345 matches found
CVE-2026-3074
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...
Needles at Scale: LLM-Assisted Target Selection for Windows Vulnerability Research
The attack surface of a modern operating system is a haystack: thousands of signed binaries and millions of functions, almost none relevant to any given vulnerability. A human analyst or an LLM agent must pick the function worth reading before analyzing it. At whole-OS scope, this target selectio...
GHSA-M5Q2-4FM3-VFQP vm2 has a sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks
Summary vm2 3.11.2 Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Node.js cross-realm symbols. Combined with the bridge's set/defineProperty/deleteProperty traps having no isDangerousCrossRealmSymbol key check, sandbox code can obtain real cross-realm symbols, write them...
vm2 has a sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks
Summary vm2 3.11.2 Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Node.js cross-realm symbols. Combined with the bridge's set/defineProperty/deleteProperty traps having no isDangerousCrossRealmSymbol key check, sandbox code can obtain real cross-realm symbols, write them...
Incomplete List of Disallowed Inputs
Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs through Symbol.for handling in lib/setup-sandbox.js and the bridge write traps in lib/bridge.js...
Linux Distros Unpatched Vulnerability : CVE-2026-3074
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have...
Astra Linux - уязвимость в binutils
A vulnerability was discovered in Binutils objdump prior to version 2.39.3. Attackers can exploit this vulnerability to cause a denial of service or other unspecified impacts through the function comparesymbols...
Astra Linux - уязвимость в pypy
A issue was discovered in Python versions 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module incorrectly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of check on the From/To...
Astra Linux - уязвимость в binutils
A issue was discovered in elflinkinputbfd within elflink.c, part of the Binary File Descriptor BFD library also known as libbfd, as included in GNU Binutils 2.31. There is a NULL pointer dereferencing issue in elflinkinputbfd when it is used to find STTTLS symbols without a TLS section present. A...
Astra Linux - уязвимость в libx11
A vulnerability was discovered in libX11 due to a boundary condition within the XkbReadKeySyms function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system...
Astra Linux - уязвимость в binutils
A vulnerability was discovered in GNU Binutils 2.45. The affected function is elflinkaddobjectsymbols in the file bfd/elflink.c of the Linker component. This vulnerability leads to out-of-bounds read attacks. The attack can be carried out locally. The exploit has been made public and can be...
Malicious code in crypto-javascript (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee2e9ca362c982e5c75ed96c626b87ca91d85fb6cb52c89c7a8def86851017b8 Package name typosquats the widely-used crypto-js library and mirrors its API surface, README, and repository references to appear legitimate...
CVE-2026-7504
A flaw was found in Keycloak's URL validation logic during redirect operations. By crafting a malicious request, an attacker could bypass validation to redirect users to unauthorized URLs, potentially leading to the exposure of sensitive information within the domain or facilitating further...
PT-2026-41879
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in the URL validation logic during redirect operations allows an attacker to bypass validation and redirect users to unauthorized URLs. This occurs when Keycloak clients are configure...
BIT-GITLAB-2026-3074 Authorization Bypass Through User-Controlled Key in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...
CVE-2026-3074
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...
CVE-2026-3074
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...
UBUNTU-CVE-2026-3074
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...
EUVD-2026-30225
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...
CVE-2026-3074
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...