CVE-2025-12131

A truncated 802.15.4 packet can lead to an assert, resulting in a denial of service...

CVE-2020-37133 UltraVNC Launcher 1.2.4.0 - 'RepeaterHost' Denial of Service

UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allows attackers to crash the application. Attackers can paste an overly long string of 300 characters into the Repeater Host property to trigger an application crash...

CVE-2020-37133 UltraVNC Launcher 1.2.4.0 - 'RepeaterHost' Denial of Service

UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allows attackers to crash the application. Attackers can paste an overly long string of 300 characters into the Repeater Host property to trigger an application crash...

CVE-2026-23101

In the Linux kernel, the following vulnerability has been resolved: leds: led-class: Only Add LED to ledslist when it is fully ready Before this change the LED was added to ledslist before ledinitcore gets called adding it the list before ledclassdev.setbrightnesswork gets initialized. This leave...

UBUNTU-CVE-2026-23101

In the Linux kernel, the following vulnerability has been resolved: leds: led-class: Only Add LED to ledslist when it is fully ready Before this change the LED was added to ledslist before ledinitcore gets called adding it the list before ledclassdev.setbrightnesswork gets initialized. This leave...

CVE-2026-23067

In the Linux kernel, the following vulnerability has been resolved: iommu/io-pgtable-arm: fix sizet signedness bug in unmap path armlpaeunmap returns sizet but was returning -ENOENT negative error code when encountering an unmapped PTE. Since sizet is unsigned, -ENOENT typically -2 becomes a huge...

CVE-2026-23101

In the Linux kernel, the following vulnerability has been resolved: leds: led-class: Only Add LED to ledslist when it is fully ready Before this change the LED was added to ledslist before ledinitcore gets called adding it the list before ledclassdev.setbrightnesswork gets initialized. This leave...

EUVD-2026-5441

In the Linux kernel, the following vulnerability has been resolved: leds: led-class: Only Add LED to ledslist when it is fully ready Before this change the LED was added to ledslist before ledinitcore gets called adding it the list before ledclassdev.setbrightnesswork gets initialized. This leave...

CVE-2026-23101 leds: led-class: Only Add LED to leds_list when it is fully ready

In the Linux kernel, the following vulnerability has been resolved: leds: led-class: Only Add LED to ledslist when it is fully ready Before this change the LED was added to ledslist before ledinitcore gets called adding it the list before ledclassdev.setbrightnesswork gets initialized. This leave...

CVE-2026-23101 leds: led-class: Only Add LED to leds_list when it is fully ready

In the Linux kernel, the following vulnerability has been resolved: leds: led-class: Only Add LED to ledslist when it is fully ready Before this change the LED was added to ledslist before ledinitcore gets called adding it the list before ledclassdev.setbrightnesswork gets initialized. This leave...

CVE-2026-23101

The CVE-2026-23101 issue affects the Linux kernel LED subsystem. The root cause is a race where an LED was added to leds_list before led_init_core() and before led_classdev.set_brightness_work is initialized. This could allow a default-trigger LED to call led_trigger_set() and queue an uninitiali...

Trojan Attacks on Neural Network Controllers for Robotic Systems

Neural network controllers are increasingly deployed in robotic systems for tasks such as trajectory tracking and pose stabilization. However, their reliance on potentially untrusted training pipelines or supply chains introduces significant security vulnerabilities. This paper investigates...

CVE-2025-64438

CVE-2025-64438 affects Fast DDS, a C++ implementation of the DDS standard. The issue is an Out-of-Memory (OOM) denial-of-service triggered remotely when processing RTPS GAP submessages under RELIABLE QoS: sending a GAP packet with a huge gap range causes StatefulReader::processGapMsg() to loop un...

DF-LoGiT: Data-Free Logic-Gated Backdoor Attacks in Vision Transformers

The widespread adoption of Vision Transformers ViTs elevates supply-chain risk on third-party model hubs, where an adversary can implant backdoors into released checkpoints. Existing ViT backdoor attacks largely rely on poisoned-data training, while prior data-free attempts typically require...

CVE-2025-7964

After receiving a malformed 802.15.4 MAC Data Request the Zigbee Coordinator sends a ‘network leave’ request to Zigbee router resulting in the Zigbee Router getting stuck in a non-rejoinable state. If a suitable parent is not available, the end devices will be unable to rejoin. A manual...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005106)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005106 advisory. In the Linux kernel, the following vulnerability has been resolved: leds: trigger: Unregister sysfs attributes before calling deactivate Triggers which have trigger...

CVE-2026-1446

There is a Cross‑Site Scripting XSS issue in Esri ArcGIS Pro versions 3.6.0 and earlier. ArcGIS Pro is a desktop application, and exploitation is limited to local users interacting with the application; no privileged role or elevated permissions are required beyond standard local user access. A...

📄 macOS 10.13.4 Heap Overflow

Proof of concept exploit for an old macOS version 10.13.4 heap overflow vulnerability. A kernel heap overflow exists in fgetattrlist due to missing lower-bound buffer size validation when writing returned attributes to caller-supplied memory. When triggered it causes a kernel panic...

Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-27063)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27063 advisory. - In the Linux kernel, the following vulnerability has been resolved: leds: trigger: netdev: Fix kerne...

CVE-2026-23517

Fleet (open source device management software) has a broken access control vulnerability in debug/pprof endpoints that allows any authenticated user, including the lowest-privilege Observer role, to access internal server diagnostics and trigger CPU-intensive profiling operations. This affects ve...