@enclave-vm/broker (>=0.0.1 <=2.10.0), @enclave-vm/runtime (>=0.0.1 <=2.10.0) potentially affected by CVE-2026-25533 via @enclave-vm/core (>=0.0.1 <=2.10.0)

@enclave-vm/core NPM version =0.0.1, =0.0.1, =0.0.1, =2.10.0 Source cves: CVE-2026-25533 Source advisory: OSV:GHSA-X39W-8VM5-5M3P...

Sandbox escape via infinite recursion and error objects

Note: The npm package has moved to @enclave-vm/core formerly enclave-vm. All fixed versions and guidance refer to @enclave-vm/core. Summary The existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the err...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands are vulnerable to loss of confidentiality (CVE-2026-22817, CVE-2026-22818)

Summary IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands are vulnerable to loss of confidentiality due to Node.js module hono. This bulletin provides patch information to address the reported vulnerability in Node.js module hono CVE-2026-22817,...

Cleartext Storage of Sensitive Information

Overview fuxa-server is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information via runtime.settings. An attacker can obtain sensitive administrative database credentials and full system...

Improper Authentication

Overview fuxa-server is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Improper Authentication via the authentication process. An attacker can gain administrative access and execute arbitrary code by bypassing authentication...

SUSE CVE-2025-71193

In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qusb2: Fix NULL pointer dereference on early suspend Enabling runtime PM before attaching the QPHY instance as driver data can lead to a NULL pointer dereference in runtime PM callbacks that expect valid driver data...

📄 Node.js 25.x Permission Model Sandbox Bypass / Path Traversal

This Metasploit module validates a sandbox escape weakness in the Node.js permission model that allows restricted file access bypass through symlink-based path traversal. When Node.js is executed with the --permission flag and limited filesystem read/write paths, the permission checks rely on...

CVE-2025-71193

In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qusb2: Fix NULL pointer dereference on early suspend Enabling runtime PM before attaching the QPHY instance as driver data can lead to a NULL pointer dereference in runtime PM callbacks that expect valid driver data...

CVE-2025-71193

In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qusb2: Fix NULL pointer dereference on early suspend Enabling runtime PM before attaching the QPHY instance as driver data can lead to a NULL pointer dereference in runtime PM callbacks that expect valid driver data...

UBUNTU-CVE-2025-71193

In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qusb2: Fix NULL pointer dereference on early suspend Enabling runtime PM before attaching the QPHY instance as driver data can lead to a NULL pointer dereference in runtime PM callbacks that expect valid driver data...

Malicious Package

Overview banquet-runtime-modules is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

EUVD-2025-206805

In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qusb2: Fix NULL pointer dereference on early suspend Enabling runtime PM before attaching the QPHY instance as driver data can lead to a NULL pointer dereference in runtime PM callbacks that expect valid driver data...

CVE-2025-71193

The CVE-2025-71193 family (Linux kernel: phy: qcom-qusb2) describes a NULL pointer dereference during early suspend caused by enabling runtime PM before the QPHY driver data is attached. This creates a window where suspend callbacks may run with invalid driver data, leading to sporadic boot crash...

CVE-2025-71193 phy: qcom-qusb2: Fix NULL pointer dereference on early suspend

In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qusb2: Fix NULL pointer dereference on early suspend Enabling runtime PM before attaching the QPHY instance as driver data can lead to a NULL pointer dereference in runtime PM callbacks that expect valid driver data...

CVE-2025-71193 phy: qcom-qusb2: Fix NULL pointer dereference on early suspend

In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qusb2: Fix NULL pointer dereference on early suspend Enabling runtime PM before attaching the QPHY instance as driver data can lead to a NULL pointer dereference in runtime PM callbacks that expect valid driver data...

Exploit for Incorrect Calculation in Google Android

CVE-2020-0022 Many thanks to Insinuator for their amazing blo...

Linux Distros Unpatched Vulnerability : CVE-2025-71193

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - phy: qcom-qusb2: Fix NULL pointer dereference on early suspend Enabling runtime PM before attaching the QPHY instance as driver data can lead to a NULL pointer...

Important: Red Hat Security Advisory: OpenJDK 25.0.2 Security Update for Windows Builds

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition in the addJS function due to the use of a shared module-scoped variable for storing JavaScript content. An attacker can cause sensitive data intended for one user to be included in another user's PDF by making concurrent...

Alibaba Cloud Linux 3 : 0024: grafana (ALINUX3-SA-2026:0024)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0024 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-61729: Within HostnameError.Error, when...