`InterfaceAccount` allows account substitution between unexpected types

Affected versions of anchor-lang allowed InterfaceAccount to accept accounts with an unexpected Anchor discriminator. A change to InterfaceAccount caused checked deserialization to be bypassed for this account wrapper, so validation proved only that the account owner matched one of the accepted...

PT-2026-25393

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the Zenoh uORB subscriber allocates a stack VLA directly from the incoming payload length without bounds. A remote Zenoh publisher can send an oversized fragmented message to force an unbounded stack allocation and copy,...

CVE-2026-24830

Integer Overflow or Wraparound vulnerability in Ralim IronOS.This issue affects IronOS: before v2.23-rc2...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004406)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004406 advisory. In the Linux kernel 5.4.0-rc2, there is a use-after-free read in the blkaddtrace function in kernel/trace/blktrace.c which is used to fill out a blkiotrace structure...

CVE-2025-65581

An open redirect vulnerability exists in the Account module in Volosoft ABP Framework = 5.1.0 and 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains...

abp 安全漏洞

abp is an ABP open source web application framework. A security vulnerability exists in abp version 5.1.0 through versions prior to 10.0.0-rc.2, which stems from failure to properly validate the returnUrl parameter, which could result in a redirect to an arbitrary external domain...

Fedora 42 : dotnet10.0 (2025-aaa5764dc9)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-aaa5764dc9 advisory. This is the .NET 10 GA update ---- Update .NEt 10 to RC 2 Tenable has extracted the preceding description block directly from the Fedora security advisory...

Important: Red Hat Bug Fix Advisory: .NET 10.0 bug fix and enhancement update

An update for .NET 10.0 is now available for Red Hat Enterprise Linux 9. Please updateBug Fixes and Enhancements: Update .NET 10 to RC 1 rhel-9.7.z JIRA:RHEL-114572 Update .NET 10 to RC 2 rhel-9.7.z JIRA:RHEL-121559 dotnet10.0: .NET Denial of Service Vulnerability rhel-9.7.z JIRA:RHEL-120623...

CVE-2025-64323

kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 and below and 2.1.0-agw-cel-rbac through 2.1.0-rc.2 lack authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend...

CVE-2025-59425 vLLM vulnerable to timing attack at bearer auth

vLLM is an inference and serving engine for large language models LLMs. Before version 0.11.0rc2, the API key support in vLLM performs validation using a method that was vulnerable to a timing attack. API key validation uses a string comparison that takes longer the more characters the provided A...

PMSoftware Simple Web Server 安全漏洞

PMSoftware Simple Web Server is a simple HTTP server application from PMSoftware open source. A security vulnerability exists in PMSoftware Simple Web Server version 2.2 rc2, which stems from improper handling of the Connection HTTP header and could lead to a stack buffer overflow and remote code...

CVE-2010-3300

It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks...

Missing Authorization

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Missing Authorization via the execute function of the delete.php component. An attacker can manipulate permissions and delete audiences from reports they should not have access to by exploiting this...

SUSE CVE-2024-21803

Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM bluetooth modules allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/afbluetooth.C. This issue affects Linux kernel: fr...

Intel(R) SSD Security Vulnerability

IntelR SSD is a solid state drive from Intel Corporation USA. A security vulnerability exists in versions prior to IntelR SSD Tools mdadm-4.2-rc2. An attacker can exploit the vulnerability to elevate privileges...

SUSE CVE-2005-3055

Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service kernel OOPS via a userspace process that issues a USB Request Block URB to a USB device and terminates before the URB is finished, which leads to a stale pointer reference...

A race condition was found in the Linux kernel's ebpf verifier between bpf_map_update_elem and bpf_map_freeze due to a missing lock in kernel/bpf/syscall.c. In this flaw a local user with a special privilege (cap_sys_admin or cap_bpf) can modify the frozen mapped address space. This flaw affects kernel versions prior to 5.16 rc2.

...

alwakeupword (=1.0.0), armadillin (>=0.0.2 <=0.53.0) +35 more potentially affected by CVE-2021-41204 via tensorflow (>=2.6.0 <=2.6.0rc2)

tensorflow PYPI version =2.6.0, =0.0.2, =0.0.9, =0.2.0, =4.4.0, =1.1.2, =0.2.0, =0.0.1, =1.0.0, =0.1.5, =0.2.1 and more Source cves: CVE-2021-41204 Source advisory: OSV:PYSEC-2021-397...

PT-2011-2420 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.38-rc2 Description: The issue is related to the dvb ca ioctl function in the Linux kernel, which does not properly check the sign of a certain integer field. This oversight allows local users to potentially...