JLSEC-2026-472

A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust...

UBUNTU-CVE-2026-31662

In the Linux kernel, the following vulnerability has been resolved: tipc: fix bcackers underflow on duplicate GRPACKMSG The GRPACKMSG handler in tipcgroupprotorcv currently decrements bcackers on every inbound group ACK, even when the same member has already acknowledged the current broadcast...

CVE-2026-4545

A security flaw has been discovered in Flos Freeware Notepad2 4.2.25. This affects an unknown function in the library PROPSYS.dll. Performing a manipulation results in uncontrolled search path. The attack is only possible with local access. The attack is considered to have high complexity. The...

CVE-2026-20629

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data...

MAL-2026-851 Malicious code in python-files-mod (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3f9a5cad398dbfcea1ea0ed1a7b20c678a67941581a4562aa92703ac86ee421a Disguised as file system manipulation library, the package hides an obfuscated code to communicate with a Telegram channel. Though the usage is not known at th...

Malicious code in filespath (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 556cf54f0093609b5c80263f0ba00056293592e66eb2a212454692e9cca38a35 Disguised as file system manipulation library, the package hides an obfuscated code to communicate with a Telegram channel. Though the usage is not known at th...

MAL-2026-701 Malicious code in filespath (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 556cf54f0093609b5c80263f0ba00056293592e66eb2a212454692e9cca38a35 Disguised as file system manipulation library, the package hides an obfuscated code to communicate with a Telegram channel. Though the usage is not known at th...

MAL-2026-697 Malicious code in pathlib-v2-utility (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c8dc8b60e188fb941aeb9f5b6207d2c0fcab27719a142558498bf72d1602d992 Disguised as file system manipulation library, the package hides an obfuscated code to communicate with a Telegram channel. Though the usage is not known at th...

Malicious code in pathfiles (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a96d53709493a07432f8619b9ca322fef0fb4bf9080a02da7e8f6bc03353b3c0 Disguised as file system manipulation library, the package hides an obfuscated code to communicate with a Telegram channel. Though the usage is not known at th...

EUVD-2021-29830

Malicious code in bioql PyPI...

EUVD-2025-14036

Malicious code in bioql PyPI...

Unexpected paths returned from LookPath in os/exec

...

CVE-2025-53078

Deserialization of Untrusted Data in Samsung DMSData Management Server allows attackers to execute arbitrary code via write file to system...

CVE-2025-47823

Flock Safety LPR License Plate Reader devices with firmware through 2.2 have a hardcoded password for a system...

CVE-2025-45797

TOTOlink A950RG V4.1.2cu.5204B20210112 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the NoticeUrl parameter in the setNoticeCfg interface of /lib/cstemodules/system.so...

CVE-2025-45798

A command execution vulnerability exists in the TOTOLINK A950RG V4.1.2cu.5204B20210112. The vulnerability is located in the setNoticeCfg interface within the /lib/cstemodules/system.so library, specifically in the processing of the IpTo parameter...

TOTOLINK A950RG 安全漏洞

The TOTOLINK A950RG is an ultra-generation Giga wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A950RG suffers from a buffer overflow vulnerability that originates from the failure of the setNoticeCfg interface NoticeUrl parameter in /lib/cstemodules/system.so to correctly...

USN-7303-1 linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Drivers cor...

K000148691: qt vulnerabilities CVE-2022-25634 and CVE-2020-0570

Security Advisory Description CVE-2022-25634 Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. CVE-2020-0570 Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable...

expat security update

An update is available for expat. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Expat is a C library for parsing XML documents. Security Fixes: libexpat: expat...