12255 matches found
CVE-2026-31893
Tunnelblick is an open source graphic user interface for OpenVPN on macOS. In versions 3.3beta26 through 9.0beta01, any local user can read arbitrary root-owned files by exploiting a symlink following vulnerability in tunnelblick-helper, reachable through the world-accessible tunnelblickd Unix...
CVE-2026-31893
Tunnelblick is an open source graphic user interface for OpenVPN on macOS. In versions 3.3beta26 through 9.0beta01, any local user can read arbitrary root-owned files by exploiting a symlink following vulnerability in tunnelblick-helper, reachable through the world-accessible tunnelblickd Unix...
CVE-2026-31893
CVE-2026-31893 describes a symlink-following vulnerability in Tunnelblick on macOS. From versions 3.3beta26 through 9.0beta01, a local user can cause tunnelblick-helper to read a root-owned file by leveraging a symlink to a target file via the world-accessible tunnelblickd Unix socket (mode 0666)...
EUVD-2026-27434
Tunnelblick is an open source graphic user interface for OpenVPN on macOS. In versions 3.3beta26 through 9.0beta01, any local user can read arbitrary root-owned files by exploiting a symlink following vulnerability in tunnelblick-helper, reachable through the world-accessible tunnelblickd Unix...
Allocation of Resources Without Limits or Throttling
Overview org.webjars.npm:phoenix is a The official JavaScript client for the Phoenix web framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Elixir.Phoenix.Transports.LongPoll POST requests handling with Content-Type:...
Allocation of Resources Without Limits or Throttling
Overview phoenix is a The official JavaScript client for the Phoenix web framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Elixir.Phoenix.Transports.LongPoll POST requests handling with Content-Type: application/x-ndjson. A...
Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel
CVE-2026-31431: Detection & Defense Against iouring Bypass of...
SUSE-SU-2026:21491-1 Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise Micro 6.0)
This update for the SUSE Linux Enterprise Kernel 6.4.0-36.1 fixes various security issues The following security issues were fixed: - CVE-2025-39977: futex: Prevent use-after-free during requeue-PI bsc1252048. - CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting ...
Axios has prototype pollution read-side gadgets in HTTP adapter that allow credential injection and request hijacking
Summary Five config properties in the HTTP adapter are read via direct property access without hasOwnProperty guards, making them exploitable as prototype pollution gadgets. When Object.prototype is polluted by another dependency in the same process, axios silently picks up these polluted values ...
GHSA-Q8QP-CVCW-X6JJ Axios has prototype pollution read-side gadgets in HTTP adapter that allow credential injection and request hijacking
Summary Five config properties in the HTTP adapter are read via direct property access without hasOwnProperty guards, making them exploitable as prototype pollution gadgets. When Object.prototype is polluted by another dependency in the same process, axios silently picks up these polluted values ...
kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service
A flaw was found in the Linux kernel's bonding driver. A local attacker with low privileges could exploit a use-after-free vulnerability in the bondxmitbroadcast function. This occurs due to a race condition during concurrent slave enslave/release operations, which can lead to the original socket...
Exploit for CVE-2025-68930
🔍 Análisis del CVE-2025-68930: Vulnerabilidad de Secuestro de...
Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel
CVE-2026-31431 Linux Privileg...
Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel
Copy Fail · CVE-2026-31431 Local privilege escalation on Linu...
Security Bulletin: Vulnerability in Iog4j (CVE-2025-68161) affects IBM PowerVM Novalink.
Summary log4j is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer...
Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel
CVE-2026-31431 — Copy Fail Linux Kernel LPE Educational rew...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fixed a potential use-after-free in hix5hd2rx. The skb is passed to npapigroreceive, which may free it. After calling this function, dereferencing the skb may trigger a use-after-free...
Astra Linux - уязвимость в linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix the issue of failing to release the skbuff in seg6inputcore. The seg6input function is responsible for adding the SRH into a packet, delegating this operation to seg6inputcore. This function uses skbcowhead to ensur...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: tls: Always refresh the queue when reading sock. After recent changes in net-next, TCP compacts skb much more aggressively. This uncovered a bug in TLS, where we might attempt to operate on an old skb when checking whether all sk...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: usbnet: Fix for NPE during rxcomplete There is a missing validation of usbnetgoingaway in the critical path. The usbsubmiturb function lacks this validation, while usbnetqueueskb includes this check. This inconsistency creates a...