CVE-2026-43272

A flaw was found in the Linux kernel's ring-buffer component. This vulnerability allows a local user to potentially cause a denial of service. The issue occurs because a pointer in the rbmetavalidateevents function is not properly initialized, and its dereference during a reader page validation...

Unity Linux 20.1070a Security Update: osbuild-composer (UTSA-2026-016489)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016489 advisory. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large...

GHSA-2V93-VP82-CJV8 Velocidex Velociraptor has an Incorrect Authorization issue

Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization the lowest authenticated role, holding only READRESULTS permission can issue a single authenticated HTTP GET that can read any files...

EUVD-2026-27844

Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization the lowest authenticated role, holding only READRESULTS permission can issue a single authenticated HTTP GET that can read any files...

Velocidex Velociraptor has an Incorrect Authorization issue

Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization the lowest authenticated role, holding only READRESULTS permission can issue a single authenticated HTTP GET that can read any files...

CVE-2026-6863

Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization the lowest authenticated role, holding only READRESULTS permission can issue a single authenticated HTTP GET that can read any files...

CVE-2026-43111

A flaw was found in the Linux kernel's roccat Human Interface Device HID driver. This vulnerability, a use-after-free, arises from a synchronization issue where the roccatreportevent function accesses a list of readers without adequate locking. A local attacker could exploit this to cause a syste...

avro-oom-compression-poc

Avro Decompression Bomb PoC CWE-409 Proof of concept demons...

CVE-2026-6863

Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization the lowest authenticated role, holding only READRESULTS permission can issue a single authenticated HTTP GET that can read any files...

CVE-2026-6863

CVE-2026-6863 affects Velociraptor versions prior to 0.76.4, where the HTTP API permits a cross-organization authorization bypass. A user with only the reader role in the root organization (lowest authenticated role with READ_RESULTS) can issue a single authenticated HTTP GET that can read any fi...

CVE-2026-6863 HTTP Filestore Endpoints Misapply Permissions Across Organizations

Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization the lowest authenticated role, holding only READRESULTS permission can issue a single authenticated HTTP GET that can read any files...

BIT-JAVA-MIN-2024-25062

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

BIT-JAVA-2024-25062

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

CVE-2026-43272

CVE-2026-43272 concerns the Linux kernel ring-buffer component. The root cause is an uninitialized pointer in rb_meta_validate_events(), which can be dereferenced during a reader-page validation failure, potentially causing a system crash or instability. The issue is fixed by initializing orig_he...

PT-2026-37643

Name of the Vulnerable Software and Affected Versions Velociraptor versions prior to 0.76.4 Description A cross organization authorization bypass exists in the HTTP API. A user assigned the reader role in the root organization, which possesses only READ RESULTS permission, can perform an...

PT-2026-37809

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

PT-2026-38016

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

Linux Distros Unpatched Vulnerability : CVE-2026-42440

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader Versions Affected: before 2.5.9 before 3.0.0-M3 Description: The...

Inefficient Algorithmic Complexity

Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the ResponseReader class. An attacker can exhaust the client's CPU by sending specially crafted IMAP responses containing many string literals, leading to significant performance degradation in...

net-imap has quadratic complexity when reading response literals

Summary Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are crafted to exhaust the client's CPU for a denial of service attack. Details For each literal in a response, ResponseReader...