PT-2026-41995

Name of the Vulnerable Software and Affected Versions libheif versions prior to 1.22.0 Description An unsigned integer underflow occurs in the Chunk constructor when processing a crafted HEIF sequence file containing samples per chunk=0 in the stsc box. This causes all samples to map to an empty...

MAL-2026-3867 Malicious code in @antv/data-samples (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/data-samples (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

libheif 缓冲区错误漏洞

LibHEIF is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of LibHEIF prior to 1.21.2 contain a buffer error vulnerability. This vulnerability arises from setting samplesperchunk=0 in the stsc box, causing an unsigned integer...

@antv/auto-chart (>=2.0.0 <=2.0.5-alpha.0), @antv/chart-advisor (>=2.0.4 <=2.0.5-alpha.0) +1 more potentially affected by unknown CVE via @antv/data-samples (=1.0.1)

@antv/data-samples NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/data-samples and may be impacted: - @antv/auto-chart =2.0.0, =2.0.4, =2.0.4, =2.0.5-alpha.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3867...

BIT-JAVA-2024-47597 GHSL-2024-245: GStreamer has an OOB-read in qtdemux_parse_samples

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemuxparsesamples within qtdemux.c. This issue arises when the function qtdemuxparsesamples reads data beyond the boundaries of the stream-stco buffer. The following code...

SUSE CVE-2026-31770

In the Linux kernel, the following vulnerability has been resolved: hwmon: occ Fix division by zero in occshowpower1 In occshowpower1 case 1, the accumulator is divided by updatetag without checking for zero. If no samples have been collected yet e.g. during early boot when the sensor block is...

linux-malware-toolbox

Linux Malware Samples - Educational Repository ⚠️ IMPORTAN...

linux-malwares

Linux Malware Samples - Educational Repository ⚠️ IMPORTAN...

CVE-2026-31770

A flaw was found in the Linux kernel's hwmon subsystem, specifically within the occ driver. During early boot or when no sensor samples have been collected, the occshowpower1 function can attempt to divide by zero. A local attacker could exploit this condition, leading to a kernel crash and a...

CVE-2026-31770

In the Linux kernel, the following vulnerability has been resolved: hwmon: occ Fix division by zero in occshowpower1 In occshowpower1 case 1, the accumulator is divided by updatetag without checking for zero. If no samples have been collected yet e.g. during early boot when the sensor block is...

EUVD-2026-26583

In the Linux kernel, the following vulnerability has been resolved: hwmon: occ Fix division by zero in occshowpower1 In occshowpower1 case 1, the accumulator is divided by updatetag without checking for zero. If no samples have been collected yet e.g. during early boot when the sensor block is...

CVE-2026-31770 hwmon: (occ) Fix division by zero in occ_show_power_1()

In the Linux kernel, the following vulnerability has been resolved: hwmon: occ Fix division by zero in occshowpower1 In occshowpower1 case 1, the accumulator is divided by updatetag without checking for zero. If no samples have been collected yet e.g. during early boot when the sensor block is...

CVE-2026-31770

The CVE-2026-31770 issue affects the Linux kernel hwmon/occ path. In occ_show_power_1(), the accumulator could be divided by update_tag without checking for zero when no samples have been collected, leading to a division-by-zero crash. A fix reuses occ_get_powr_avg() (which handles the zero-sampl...

PT-2026-36405

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A divide-by-zero flaw exists in the occ show power 1 function. In case 1 of this function, the accumulator is divided by the update tag variable without verifying if it is zero. If no...

CVE-2026-37555

An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path line 241 was fixed with sfcountt cast, but the WAV code path line 235 and close path line 167 were not. When samplesperblock int blocks int exceeds INTMAX, the 32-bit multiplication overflows before being assigned to...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011248)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011248 advisory. In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fix fout leak in hbm's runbpfprog Fix fout being fopen'ed but then not subsequently...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013176)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013176 advisory. In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fix buffer overflow in tcpbasertt Using sizeofnv or strlennv+1 is correct. Tenable h...

InduGuard_vul_poc

ICS Vulnerability PoC Library — SCAA Benchmark Support Proof-...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack through the sample and samplematrix functions in FrodoEngine.java. An attacker can recover information about the sampled noise values by observing how long Frodo key generation or encapsulation takes when it processes...