449 matches found
MAL-2026-4086 Malicious code in @antv/stat (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: ftrace: Avoid potential division by zero in functionstatshow Check whether denominator expression x x - 1 1000 mod 2^32, 2^64 produce zero and skip stddev computation in that case. For now don't care about rec-counter rec-counter...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: RDMA/nldev: Prevent underflow in nldevstatsetcounterdynamicdoit. This code checks that the “index” has an upper limit, but it does not check for negative values. Changing the data type to unsigned will prevent underflow issues...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: afs: Fix dynamic root getattr The recent patch to make afsgetattr consult the server didn't account for the pseudo-inodes employed by the dynamic root-type afs superblock not having a volume or a server to access, and thus an oop...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery During chip recovery e.g. chip reset, there is a possible situation that kernel worker resetwork is holding the lock and waiting for kernel thread statworker to b...
Exploit for Command Injection in Github Enterprise_Server
CVE-2026-3854 PoC — GitHub RCE via X-Stat Push Option Injectio...
SUSE CVE-2026-31652
In the Linux kernel, the following vulnerability has been resolved: mm/damon/stat: deallocate damoncall failure leaking damonctx damonstatstart always allocates the module's damonctx object damonstatcontext. Meanwhile, if damoncall in the function fails, the damonctx object is not deallocated...
CVE-2026-31652
A flaw was found in the Linux kernel. When the damonstatstart function fails to complete its operation, a memory leak can occur. If a user attempts to re-enable the DAMON Data Access MONitor feature, previously allocated memory for the damonctx object is not properly deallocated, leading to a...
DEBIAN-CVE-2026-31652
In the Linux kernel, the following vulnerability has been resolved: mm/damon/stat: deallocate damoncall failure leaking damonctx damonstatstart always allocates the module's damonctx object damonstatcontext. Meanwhile, if damoncall in the function fails, the damonctx object is not deallocated...
CVE-2026-31652
In the Linux kernel, the following vulnerability has been resolved: mm/damon/stat: deallocate damoncall failure leaking damonctx damonstatstart always allocates the module's damonctx object damonstatcontext. Meanwhile, if damoncall in the function fails, the damonctx object is not deallocated...
EUVD-2026-25545
In the Linux kernel, the following vulnerability has been resolved: mm/damon/stat: deallocate damoncall failure leaking damonctx damonstatstart always allocates the module's damonctx object damonstatcontext. Meanwhile, if damoncall in the function fails, the damonctx object is not deallocated...
CVE-2026-31652 mm/damon/stat: deallocate damon_call() failure leaking damon_ctx
In the Linux kernel, the following vulnerability has been resolved: mm/damon/stat: deallocate damoncall failure leaking damonctx damonstatstart always allocates the module's damonctx object damonstatcontext. Meanwhile, if damoncall in the function fails, the damonctx object is not deallocated...
CVE-2026-31652
The CVE-2026-31652 issue is in the Linux kernel’s DAMON feature. When damon_stat_start() allocates damon_ctx and damon_call() subsequently fails, the damon_ctx object is not deallocated, causing a memory leak if DAMON is re-enabled. The leak is not resolved by deallocating after damon_call() fail...
PT-2026-35004
In the Linux kernel, the following vulnerability has been resolved: mm/damon/stat: deallocate damon call failure leaking damon ctx damon stat start always allocates the module's damon ctx object damon stat context. Meanwhile, if damon call in the function fails, the damon ctx object is not...
EUVD-2026-25022
A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms e.g., ln SOURCE... DIRECTORY. While GNU ln treats filenames as raw bytes and creates the links correctly, the uutils implementation...
uutils coreutils has an Improper Handling of Unicode Encoding Issue
A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms e.g., ln SOURCE... DIRECTORY. While GNU ln treats filenames as raw bytes and creates the links correctly, the uutils implementation...
CVE-2026-35373 uutils coreutils ln Local Denial of Service via Improper Handling of Non-UTF-8 Filenames
A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms e.g., ln SOURCE... DIRECTORY. While GNU ln treats filenames as raw bytes and creates the links correctly, the uutils implementation...
PT-2026-34509
A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms e.g., ln SOURCE... DIRECTORY. While GNU ln treats filenames as raw bytes and creates the links correctly, the uutils implementation...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007430)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007430 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/proc: dotaskstat: use sig-statslock to gather the threads/children stats locktasksighand can...
JLSEC-2026-112 Deno's --deny-read check does not prevent permission bypass
Summary Deno.FsFile.prototype.stat and Deno.FsFile.prototype.statSync are not limited by the permission model check --deny-read=./. It's possible to retrieve stats from files that the user do not have explicit read access to the script is executed with --deny-read=./ Similar APIs like Deno.stat a...