[{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31845", "assignerOrgId": "309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c", "state": "PUBLISHED", "assignerShortName": "TuranSec", "dateReserved": "2026-03-09T18:20:23.398Z", "datePublished": "2026-04-11T18:26:46.481Z", "dateUpdated": "2026-04-11T18:35:51.877Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c", "shortName": "TuranSec", "dateUpdated": "2026-04-11T18:35:51.877Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)", "type": "CWE"}]}], "impacts": [{"descriptions": [{"lang": "en", "value": "Successful exploitation allows attackers to execute arbitrary JavaScript in a victim's browser, potentially leading to session hijacking, credential theft, phishing, and account takeover. If privileged users such as administrators are targeted, further compromise of the application may occur."}]}], "affected": [{"vendor": "Rukovoditel", "product": "Rukovoditel CRM", "versions": [{"status": "affected", "version": "3.6.4"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A pre-authenticated reflected cross-site scripting (XSS) vulnerability exists in Rukovoditel CRM version 3.6.4 in the Zadarma telephony API endpoint (/api/tel/zadarma.php). The application directly reflects user-supplied input from the 'zd_echo' GET parameter into the HTTP response without proper sanitization, output encoding, or content-type enforcement.\n\nThe vulnerability is caused by the following code:\n\nif (isset($_GET['zd_echo'])) exit($_GET['zd_echo']);\n\nThis results in arbitrary JavaScript execution in the context of the victim's browser when a crafted URL is visited.\n\nAn attacker can exploit this issue by sending a malicious link such as:\n\nhttps://TARGET/api/tel/zadarma.php?zd_echo=<script>alert('XSS')</script>\n\nWhen a victim clicks the link, the payload executes in the application context, enabling session theft, phishing, and potential account takeover if sensitive users are targeted.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>A pre-authenticated reflected cross-site scripting (XSS) vulnerability exists in Rukovoditel CRM version 3.6.4 in the Zadarma telephony API endpoint (/api/tel/zadarma.php). The application directly reflects user-supplied input from the 'zd_echo' GET parameter into the HTTP response without proper sanitization, output encoding, or content-type enforcement.</p><p>The vulnerability is caused by the following code:</p><p>if (isset($_GET['zd_echo'])) exit($_GET['zd_echo']);</p><p>This results in arbitrary JavaScript execution in the context of the victim's browser when a crafted URL is visited.</p><p>An attacker can exploit this issue by sending a malicious link such as:</p><p>https://TARGET/api/tel/zadarma.php?zd_echo=&lt;script&gt;alert('XSS')&lt;/script&gt;</p><p>When a victim clicks the link, the payload executes in the application context, enabling session theft, phishing, and potential account takeover if sensitive users are targeted.</p>"}]}], "references": [{"url": "https://forum.rukovoditel.net/viewtopic.php?p=22499#p22499"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "CRITICAL", "baseScore": 9.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseSeverity": "CRITICAL", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV2_0": {"version": "2.0", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "credits": [{"lang": "en", "value": "Shukrullo Raximov (Mothra)", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_gcve": [{"recordType": "advisory", "vulnId": "cve-2026-31845"}]}}}, {"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5704", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-04-06T13:37:17.528Z", "datePublished": "2026-04-06T15:17:27.945Z", "dateUpdated": "2026-04-11T18:09:35.974Z"}, "containers": {"cna": {"title": "Tar: tar: hidden file injection via crafted archives", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tar", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:10"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tar", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tar", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tar", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tar", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat Hardened Images", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tar", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:hummingbird:1"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-5704", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455360", "name": "RHBZ#2455360", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-04-06T13:36:20.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-434: Unrestricted Upload of File with Dangerous Type", "workarounds": [{"lang": "en", "value": "To mitigate this issue, avoid extracting archives from untrusted sources. If processing untrusted archives is necessary, do so within a sandboxed environment to limit potential impact."