24h | 7d | 30d

Overview

  • pnggroup
  • libpng

24 Nov 2025
Published
25 Nov 2025
Updated

CVSS v3.1
MEDIUM (6.1)
EPSS
0.02%

KEV

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.

Statistics

  • 1 Post

Last activity: 18 hours ago

Bluesky

Profile picture fallback
🔍 Lambda Watchdog detected that CVE-2025-64505 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/366 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Qualcomm, Inc.
  • Snapdragon

02 Feb 2026
Published
03 Feb 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.01%

KEV

Description

Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers.

Statistics

  • 1 Post

Last activity: 1 hour ago

Fediverse

Profile picture fallback

I’m not smart enough to see how CVE-2025-47398 from the Qualcomm February security bulletin works. The patch clears a dangling entry->priv_data in kgsl_destroy_ion.

On 5.10, kgsl_destroy_ion is only called through kgsl_sharedmem_free: mainly when a kgsl_mem_entry’s reference count reaches zero: kgsl_mem_entry_destroy -> kgsl_sharedmem_free -> memdesc->ops->free,

The other calls to kgsl_sharedmem_free are on the error handling path - on those error paths, the entry is freshly created, and after the kgsl_sharedmem_free, the entry is then immediately freed too, without any way to get the entry in between.

There’s only a few places that use entry->priv_data:

  • kgsl_get_allocator, kgsl_get_egl_counts and kgsl_get_dmabuf_inode_number seem to be used by debugfs only
  • kgsl_destroy_ion itself

I can’t find anything obvious that would let me call kgsl_sharedmem_free twice.

  • 0
  • 0
  • 0
  • 1h ago

Overview

  • Pending

17 Nov 2018
Published
05 Aug 2024
Updated

CVSS
Pending
EPSS
0.17%

KEV

Description

pkg/sentry/kernel/shm/shm.go in Google gVisor before 2018-11-01 allows attackers to overwrite memory locations in processes running as root (but not escape the sandbox) via vectors involving IPC_RMID shmctl calls, because reference counting is mishandled.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 10 hours ago

Fediverse

Profile picture fallback

To compare #sydbox and #gvisor, take 2 CVEs: CVE-2018-19333, gvisor proc2proc arbitrary-memory-write which wasn't classified as sandbox break. Vuln is there because gvisor uses the seccomp-trap API to run all in a single process ignoring ASLR.. CVE-2024-42318 aka Houdini is a #landlock break where a keyrings(7) call would unlock the sandbox. Syd wasn't affected: 1. keyrings is def disabled 2. open call happens in a syd emulator thread confined by same landlock sandbox. #exherbo #linux #security

  • 1
  • 1
  • 0
  • 10h ago

Overview

  • Linux
  • Linux

17 Aug 2024
Published
03 Nov 2025
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: landlock: Don't lose track of restrictions on cred_transfer When a process' cred struct is replaced, this _almost_ always invokes the cred_prepare LSM hook; but in one special case (when KEYCTL_SESSION_TO_PARENT updates the parent's credentials), the cred_transfer LSM hook is used instead. Landlock only implements the cred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes all information on Landlock restrictions to be lost. This basically means that a process with the ability to use the fork() and keyctl() syscalls can get rid of all Landlock restrictions on itself. Fix it by adding a cred_transfer hook that does the same thing as the existing cred_prepare hook. (Implemented by having hook_cred_prepare() call hook_cred_transfer() so that the two functions are less likely to accidentally diverge in the future.)

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 10 hours ago

Fediverse

Profile picture fallback

To compare #sydbox and #gvisor, take 2 CVEs: CVE-2018-19333, gvisor proc2proc arbitrary-memory-write which wasn't classified as sandbox break. Vuln is there because gvisor uses the seccomp-trap API to run all in a single process ignoring ASLR.. CVE-2024-42318 aka Houdini is a #landlock break where a keyrings(7) call would unlock the sandbox. Syd wasn't affected: 1. keyrings is def disabled 2. open call happens in a syd emulator thread confined by same landlock sandbox. #exherbo #linux #security

  • 1
  • 1
  • 0
  • 10h ago

Overview

  • Ivanti
  • Endpoint Manager Mobile

29 Jan 2026
Published
30 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.18%

KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 16 hours ago

Fediverse

Profile picture fallback

This Ivanti Endpoint Manager Mobile (IPMM) security advisory seems to fit the timeline of the incident: forums.ivanti.com/s/article/Se

  • 1
  • 0
  • 0
  • 16h ago

Overview

  • n8n-io
  • n8n

07 Jan 2026
Published
12 Jan 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
5.37%

KEV

Description

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.

Statistics

  • 1 Post

Last activity: 5 hours ago

Bluesky

Profile picture fallback
n8nで複数の重大な脆弱性、大規模スキャンも観測(CVE-2026-25049,CVE-2026-21858) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • VMware ESXi

04 Mar 2025
Published
21 Oct 2025
Updated

CVSS v3.1
HIGH (8.2)
EPSS
6.15%

Description

VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.

Statistics

  • 2 Posts

Last activity: 17 hours ago

Bluesky

Profile picture fallback
Broadcom patched this ESXi arbitrary-write vulnerability (tracked as CVE-2025-22225) almost one year ago, in March 2025, alongside a memory leak (CVE-2025-22226) and a TOCTOU flaw (CVE-2025-22224), and tagged them all as actively exploited zero-days. www.bleepingcomputer.com/news/securit...
  • 0
  • 0
  • 1
  • 17h ago

Overview

  • ESXi

04 Mar 2025
Published
21 Oct 2025
Updated

CVSS v3.1
HIGH (7.1)
EPSS
4.11%

Description

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

Statistics

  • 2 Posts

Last activity: 17 hours ago

Bluesky

Profile picture fallback
Broadcom patched this ESXi arbitrary-write vulnerability (tracked as CVE-2025-22225) almost one year ago, in March 2025, alongside a memory leak (CVE-2025-22226) and a TOCTOU flaw (CVE-2025-22224), and tagged them all as actively exploited zero-days. www.bleepingcomputer.com/news/securit...
  • 0
  • 0
  • 1
  • 17h ago

Overview

  • VMware
  • ESXi

04 Mar 2025
Published
21 Oct 2025
Updated

CVSS v3.1
CRITICAL (9.3)
EPSS
57.74%

Description

VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

Statistics

  • 2 Posts

Last activity: 17 hours ago

Bluesky

Profile picture fallback
Broadcom patched this ESXi arbitrary-write vulnerability (tracked as CVE-2025-22225) almost one year ago, in March 2025, alongside a memory leak (CVE-2025-22226) and a TOCTOU flaw (CVE-2025-22224), and tagged them all as actively exploited zero-days. www.bleepingcomputer.com/news/securit...
  • 0
  • 0
  • 1
  • 17h ago
Showing 31 to 39 of 39 CVEs