CVE-2026-46261

In the Linux kernel, the vulnerability CVE-2026-46261 affects the spi: wpcm-fiu driver. If platform_get_resource_byname() returns NULL, passing the result to resource_size() could crash due to a NULL pointer dereference in wpcm_fiu_probe(). The fix moves the fiu->memory_size assignment to occu...

CVE-2026-1402 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user to cause denial of service due to insufficient validation...

CVE-2026-42515

This vulnerability exists in e-Sushrut due to improper access control in resource access validation. An authenticated attacker could exploit this vulnerability by manipulating parameter in the API request URL to gain unauthorized access to sensitive information of patients on the targeted system...

BIT-PYTHON-MIN-2026-3479 pkgutil.get_data() does not enforce documented restrictions

pkgutil.getdata did not validate the resource argument as documented, allowing path traversals...

BMC FootPrints 代码问题漏洞

BMC FootPrints is an IT service management and ticket tracking system provided by the American company BMC. Versions of BMC FootPrints prior to 20.24.01.001 contained code vulnerabilities. These vulnerabilities stemmed from a flaw in the externalfeed/RSS API component, where blind server-side...

CVE-2017-6921

In Drupal 8 prior to 8.3.4; The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services rest module enabled, the file REST resource is enabled and allows PATCH requests, and an attacker can get or...

CVE-2025-40110

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a null-ptr access in the cursor snooper Check that the resource which is converted to a surface exists before trying to use the cursor snooper on it. vmwcmdrescheck allows explicit invalid SVGA3DINVALIDID...

DEBIAN-CVE-2025-40110

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a null-ptr access in the cursor snooper Check that the resource which is converted to a surface exists before trying to use the cursor snooper on it. vmwcmdrescheck allows explicit invalid SVGA3DINVALIDID...

UBUNTU-CVE-2025-40110

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a null-ptr access in the cursor snooper Check that the resource which is converted to a surface exists before trying to use the cursor snooper on it. vmwcmdrescheck allows explicit invalid SVGA3DINVALIDID...

CVE-2025-40110 drm/vmwgfx: Fix a null-ptr access in the cursor snooper

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a null-ptr access in the cursor snooper Check that the resource which is converted to a surface exists before trying to use the cursor snooper on it. vmwcmdrescheck allows explicit invalid SVGA3DINVALIDID...

CVE-2025-40110

The CVE-2025-40110 entry concerns the Linux kernel: for the DRM/vmwgfx component, a null-pointer dereference in the cursor snooper was fixed. The patch adds a validation that the actual surface resource exists before using the cursor snooper, addressing a scenario where SVGA3D_INVALID_ID could be...

CVE-2025-40110 drm/vmwgfx: Fix a null-ptr access in the cursor snooper

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a null-ptr access in the cursor snooper Check that the resource which is converted to a surface exists before trying to use the cursor snooper on it. vmwcmdrescheck allows explicit invalid SVGA3DINVALIDID...

EUVD-2018-19726

Malware in sbrugna...

EUVD-2025-13551

Malicious code in bioql PyPI...

SUSE CVE-2022-50068

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix dummy res NULL ptr deref bug Check the bo-resource value before accessing the resource memtype. v2: Fix commit description unwrapped warning 40.191227 T184 general protection fault, probably for non-canonical address...

CVE-2025-24376

kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. By design, AdmissionPolicy and AdmissionPolicyGroup can evaluate only namespaced resources. The resources to be evaluated are determined by the rules provided by the user when...

Cisco Secure Client has a data forgery issue vulnerability

Cisco Secure Client is a software for connecting to virtual private networks from the American company Cisco Cisco. Cisco Secure Client has a data forgery issue vulnerability that stems from insufficient runtime resource validation, which can be exploited by an attacker to cause a DLL hijacking...

CVE-2022-49392 serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe

In the Linux kernel, the following vulnerability has been resolved: serial: 8250aspeedvuart: Fix potential NULL dereference in aspeedvuartprobe platformgetresource may fail and return NULL, so we should better check it's return value to avoid a NULL pointer dereference...

PostHog 代码问题漏洞

PostHog is an all-in-one open source platform from PostHog Open Source. A code issue vulnerability exists in PostHog that stems from a lack of proper validation of URIs before accessing resources. An attacker exploiting this vulnerability could gain access to sensitive information...

SUSE CVE-2021-47050

In the Linux kernel, the following vulnerability has been resolved: memory: renesas-rpc-if: fix possible NULL pointer dereference of resource The platformgetresourcebyname can return NULL which would be immediately dereferenced by resourcesize. Instead dereference it after validating the resource...