EulerOS Virtualization 2.13.1 : zlib (EulerOS-SA-2026-2155)

According to the versions of the zlib package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combinegen64 because x2nmodp can do right shifts within a loop th...

Winning the cyber marathon with Tony Giandomenico

In the high-speed world of cybersecurity, the difference between a breach and a breakthrough often comes down to endurance. Tony Giandomenico, Senior Director of Product Management with Cisco Talos, joins me to discuss how he balances the intensity of leading major product launches with the...

PT-2026-43969

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the netfilter component within the nft bitwise function. The carry propagation logic calculates the carry from the adjacent 32-bit word using BITS PER TYPEu32 - shift...

Linux Distros Unpatched Vulnerability : CVE-2026-46101

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: reject zero shift in nftbitwise Reject zero shift operands for nftbitwise left and right shift expressions during initialization. The carry propagati...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: blkiocost: fixed issues with out-of-bound shifts. Recently, running UBSAN detected a few out-of-bound shifts in the iocforgivedebts function: UBSAN: Out-of-bound shift in block/blk-iocost.c:2142:38 The shift exponent 80 is too...

CVE-2026-42217 OpenEXR: Shift exponent overflow in `readVariableLengthInteger()` (`ImfIDManifest.cpp`)

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, readVariableLengthInteger decodes a variable-length integer fro...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of restrictions on reportsize in the s32ton module. This vulnerability may lead to...

EUVD-2026-24166

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decodesigned32 in src/bacnet/bacint.c reconstructs a 32-bit signed integer from four APDU bytes using signed left shifts. When any of the four bytes has bit 7 set value ≥ 0x80, the left-shift...

CVE-2026-40279

BACnet Stack (open-source C library for embedded systems) contains a defect in decode_signed32() in src/bacnet/bacint.c where reconstructing a 32-bit signed integer from four APDU bytes via signed left shifts can overflow signed int32_t when any byte has bit 7 set (>= 0x80). This undefined beh...

iccDEV 安全漏洞

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.6 contained security vulnerabilities. These vulnerabilities were caused by specially crafted input configurations that could trigger invalid left shift...

mad-notifications (=6.0.0rc9), voicetest (>=0.20.0 <=0.42.0) +1 more potentially affected by unknown CVE via telnyx (=4.124.0)

telnyx PYPI version =4.124.0 is affected by a known vulnerability. The following packages have a transitive dependency on telnyx and may be impacted: - mad-notifications =6.0.0rc9 - voicetest =0.20.0, =0.4.0, =0.4.4 Source cves: unknown CVE Source advisory: SNYK:PYTHON-TELNYX-15790745...

GHSA-XW6W-9JJH-P9CR Scriban has Multiple Denial-of-Service Vectors via Unbounded Resource Consumption During Expression Evaluation

Summary Scriban's expression evaluation contains three distinct code paths that allow an attacker who can supply a template to cause denial of service through unbounded memory allocation or CPU exhaustion. The existing safety controls LimitToString, LoopLimit do not protect these paths, giving...

zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.

...

SUSE CVE-2026-27171

zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combinegen64 because x2nmodp can do right shifts within a loop that has no termination condition...

The Year in Wiz Research: 2025 Most Read Blogs

A look back at the cloud security investigations and vulnerabilities that defined the year, from AI breakthroughs to supply chain shifts...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001942)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001942 advisory. The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, whi...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002217)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002217 advisory. The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, whi...

CVE-2022-33067

Lrzip v0.651 was discovered to contain multiple invalid arithmetic shifts via the functions getmagic in lrzip.c and Predictor::init in libzpaq/libzpaq.cpp. These vulnerabilities allow attackers to cause a Denial of Service via unspecified vectors...

Are We Ready to Be Governed by Artificial Intelligence?

Artificial Intelligence AI overlords are a common trope in science-fiction dystopias, but the reality looks much more prosaic. The technologies of artificial intelligence are already pervading many aspects of democratic government, affecting our lives in ways both large and small. This has occurr...

CLSA-2025-1766617167 kernel: Fix of 27 CVEs

xfrm: Duplicate SPI Handling CVE-2025-39965 - xfrm: state: use atomicincnotzero to increment refcount - padata: Fix pd UAF once and for all CVE-2025-38584 - padata: Remove broken queue flushing CVE-2023-52854 - padata: ensure padatadoserial runs on the correct CPU - Bluetooth: L2CAP: Fix...