw: Vector Register Data Sampling

A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read...

hw: Vector Register Leakage-Active

A flaw was found in the Intel Advanced Vector Extensions AVX implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state...

hw: Fast forward store predictor

A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU...

hw: Vector Register Leakage-Active

A flaw was found in the Intel Advanced Vector Extensions AVX implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state...