}], "timeline": [{"lang": "en", "time": "2026-04-06T13:36:20.000Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-04-06T13:36:20.000Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Guillermo de Angel Garcia for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-09T16:28:18.636Z"}, "x_generator": {"engine": "cvelib 1.8.0"}, "x_gcve": [{"recordType": "advisory", "vulnId": "cve-2026-5704"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T15:48:15.196926Z", "id": "CVE-2026-5704", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T16:01:07.180Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/04/11/10"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-11T18:09:35.974Z"}}]}}, {"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34933", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-31T17:27:08.659Z", "datePublished": "2026-04-03T22:43:26.683Z", "dateUpdated": "2026-04-11T18:09:34.774Z"}, "containers": {"cna": {"title": "Avahi: Reachable assertion in `transport_flags_from_domain()` via conflicting publish flags crashes avahi-daemon", "problemTypes": [{"descriptions": [{"cweId": "CWE-617", "lang": "en", "description": "CWE-617: Reachable Assertion", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/avahi/avahi/security/advisories/GHSA-w65r-6gxh-vhvc", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/avahi/avahi/security/advisories/GHSA-w65r-6gxh-vhvc"}, {"name": "https://github.com/avahi/avahi/pull/891", "tags": ["x_refsource_MISC"], "url": "https://github.com/avahi/avahi/pull/891"}, {"name": "https://github.com/avahi/avahi/commit/625ca0fac19229f6dfa3a6c6b698ae657187e50c", "tags": ["x_refsource_MISC"], "url": "https://github.com/avahi/avahi/commit/625ca0fac19229f6dfa3a6c6b698ae657187e50c"}], "affected": [{"vendor": "avahi", "product": "avahi", "versions": [{"version": "< 0.9-rc4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-03T22:43:26.683Z"}, "descriptions": [{"lang": "en", "value": "Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local user can crash avahi-daemon by sending a single D-Bus method call with conflicting publish flags. This issue has been patched in version 0.9-rc4."}], "source": {"advisory": "GHSA-w65r-6gxh-vhvc", "discovery": "UNKNOWN"}, "x_gcve": [{"recordType": "advisory", "vulnId": "cve-2026-34933"}]}, "adp": [{"references": [{"url": "https://github.com/avahi/avahi/security/advisories/GHSA-w65r-6gxh-vhvc", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-06T16:09:17.006482Z", "id": "CVE-2026-34933", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T16:09:21.475Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/04/11/9"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-11T18:09:34.774Z"}}]}}, {"modified": "2026-04-11T17:55:17Z", "published": "2026-04-11T17:55:17Z", "schema_version": "1.7.4", "id": "MAL-2026-2560", "summary": "Malicious code in @b2b-portal/uch (npm)", "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (788cf7416f6a8a562c85b711f170c7c1aad0123d0bf4658d1eae3d1392996119)\nThe OpenSSF Package Analysis project identified '@b2b-portal/uch' @ 4.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [{"package": {"ecosystem": "npm", "name": "@b2b-portal/uch"}, "versions": ["4.0.1"]}], "credits": [{"name": "OpenSSF: Package Analysis", "type": "FINDER", "contact": ["https://github.com/ossf/package-analysis", "https://openssf.slack.com/channels/package_analysis"]}], "database_specific": {"malicious-packages-origins": [{"import_time": "2026-04-11T18:14:48.50255408Z", "modified_time": "2026-04-11T17:55:17Z", "sha256": "788cf7416f6a8a562c85b711f170c7c1aad0123d0bf4658d1eae3d1392996119", "source": "ossf-package-analysis", "versions": ["4.0.1"]}]}, "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "mal-2026-2560"}]}}}, {"modified": "2026-04-11T17:14:48Z", "published": "2026-04-11T17:14:47Z", "schema_version": "1.7.4", "id": "MAL-2026-2561", "summary": "Malicious code in robase-help (PyPI)", "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (1d0d99815707deee79d693ff3da777633aa93c69977335456dd51c9dc61125ab)\nDuring installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap.\n\nThe campaign is built over a malicious Roblox API wrapper. The roboat[.]pro domain advertises a wrapper that is either directly malicious (as roboat collected in the campaign 2026-03-rowrap) or uses a malicious dependencies (like roboat-utils). New versions are published simultaneously with malicious dependencies and quickly removed. Another advertisement channel is https://github.com/Addi9000/roboat referencing two active contributors: https://github.com/Addi9000 and https://github.com/RoCruise\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-03-roboat-addition\n\n\nReasons (based on the campaign):\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n\n\n - Downloads and executes a remote executable.