40 matches found
CVE-2026-54030
CVE-2026-54030 affects LibreChat (MCP OAuth flow). Before v0.8.5, the OAuth Protected Resource metadata’s resource parameter is not validated against the MCP server URL, enabling a malicious MCP server to steal access tokens intended for a legitimate server. Affected version range includes pre-0....
CVE-2026-46261
CVE-2026-46261 relates to the Linux kernel wpcm-fiu SPI driver. The issue is a potential NULL pointer dereference when platform_get_resource_byname() returns NULL, if the NULL is dereferenced by resource_size(). The patch moves the fiu->memory_size assignment to occur after the error check for...
CVE-2026-1402 Allocation of Resources Without Limits or Throttling in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user to cause denial of service due to insufficient validation...
CVE-2026-42515
This vulnerability exists in e-Sushrut due to improper access control in resource access validation. An authenticated attacker could exploit this vulnerability by manipulating parameter in the API request URL to gain unauthorized access to sensitive information of patients on the targeted system...
python: Python pkgutil.get_data(): Path Traversal via improper resource argument validation
A flaw was found in Python's pkgutil.getdata function, which is used to retrieve data from packages. This function did not properly validate the resource argument, allowing a local attacker to perform path traversal attacks. Path traversal enables an attacker to access files and directories store...
python: Python pkgutil.get_data(): Path Traversal via improper resource argument validation
A flaw was found in Python's pkgutil.getdata function, which is used to retrieve data from packages. This function did not properly validate the resource argument, allowing a local attacker to perform path traversal attacks. Path traversal enables an attacker to access files and directories store...
python: Python pkgutil.get_data(): Path Traversal via improper resource argument validation
A flaw was found in Python's pkgutil.getdata function, which is used to retrieve data from packages. This function did not properly validate the resource argument, allowing a local attacker to perform path traversal attacks. Path traversal enables an attacker to access files and directories store...
BIT-PYTHON-MIN-2026-3479 pkgutil.get_data() does not enforce documented restrictions
pkgutil.getdata did not validate the resource argument as documented, allowing path traversals...
BMC FootPrints 代码问题漏洞
BMC FootPrints is an IT service management and ticket tracking system provided by the American company BMC. Versions of BMC FootPrints prior to 20.24.01.001 contained code vulnerabilities. These vulnerabilities stemmed from a flaw in the externalfeed/RSS API component, where blind server-side...
CVE-2017-6921
In Drupal 8 prior to 8.3.4; The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services rest module enabled, the file REST resource is enabled and allows PATCH requests, and an attacker can get or...
CVE-2025-40110
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a null-ptr access in the cursor snooper Check that the resource which is converted to a surface exists before trying to use the cursor snooper on it. vmwcmdrescheck allows explicit invalid SVGA3DINVALIDID...
DEBIAN-CVE-2025-40110
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a null-ptr access in the cursor snooper Check that the resource which is converted to a surface exists before trying to use the cursor snooper on it. vmwcmdrescheck allows explicit invalid SVGA3DINVALIDID...
UBUNTU-CVE-2025-40110
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a null-ptr access in the cursor snooper Check that the resource which is converted to a surface exists before trying to use the cursor snooper on it. vmwcmdrescheck allows explicit invalid SVGA3DINVALIDID...
CVE-2025-40110 drm/vmwgfx: Fix a null-ptr access in the cursor snooper
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a null-ptr access in the cursor snooper Check that the resource which is converted to a surface exists before trying to use the cursor snooper on it. vmwcmdrescheck allows explicit invalid SVGA3DINVALIDID...
CVE-2025-40110
The CVE-2025-40110 entry concerns the Linux kernel: for the DRM/vmwgfx component, a null-pointer dereference in the cursor snooper was fixed. The patch adds a validation that the actual surface resource exists before using the cursor snooper, addressing a scenario where SVGA3D_INVALID_ID could be...
CVE-2025-40110 drm/vmwgfx: Fix a null-ptr access in the cursor snooper
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a null-ptr access in the cursor snooper Check that the resource which is converted to a surface exists before trying to use the cursor snooper on it. vmwcmdrescheck allows explicit invalid SVGA3DINVALIDID...
EUVD-2018-19726
Malware in sbrugna...
EUVD-2025-13551
Malicious code in bioql PyPI...
SUSE CVE-2022-50068
In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix dummy res NULL ptr deref bug Check the bo-resource value before accessing the resource memtype. v2: Fix commit description unwrapped warning 40.191227 T184 general protection fault, probably for non-canonical address...
CVE-2025-24376
kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. By design, AdmissionPolicy and AdmissionPolicyGroup can evaluate only namespaced resources. The resources to be evaluated are determined by the rules provided by the user when...