CVE-2026-43319

CVE-2026-43319 affects the Linux kernel spidev driver. The vulnerability stemmed from inverted lock ordering between spi_lock and buf_lock across code paths (write/read use buf_lock then spi_lock; ioctl uses spi_lock then buf_lock), enabling potential deadlocks in multi-threaded access. The fix u...

Automatic Simplification of Common Vulnerabilities and Exposures Descriptions

Understanding cyber security is increasingly important for individuals and organizations. However, a lot of information related to cyber security can be difficult to understand to those not familiar with the topic. In this study, we focus on investigating how large language models LLMs could be...

An authorized user may disable the MongoDB server by issuing a certain type of complex query due to boolean expression simplification

Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash...

CVE-2026-1850 An authorized user may disable the MongoDB server by issuing a certain type of complex query due to boolean expression simplification

Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash...

CVE-2026-1850 An authorized user may disable the MongoDB server by issuing a certain type of complex query due to boolean expression simplification

Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash...

SUSE CVE-2025-71130

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Zero-initialize the eb.vma array in i915gemdoexecbuffer Initialize the eb.vma array with values of 0 when the eb structure is first set up. In particular, this sets the eb-vmai.vma pointers to NULL, simplifying...

EUVD-2024-2007

Malicious code in bioql PyPI...

EUVD-2025-12867

Malicious code in bioql PyPI...

EUVD-2024-53800

Malicious code in bioql PyPI...

EUVD-2024-53300

Malicious code in bioql PyPI...

SUSE CVE-2025-39677

In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal This issue applies for the following qdiscs: hhf, fq, fqcodel, and fqpie, and occurs in their change handlers when adjusting to the new limit. The problem is the following...

A new type of long-lived key on AWS: Bedrock API keys

New AWS Bedrock keys simplify authentication while raising security considerations...

JsDeObsBench: Measuring and Benchmarking LLMs for JavaScript Deobfuscation

Deobfuscating JavaScript JS code poses a significant challenge in web security, particularly as obfuscation techniques are frequently used to conceal malicious activities within scripts. While Large Language Models LLMs have recently shown promise in automating the deobfuscation process,...

CVE-2022-50066 net: atlantic: fix aq_vec index out of range error

In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix aqvec index out of range error The final update statement of the for loop exceeds the array range, the dereference of self-aqveci is not checked and then leads to the index out of range error. Also fixed this...

SUSE-SU-2025:20373-1 Security update for elemental-toolkit

This update for elemental-toolkit fixes the following issues: - Updated to v2.2.3: Adapted .golangci.yml format to a new version Simplified podman calls in CI steup Switched GHA runners to Ubuntu 24.04 Updated year in headers Vendored go.mod libraries CVE-2025-22870: golang.org/x/net/proxy: Fixed...

osbuild-composer security update

132.2-1.0.1 - Switch to UEKR8 repositories for OL9.6 Orabug: 37962207 - Add support to create OpenScap images JIRA: OLDIS-35301 - Simplify repository names JIRA: OLDIS-35893 - Refactor patches to fix some naming and set a correct kernel for Oracle Linux Orabug: 37253643 - Support using OCI...

Dynamic Graph-Based Fingerprinting of In-Browser Cryptomining

The decentralized and unregulated nature of cryptocurrencies, combined with their monetary value, has made them a vehicle for various illicit activities. One such activity is cryptojacking, an attack that uses stolen computing resources to mine cryptocurrencies without consent for profit...

CVE-2024-58034

CVE-2024-58034 in the Linux kernel fixes an OF node reference bug in memory: tegra20-emc. The issue arises when tegra_emc_find_node_by_ram_code() releases some device nodes while still in use, potentially causing use-after-free (UAF). The description states that the emc-tables node is a child wit...

CVE-2022-49445

In the Linux kernel, the following vulnerability has been resolved: pinctrl: renesas: core: Fix possible null-ptr-deref in shpfcmapresources It will cause null-ptr-deref when using 'res', if platformgetresource returns NULL, so move using 'res' after devmioremapresource that will check it to avoi...

CVE-2024-49569

In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: unquiesce adminq before destroy it Kernel will hang on destroy adminq while we create ctrl failed, such as following calltrace: PID: 23644 TASK: ff2d52b40f439fc0 CPU: 2 COMMAND: "nvme" 0 ff61d23de260fb78 schedule at...