FlexRIC security vulnerabilities

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. Version FlexRIC v2.0.0 contains a security vulnerability. This vulnerability stems from reachable assert0 calls within the stub message processor, which could allow remote unauthenticated attackers to send E2AP message...

MAL-2026-4691 Malicious code in testnpmnmp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e82942b1fcdaed1a1085ad9590ef93704e276c5c5ca1622884abac014f03980f package.json declares "preinstall": "./scripts/postbuild", where scripts/postbuild is a 976,568-byte unsigned, unhashed, unversioned Linux ELF...

Malicious code in @sec-loans-ui/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da55a9be9d9f90abe00e16200ea17aa78f58643e40d872d04276453dfd8a88f9 Package is a hollow lure: index.js is a 35-byte stub module.exports = , description and author are empty, and the version is bumped to 99.9.1 — the...

MAL-2026-4432 Malicious code in @sec-loans-ui/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da55a9be9d9f90abe00e16200ea17aa78f58643e40d872d04276453dfd8a88f9 Package is a hollow lure: index.js is a 35-byte stub module.exports = , description and author are empty, and the version is bumped to 99.9.1 — the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: nexthop: Fixed a division by zero issue when replacing a resilient group. The resilient nexthop group torture tests in fibnexthop.sh exposed a possible division by zero issue when replacing a resilient group 1. The division by ze...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Install a stub fence into potential unused fence pointers. When using cpu to update page tables, VM update fences are not used. Instead, install a stub fence into these fence pointers instead of setting them to NULL...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: USB: usbip: Fix a reference count leak in stubprobe The usbgetdev function is called in stubdevicealloc. When stubprobe fails later on, usbputdev must be called to release the reference. This issue is fixed by moving usbputdev in...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: gve: Implement gettimex64 with -EOPNOTSUPP. gve has implemented a ptpclock function that exclusively uses doAuxWork. ptpClockgettime and ptpsysoffset assume that every ptpclock has implemented either gettimex64 or gettime64. A...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: gve: Implement settime64 with -EOPNOTSUPP The ptpclocksettime function assumes that every ptpclock has implemented settime64. Implement -EOPNOTSUPP as a stub to prevent NULL dereferencing...

Malicious code in @trackking/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64d51e587bc0b6508fa3d38027f18d42d9ab4b6ccdb8dd2760543e8c52d6bb18 @trackking/[email protected] is an empty stub: index.js is module.exports = , package.json has no description, no author, ISC license, and a high-number...

SUSE CVE-2026-43306

In the Linux kernel, the following vulnerability has been resolved: bpf: crypto: Use the correct destructor kfunc type With CONFIGCFI enabled, the kernel strictly enforces that indirect function calls use a function pointer type that matches the target function. I ran into the following type...

CVE-2026-43306

CVE-2026-43306 affects the Linux kernel due to bpf: crypto: Use the correct destructor kfunc type. With CONFIG_CFI enabled, indirect calls must match the target function’s pointer type. In the reported case, a CFI failure occurred at bpf_obj_free_fields while freeing a BPF crypto context, signali...

PT-2026-38948

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A type mismatch occurs in the Linux kernel when CONFIG CFI Control Flow Integrity, a security mechanism that ensures indirect function calls target the correct function type is enabled...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the icmpbuildprobe function. In this function, ipv6stub-ipv6devfind may return ERRPTR, leading to...

MAL-2026-3237 Malicious code in protocol-stub-generator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8ad6f31dc6bdf35ca55cf2a55e9124e07131de068c8ff945e62716637b6e06d1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in protocol-stub-generator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8ad6f31dc6bdf35ca55cf2a55e9124e07131de068c8ff945e62716637b6e06d1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012975)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012975 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: install stub fence into potential unused fence pointers When using cpu to update page...

The long road to your crypto: ClipBanker and its marathon infection chain

At the start of the year, a certain Trojan caught our eye due to its incredibly long infection chain. In most cases, it kicks off with a web search for "Proxifier". Proxifiers are speciaized software designed to tunnel traffic for programs that do not natively support proxy servers. They are a...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006749)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006749 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: install stub fence into potential unused fence pointers When using cpu to update page...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006575)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006575 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: install stub fence into potential unused fence pointers When using cpu to update page...