@hulumi/policies: CIS 1.16 admin policy bypass for inline and attached IAM policies

Impact: @hulumi/policies versions before 1.3.2 did not fully inspect inline and attached IAM policy evidence for the administrator-policy guardrail, so some admin-equivalent policy paths could pass policy evaluation. Patched in 1.3.2: the validator inspects the affected policy shapes and includes...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate command request size In commit 2b9b8f3b68ed “ksmbd: validate command payload size”, except for the SMB2OPLOCKBREAKHE command, the request size of other commands is not checked—this is not expected. This issue was...

EUVD-2026-25500

In the Linux kernel, the following vulnerability has been resolved: usbip: validate numberofpackets in usbippackretsubmit When a USB/IP client receives a RETSUBMIT response, usbippackretsubmit unconditionally overwrites urb-numberofpackets from the network PDU. This value is subsequently used as...

CVE-2026-28402

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.2.2, a malicious or compromised validator that is elected as proposer can publish a macro block proposal where header.bodyroot does not match the...

SUSE CVE-2026-24484

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS. Versions 7.1.2-15 and 6.9.13-40 contain a patch...

SUSE CVE-2023-54129

In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Add validation for lmac type Upon physical link change, firmware reports to the kernel about the change along with the details like speed, lmactypeid, etc. Kernel derives lmactype based on lmactypeid received from...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-986287)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986287 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: ep0: fix NULL pointer exception There is no validation of the index from dwc3wIndextod...

EUVD-2022-4047

Malicious code in bioql PyPI...

EUVD-2023-36923

Malicious code in bioql PyPI...

EUVD-2023-24999

Malicious code in bioql PyPI...

Exploit for Origin Validation Error in Edex-Ui_Project Edex-Ui

CVE-2023-30856 Security Patch for eDEX-UI ⚠️ Critical Secu...

CVE-2025-48486

FreeScout (PHP/Laravel) has an XSS flaw prior to version 1.8.180 due to insufficient input validation/sanitization in Session::flash and __, allowing user input to execute in the browser. The vulnerability is patched in 1.8.180. No exploit details or attack vectors are provided beyond this; remed...

CVE-2025-48485 FreeScout Vulnerable to Stored XSS

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting XSS attacks due to incorrect input validation and sanitization of user-input data when an authenticated user updates the profile of an arbitrary customer...

CVE-2025-48478

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, insufficient input validation during user creation has resulted in a mass assignment vulnerability, allowing an attacker to manipulate all fields of the object, which are enumerated in the $fillable array the...

CVE-2024-20103

In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09001358; Issue ID: MSV-1599...

CVE-2022-35981

TensorFlow is an open source platform for machine learning. FractionalMaxPoolGrad validates its inputs with CHECK failures instead of with returning errors. If it gets incorrectly sized inputs, the CHECK failure can be used to trigger a denial of service attack. We have patched the issue in GitHu...

CVE-2021-29433

Sydent is a reference Matrix identity server. In Sydent versions 2.2.0 and prior, sissing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. A patch for the vulnerability i...

CVE-2021-32643

Http4s is a Scala interface for HTTP services. StaticFile.fromUrl can leak the presence of a directory on a server when the URL scheme is not file://, and the URL points to a fetchable resource under its scheme and authority. The function returns FNone, indicating no resource, if url.getFile is a...

PT-2025-17765 · Unknown · Scss-Library

Name of the Vulnerable Software and Affected Versions: SCSS-Library versions 0.4.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows for Cross Site Request Forgery. Recommendations: For SCSS-Library versions 0.4.1 and earlier, as a temporary...

CVE-2025-22038

CVE-2025-22038 concerns the Linux kernel, specifically the ksmbd path. The issue arises when accessing psid->sub_auth[psid->num_subauth - 1] without ensuring num_subauth is non-zero, which can cause an out-of-bounds read. The provided description states the patch adds a validation step to r...