CVE-2025-61972

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network SMN access, potentially resulting in arbitrary code execution in AMD Secure Processor ASP and loss of the SEV-SNP guest's confidentiality and integrity...

Important: Red Hat Security Advisory: jq security update

An update for jq is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

Palo Alto Networks Prisma Browser 代码注入漏洞

Palo Alto Networks Prisma Browser is an enterprise-level security browser developed by Palo Alto Networks. The Prisma Browser has a code injection vulnerability, which stems from an inability to properly restrict access to the AppleScript interface. This vulnerability may allow unauthorized...

Netty 安全漏洞

Netty is a non-blocking I/O client-server framework developed by the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty from 4.2.0.Final to 4.2.13.Final contain security vulnerabilities. These vulnerabilities ste...

PT-2026-40552

Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 7.0.34 MongoDB Server versions prior to 8.0.23 MongoDB Server versions prior to 8.2.9 MongoDB Server versions prior to 8.3.2 Description An authenticated user with aggregation permissions can cause CPU...

SUSE CVE-2026-43313

In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Fix NULL-pointer dereference in acpiprocessorerratapiix4 In acpiprocessorerratapiix4, the pointer dev is first assigned an IDE device and then reassigned an ISA device: dev = pcigetsubsys...,...

AMD Athlon™, AMD Ryzen™, and AMD Ryzen™ Embedded Series Processor Vulnerabilities – May 2026

CVE Details Refer to Glossary for explanation of terms CVE ID| CVE Description| CVSS ---|---|--- CVE-2021-46747| Insufficient granularity of access control in AMD Secure Processor ASP may allow an attacker with an untrusted user space application to map sensitive System Management Network SMN...

PT-2026-40027

Name of the Vulnerable Software and Affected Versions dovecot versions prior to 2.4.4-1.1 Description An attacker can upload a malicious Sieve script via the 'ManageSieve' service or local access to bypass configured CPU time limits for Sieve by up to 130 times the limit. This can lead to degrade...

Intel Processor Firmware May 2026 Security Update

Intel has informed HP of a potential security vulnerability identified in some Intel® Processors, which might allow information disclosure. Intel is releasing microcode updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...

AMD Server Software and Embedded Chipset Driver Vulnerabilities Identified in Windows® Environments

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2026-0432| Incorrect default permissions in the installation directory for the AMD chipset driver could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.|...

2026.2 IPU - Intel® Processor Firmware Advisory

Summary: A potential security vulnerability in some Intel® Processors may allow information disclosure. Intel is releasing microcode updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-35979 Description: Exposure of sensitive information caused by shared...

UEFI Reference Firmware Advisory

Summary: A potential security vulnerability in UEFI for some Intel Reference Platforms may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-35991 Description: Improper initialization in the UEFI...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2026-50262)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50262 advisory. - xfrm: esp: avoid in-place decrypt on shared skb frags Kuan-Ting Chen Orabug: 39344527 CVE-2026-43284 - x86/CPU/AMD: Add a fix for AMD-SB-7052...

CVE-2026-40612

jq is a command-line JSON processor. In 1.8.1 and earlier, jvcontains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input structure built programmatically with reduce, since the JSON parser caps at depth 10000, the C stack is exhausted...

UBUNTU-CVE-2026-43896

jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jvobjectmergerecursive allows a crafted jq program to crash the process with a segfault. The function is reachable through the operator when both operands are objects...

UBUNTU-CVE-2026-40612

jq is a command-line JSON processor. In 1.8.1 and earlier, jvcontains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input structure built programmatically with reduce, since the JSON parser caps at depth 10000, the C stack is exhausted...

UBUNTU-CVE-2026-43895

jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those paths through C string operations during module and data-file lookup. This creates a mismatch between the logical import string that policy o...

CVE-2026-43896

jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jvobjectmergerecursive allows a crafted jq program to crash the process with a segfault. The function is reachable through the operator when both operands are objects...

CVE-2026-44777

jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other...

EUVD-2026-29177

jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other...