13002 matches found
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: i40e: Fixed the issue of freeing uninitialized misc IRQ vectors When the VSI setup failed in i40eprobe, as part of the PF switch setup, the driver tried to free misc IRQ vectors in i40eclearinterruptscheme, resulting in a kernel...
Astra Linux – Vulnerability in libde265
It was discovered that Libde265 v1.0.11 contains a heap buffer overflow issue, due to the use of the derivecollocatedmotionvectors function in the motion.cc file...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: gve: Added NULL pointer checks when freeing irqs. When freeing notification blocks, we index priv-msixvectors. If we fail to allocate priv-msixvectors see abortwithmsixvectors, this could lead to a NULL pointer dereferencing if t...
Malicious code in ethers-wallet-packages (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector beda1480a40189cc8177ace4e3d6fd9773ad81f4cbe5a6c07e3004427846dc8d The package impersonates the legitimate @ethersproject/wallet source files are otherwise verbatim copies, including the internal version string...
EUVD-2026-30487
The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the public catalogue UI served at GET / file internal/api/handlers/v0/uiindex.html is vulnerable to stored cross-site scripting via the server.websiteUrl field of any published...
Toward Securing AI Agents like Operating Systems
Autonomous agents based on large language models LLMs are rapidly emerging as a general-purpose technology, with recent systems such as OpenClaw extending their capabilities through broad tool use, third-party skills, and deeper integration into user environments. At the same time, these agentic...
EUVD-2026-29991
An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-41957
An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-41957 BIG-IP and BIG-IQ Configuration utility vulnerability
An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
PT-2026-40665
Name of the Vulnerable Software and Affected Versions BIG-IP versions prior to 17.1.3.1 BIG-IQ versions prior to 17.5.1.4 Description An authenticated remote code execution issue exists in the BIG-IP and BIG-IQ Configuration utility. This flaw is caused by deserialization, a process where data is...
SUSE CVE-2014-0598
Directory traversal vulnerability in iPrint in Novell Open Enterprise Server OES 11 SP1 before Maintenance Update 9151 on Linux has unspecified impact and remote attack vectors...
AI Native Asset Intelligence
Modern security environments generate fragmented signals across cloud resources, identities, configurations, and third-party security tools. Although AI-native security assistants improve access to this data, they remain largely reactive: users must ask the right questions and interpret...
EUVD-2026-28754
In the Linux kernel, the following vulnerability has been resolved: nvme-pci: Fix race bug in nvmepollirqdisable In the following scenario, pdev can be disabled between 1 and 3 by 2. This sets pdev-msixenabled = 0. Then, pciirqvector will return MSI-X IRQ15 for 1 whereas return INTx IRQcqvector...
CVE-2026-44500
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0, prior to zebra-chain version 7.0.0, and prior to zebra-network version 6.0.0, several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter...
CVE-2026-43448
In the Linux kernel, the following vulnerability has been resolved: nvme-pci: Fix race bug in nvmepollirqdisable In the following scenario, pdev can be disabled between 1 and 3 by 2. This sets pdev-msixenabled = 0. Then, pciirqvector will return MSI-X IRQ15 for 1 whereas return INTx IRQcqvector...
CVE-2026-43448 nvme-pci: Fix race bug in nvme_poll_irqdisable()
In the Linux kernel, the following vulnerability has been resolved: nvme-pci: Fix race bug in nvmepollirqdisable In the following scenario, pdev can be disabled between 1 and 3 by 2. This sets pdev-msixenabled = 0. Then, pciirqvector will return MSI-X IRQ15 for 1 whereas return INTx IRQcqvector...
SUSE CVE-2015-1346
Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, as used in Google Chrome before 40.0.2214.91, allow attackers to cause a denial of service or possibly have other impact via unknown vectors...
On the Security of Research Artifacts
Research artifacts are widely shared to support reproducibility, and artifact evaluation AE has become common at many leading conferences. However, AE mainly checks whether artifacts work as claimed and can be reproduced. It largely overlooks potential security risks. Since these artifacts are...
Zebra Vulnerable to Allocation Amplification in Inbound Network Deserializers
CVE-2026-44500: Allocation Amplification in Inbound Network Deserializers Summary Several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter protocol or consensus limits were enforced. An unauthenticated or...
Heimdallr: Characterizing and Detecting LLM-Induced Security Risks in GitHub CI Workflows
GitHub Continuous Integration CI workflows increasingly integrate Large Language Models LLMs to automate review, triage, content generation, and repository maintenance. This creates a new attack surface: externally controllable workflow inputs can shape LLM prompts and outputs, which may in turn...