PT-2026-21765

Name of the Vulnerable Software and Affected Versions Finka-FK versions prior to 18.5 Finka-KPR versions prior to 16.6 Finka-Płace versions prior to 13.4 Finka-Faktura versions prior to 18.3 Finka-Magazyn versions prior to 8.3 Finka-STW versions prior to 12.3 Description The Finka software suite...

CVE-2026-23126

In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix a race issue related to the operation on bpfboundprogs list The netdevsim driver lacks a protection mechanism for operations on the bpfboundprogs list. When the nsimbpfcreateprog performs listaddtail, it is possibl...

CVE-2026-23126 netdevsim: fix a race issue related to the operation on bpf_bound_progs list

In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix a race issue related to the operation on bpfboundprogs list The netdevsim driver lacks a protection mechanism for operations on the bpfboundprogs list. When the nsimbpfcreateprog performs listaddtail, it is possibl...

Nsasoft SpotAuditor 安全漏洞

Nsasoft SpotAuditor is a advanced password recovery software developed by the US company Nsasoft. It is designed to restore passwords that have been lost or forgotten from over 40 popular Windows programs and tools. Version 5.3.2 of Nsasoft SpotAuditor contains a security vulnerability; this...

AMD Graphics Driver 安全漏洞

AMD Graphics Driver is an integrated graphics driver developed by American semiconductor company AMD. There is a security vulnerability in AMD Graphics Driver, which stems from improper input validation. This vulnerability could allow attackers to provide malicious code, enabling them to execute...

From points to payouts: The evolution of the Microsoft security researcher leaderboard

The global security research community plays a critical role in helping Microsoft protect customers. Through their deep technical expertise, coordinated disclosure, and collaboration, researchers help identify and remediate vulnerabilities, and shape how our security programs evolve. Many of the...

Linux-Usermode-Exploitation-101

Linux Usermode Exploitation 101 Introduction The aim of th...

Chasing Elusive Memory Bugs in GPU Programs

Memory safety bugs, such as out-of-bound accesses OOB in GPU programs, can compromise the security and reliability of GPU-accelerated software. We report the existence of input-dependent OOBs in the wild that manifest only under specific inputs. All existing tools to detect OOBs in GPU programs...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37948)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37948 advisory. - In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Add BHB mitigation to the...

MiracleLinux 8 : mysql:8.0 (AXSA:2024-7561:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7561:01 advisory. mysql: InnoDB unspecified vulnerability CPU Apr 2023 CVE-2023-21911 mysql: Server: DDL unspecified vulnerability CPU Apr 2023 CVE-2023-21919,...

MiracleLinux 9 : mysql-8.0.41-2.el9_5.ML.1 (AXSA:2025-9701:03)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9701:03 advisory. openssl: SSLselectnextproto buffer overread CVE-2024-5535 krb5: GSS message token handling CVE-2024-37371 curl: libcurl: ASN.1 date parser overread...

MiracleLinux 9 : mysql-8.0.36-1.el9_3.ML.1 (AXSA:2024-7606:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7606:01 advisory. mysql: InnoDB unspecified vulnerability CPU Apr 2023 CVE-2023-21911 mysql: Server: DDL unspecified vulnerability CPU Apr 2023 CVE-2023-21919,...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003619)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003619 advisory. The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs such as /bin/su because installexeccreds is called too late in loadelfbinary in...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001273)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001273 advisory. The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs such as /bin/su because installexeccreds is called too late in loadelfbinary in...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003650)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003650 advisory. The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs such as /bin/su because installexeccreds is called too late in loadelfbinary in...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004104)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004104 advisory. A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held...

[SECURITY] Fedora 42 Update: mariadb10.11-10.11.15-1.fc42

MariaDB is a community developed fork from MySQL - a multi-user, multi-thread ed SQL database server. It is a client/server implementation consisting of a server daemon mariadbd and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs...

CVE-2003-1291

VMware ESX Server 1.5.2 before Patch 4 allows local users to execute arbitrary programs as root via certain modified VMware ESX Server environment variables...

CVE-2022-31782

ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow...

CVE-2024-39904

VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,...