CVE-2026-45619

WWBN AVideo is an open source video platform. In 29.0 and earlier, EpgParser.php, plugin/AI/receiveAsync.json.php, and other locations do not use the $resolvedIP out-param of isSSRFSafeURL for DNS pinning via CURLOPTRESOLVE, opening DNS-rebinding TOCTOU...

SUSE-SU-2026:21727-1 Security update for util-linux

This update for util-linux fixes the following issue - CVE-2026-27456: TOCTOU in the mount program when setting up loop devices bsc1261606...

CVE-2026-41488

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's urltosize helper used by getnumtokensfrommessages for image token counting validated URLs for SSRF protection and then fetched them in a separate network operation with independent DNS...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38112)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38112 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: Fix TOCTOU issue in skisreadable...

CVE-2019-20000

The malware scan function in BullGuard Premium Protection 20.0.371.8 has a TOCTOU issue that enables a symbolic link attack, allowing privileged files to be deleted...

RLSA-2025:15011 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: netsched: hfsc: Fix a potential UAF in hfscdequeue too CVE-2025-37823 kernel: i40e: fix MMIO write access to an invalid page in i40eclearhw CVE-2025-38200 kernel: RDMA/iwcm: Fix...

RockyLinux 9 : kernel (RLSA-2025:15011)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:15011 advisory. kernel: netsched: hfsc: Fix a potential UAF in hfscdequeue too CVE-2025-37823 kernel: i40e: fix MMIO write access to an invalid page in i40eclearhw...

EUVD-2021-1793

Malware in sbrugna...

EUVD-2017-15357

Malware in sbrugna...

EUVD-2016-1591

Malware in sbrugna...

EUVD-2019-10557

Malware in sbrugna...

RockyLinux 10 : tomcat9 (RLSA-2025:11332)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:11332 advisory. tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337 tomcat: Apache Tomcat: DoS via malformed HTTP/2...

EUVD-2025-19831

Malicious code in bioql PyPI...

EUVD-2023-23818

Malicious code in bioql PyPI...

EUVD-2022-0956

Malicious code in bioql PyPI...

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2025-38462

CVE-2025-38462 affects the Linux kernel vsock subsystem. Root cause is a TOCTOU race in vsock_find_cid() and vsock_dev_do_ioctl() with module unload, where transport_g2h/h2g can become NULL after a NULL check, causing null-pointer derefs. The patch adds vsock_transport_local_cid() to guard agains...

CVE-2025-38462 vsock: Fix transport_{g2h,h2g} TOCTOU

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transportg2h,h2g TOCTOU vsockfindcid and vsockdevdoioctl may race with module unload. transportg2h,h2g may become NULL after the NULL check. Introduce vsocktransportlocalcid to protect from a potential null-ptr-deref...

CVE-2025-38112

In the Linux kernel, the following vulnerability has been resolved: net: Fix TOCTOU issue in skisreadable sk-skprot-sockisreadable is a valid function pointer when sk resides in a sockmap. After the last skpsockput which usually happens when socket is removed from sockmap, sk-skprot gets restored...

CVE-2025-38112

In the Linux kernel, the following vulnerability has been resolved: net: Fix TOCTOU issue in skisreadable sk-skprot-sockisreadable is a valid function pointer when sk resides in a sockmap. After the last skpsockput which usually happens when socket is removed from sockmap, sk-skprot gets restored...