CVE-2024-36319

Debug code left active in AMD's Video Decoder Engine Firmware VCN FW could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity and availabilability of the system...

CVE-2024-36319

Debug code left active in AMD's Video Decoder Engine Firmware VCN FW could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity and availabilability of the system...

CVE-2024-36319

Summary: CVE-2024-36319 concerns debug code left active in AMD’s Video Decoder Engine Firmware (VCN FW). A crafted command could cause VCN FW to read/write HW registers, with potential impact to confidentiality, integrity, and availability. Affected component is the VCN FW in AMD graphics/VP-rela...

CVE-2024-36319

Debug code left active in AMD's Video Decoder Engine Firmware VCN FW could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity and availabilability of the system...

CVE-2026-26216

Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing unauthenticated remote...

PT-2026-7876

Debug code left active in AMD's Video Decoder Engine Firmware VCN FW could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity and availabilability of the system...

Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to 20.20.0: CVE-2026-22036: Updated undici to 6.23.0 bsc1256848 CVE-2025-59465: Add TLSSocket default error handler bsc1256573 CVE-2025-55132: Disable futimes when permission model is enabled bsc1256571 CVE-2025-55130: Require full read...

CVE-2024-36320

Integer Overflow within atihdwt6.sys can allow a local attacker to cause out of bound read/write potentially leading to loss of confidentiality, integrity and availability...

CVE-2024-36320

Integer Overflow within atihdwt6.sys can allow a local attacker to cause out of bound read/write potentially leading to loss of confidentiality, integrity and availability...

CVE-2024-36320

Integer Overflow within atihdwt6.sys can allow a local attacker to cause out of bound read/write potentially leading to loss of confidentiality, integrity and availability...

Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to 20.20.0: CVE-2026-22036: Updated undici to 6.23.0 bsc1256848 CVE-2025-59465: Add TLSSocket default error handler bsc1256573 CVE-2025-55132: Disable futimes when permission model is enabled bsc1256571 CVE-2025-55130: Require full read...

nodejs: Nodejs file permissions bypass

A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...

📄 Samsung QuramDng Embedded DNG Out-Of-Bounds Read / Write

This proof of concept demonstrates an out-of-bounds read / write vulnerability in Samsung's QuramDng image parser, affecting Galaxy S22–S25 devices running One UI 6+. By crafting a malformed DNG that abuses the OpcodeList1 specifically the FixBadPixelsList opcode and embedding it inside a JPEG...

Exploit for CVE-2026-1862

CVE-2026-1862 Disclaimer This software has been created pu...

CVE-2026-23633

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, there is an arbitrary file read/write via path traversal in Git hook editing. This issue has been patched in versions 0.13.4 and 0.14.0+dev...

CVE-2026-25636

calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre resolves CipherReference URI from META-INF/encryption.xml to...

CVE-2026-23633

Gogs (pre-0.13.4 and pre-0.14.0+dev) contains a path-traversal flaw in the Git hook editing endpoint that allows arbitrary file read/write via the :name parameter in /username/reponame/settings/hooks/git/:name. The vulnerability arises from URL-decoding the parameter and using it to build file pa...

runc: container escape via 'masked path' abuse due to mount race conditions

A flaw was found in runc. This flaw exploits an issue with how masked paths are implementedin runc. When masking files, runc will bind-mount the container's /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instea...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview n8n-core is a Core functionality of n8n Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via improper file access controls in the workflow creation or modification process. An attacker can modify sensitive host system files, including...

CVE-2025-52627

Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0...