Malicious Package

Overview @databus-service-ui/ui-event is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview @service-suppliers/fetchsuppliersactionsaga is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

Malicious Package

Overview @service-suppliers/fetch-suppliers-watcher-saga is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

New AI Usage Report: Enterprise AI Risk Is Heavily Concentrated Among a Small Group of AI "Power users"

State of AI Usage Report 2026 full report here by LayerX Security reveals the extent of the enterprise AI visibility gap and why most organizations still don't understand where their AI exposure is actually coming from. The research shows that enterprise AI risk is not distributed evenly across...

UBUNTU-CVE-2026-46129

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free in createspaceinfo error path When kobjectinitandadd fails, the call chain is: createspaceinfo - btrfssysfsaddspaceinfotype - kobjectinitandadd - failure - kobjectput&spaceinfo-kobj - spaceinforelease -...

UBUNTU-CVE-2026-46181

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix mis-use of RCU in mlx4srqevent Sashiko points out the radixtree itself is RCU safe, but nothing ever frees the mlx4srq struct with RCU, and it isn't even accessed within the RCU critical section. It also will crash...

CVE-2026-46181 RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix mis-use of RCU in mlx4srqevent Sashiko points out the radixtree itself is RCU safe, but nothing ever frees the mlx4srq struct with RCU, and it isn't even accessed within the RCU critical section. It also will crash...

CVE-2026-46181

Summary: CVE-2026-46181 concerns the Linux kernel RDMA/mlx4 component. The root cause is improper use of Read-Copy Update (RCU) in mlx4_srq_event(), which could allow a race where an event is delivered before the srq object is fully initialized, potentially crashing the system. The documented fix...

CVE-2026-46168

The CVE-2026-46168 issue affects the Linux kernel's multipath TCP (mptcp) scheduling around timestamp sockopts. The root cause is using lock_sock_fast() (atomic context) around sock_set_timestamp() and sock_set_timestamping(), which can sleep and cause atomic-context issues. The published fixes r...

CVE-2026-9806

A stored cross-site scripting XSS vulnerability exists in the notification panel of CTI Transmute in versions prior to the patched release. Notification messages containing user-controlled convert names were rendered in the notification bell dropdown using innerHTML without adequate sanitization...

Hands-on-Exploitation

No d...

SUSE CVE-2026-45909

In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Drop initconst from gates Since commit 8ceff24a754a "clk: mediatek: clk-gate: Refactor mtkclkregistergate to use mtkgate struct" the mtkgate structs are no longer just used for initialization/registration, but also...

SUSE CVE-2026-45959

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree Annotating a local pointer variable, which will be assigned with the kmalloc-family functions, with the cleanupkfree attribute will make the address of the local...

CVE-2026-5737

The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.14.9. This is due to a public tracking route at /wp-json/iawp/search that accepts attacker-controlled referrerurl values when the signature matches, combined with a...

PT-2026-44399

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.12.1 Description An attacker can craft a PDF file that causes excessive memory consumption during the parsing of large XMP metadata, which may contain numerous unnecessary elements. Recommendations Update to version...

PT-2026-44628

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description An uninitialized use in the GPU allows a remote attacker who has compromised the renderer process to leak cross-origin data through a crafted HTML page. Recommendations Upda...

PT-2026-44723

Name of the Vulnerable Software and Affected Versions OpenTelemetry Go affected versions not specified Description A denial-of-service issue exists due to the removal of raw-length rejection during baggage header parsing. The Parse function processes arbitrarily large or invalid baggage headers a...

PT-2026-44392

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.12.0 Description A flaw in the pure-python PDF library allows an attacker to craft a PDF file that causes excessive memory consumption. This occurs when extracting text in layout mode using large character offsets...

pypdf 资源管理错误漏洞

pypdf is an open-source, free Python library developed by py-pdf. It allows for splitting, merging, cropping, and converting pages within PDF files. Prior to version 6.12.0, pypdf had a resource management vulnerability caused by the use of large character offsets when extracting text in layout...

CVE-2026-47270

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pamusb is a PAM module loaded into the host process sudo, login, GDM, GNOME Shell. Display managers such as GDM run multiple concurrent authentication threads. Three functions used by the denyremote...