\n\n\n - The malicious code is intentionally included in a dependency of the package\n\n\n - malware\n\n\n - clones-real-package\n", "affected": [{"package": {"ecosystem": "PyPI", "name": "robase-help"}, "versions": ["0.0.9"]}], "references": [{"type": "EVIDENCE", "url": "https://www.virustotal.com/gui/file/9f14d239ab8f1289bc7aedeb67d3d72b467ee6c11b201890ab14c5c4f7c175d2/detection"}, {"type": "EVIDENCE", "url": "https://www.virustotal.com/gui/file/48b108261d5de97a42eff81cf1a60a32286f72bf8b5f130959e0daa86b783608"}, {"type": "EVIDENCE", "url": "https://www.virustotal.com/gui/file/ef20289b52ab23ec23c5ff885a2293523ce8456fb00e3d67f1b084c28f7d282a/detection"}, {"type": "WEB", "url": "https://github.com/Addi9000/roboat/blob/331166c8ea3bd080f08fe6d571202e3b47017ed7/README.md#L31"}, {"type": "WEB", "url": "https://github.com/Addi9000/roboat/commit/331166c8ea3bd080f08fe6d571202e3b47017ed7"}, {"type": "WEB", "url": "https://github.com/Addi9000"}, {"type": "WEB", "url": "https://github.com/RoCruise"}, {"type": "WEB", "url": "https://www.roboat.pro/"}, {"type": "WEB", "url": "https://bad-packages.kam193.eu/pypi/package/robase-help"}], "credits": [{"name": "Kamil Ma\u0144kowski (kam193)", "type": "ANALYST", "contact": ["https://github.com/kam193", "https://bad-packages.kam193.eu/"]}], "database_specific": {"iocs": {"domains": ["jolly-violet-def9.staraledreamer.workers.dev", "holy-sun-41ff.staraledreamer.workers.dev", "spring-math-9df3.aledreamsaledreams2.workers.dev"], "urls": ["https://jolly-violet-def9.staraledreamer.workers.dev/DDDD.exe", "https://holy-sun-41ff.staraledreamer.workers.dev/gore.vbs", "https://github.com/betonme27/flies/releases/download/a/s22s.zhr", "https://dawn-thunder-f821.staraledreamer.workers.dev/gore.vbs", "https://green-shadow-38d7.aledreamsaledreams2.workers.dev/tree.vbs", "https://spring-math-9df3.aledreamsaledreams2.workers.dev/winre.bat", "https://github.com/aledreamsaledreqms-source/frakenstein/raw/refs/heads/main/tree.vbs", "https://lingering-field-4351.aledreamer1234.workers.dev/yy.bat"]}, "malicious-packages-origins": [{"id": "pypi/2026-03-roboat-addition/robase-help", "import_time": "2026-04-11T18:15:10.706489155Z", "modified_time": "2026-04-11T17:14:48.007315Z", "sha256": "1d0d99815707deee79d693ff3da777633aa93c69977335456dd51c9dc61125ab", "source": "kam193", "versions": ["0.0.9"]}]}, "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "mal-2026-2561"}]}}}, {"modified": "2026-04-11T17:07:46Z", "published": "2026-04-11T17:07:46Z", "schema_version": "1.7.4", "id": "MAL-2026-2559", "summary": "Malicious code in databasesupalake (PyPI)", "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (ec2327cbf40d485fa6ea474f7cdbe9a352e0a2b27969816ffb22fee6244a8b96)\nDuring installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap.\n\nThe campaign is built over a malicious Roblox API wrapper. The roboat[.]pro domain advertises a wrapper that is either directly malicious (as roboat collected in the campaign 2026-03-rowrap) or uses a malicious dependencies (like roboat-utils). New versions are published simultaneously with malicious dependencies and quickly removed. Another advertisement channel is https://github.com/Addi9000/roboat referencing two active contributors: https://github.com/Addi9000 and https://github.com/RoCruise\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-03-roboat-addition\n\n\nReasons (based on the campaign):\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n\n\n - Downloads and executes a remote executable.\n\n\n - The malicious code is intentionally included in a dependency of the package\n\n\n - malware\n\n\n - clones-real-package\n", "affected": [{"package": {"ecosystem": "PyPI", "name": "databasesupalake"}, "versions": ["1.2.0"]}], "references": [{"type": "EVIDENCE", "url": "https://www.virustotal.com/gui/file/9f14d239ab8f1289bc7aedeb67d3d72b467ee6c11b201890ab14c5c4f7c175d2/detection"}, {"type": "EVIDENCE", "url": "https://www.virustotal.com/gui/file/48b108261d5de97a42eff81cf1a60a32286f72bf8b5f130959e0daa86b783608"}, {"type": "EVIDENCE", "url": "https://www.virustotal.com/gui/file/ef20289b52ab23ec23c5ff885a2293523ce8456fb00e3d67f1b084c28f7d282a/detection"}, {"type": "WEB", "url": "https://github.com/Addi9000/roboat/blob/331166c8ea3bd080f08fe6d571202e3b47017ed7/README.md#L31"}, {"type": "WEB", "url": "https://github.com/Addi9000/roboat/commit/331166c8ea3bd080f08fe6d571202e3b47017ed7"}, {"type": "WEB", "url": "https://github.com/Addi9000"}, {"type": "WEB", "url": "https://github.com/RoCruise"}, {"type": "WEB", "url": "https://www.roboat.pro/"}, {"type": "WEB", "url": "https://bad-packages.kam193.eu/pypi/package/databasesupalake"}], "credits": [{"name": "Kamil Ma\u0144kowski (kam193)", "type": "REPORTER", "contact": ["https://github.com/kam193", "https://bad-packages.kam193.eu/"]}], "database_specific": {"iocs": {"domains": ["jolly-violet-def9.staraledreamer.workers.dev", "holy-sun-41ff.staraledreamer.workers.dev", "spring-math-9df3.aledreamsaledreams2.workers.dev"], "urls": ["https://jolly-violet-def9.staraledreamer.workers.dev/DDDD.exe", "https://holy-sun-41ff.staraledreamer.workers.dev/gore.vbs", "https://github.com/betonme27/flies/releases/download/a/s22s.zhr", "https://dawn-thunder-f821.staraledreamer.workers.dev/gore.vbs", "https://green-shadow-38d7.aledreamsaledreams2.workers.dev/tree.vbs", "https://spring-math-9df3.aledreamsaledreams2.workers.dev/winre.bat", "https://github.com/aledreamsaledreqms-source/frakenstein/raw/refs/heads/main/tree.vbs", "https://lingering-field-4351.aledreamer1234.workers.dev/yy.bat"]}, "malicious-packages-origins": [{"id": "pypi/2026-03-roboat-addition/databasesupalake", "import_time": "2026-04-11T17:45:43.800657587Z", "modified_time": "2026-04-11T17:07:46.151652Z", "sha256": "ec2327cbf40d485fa6ea474f7cdbe9a352e0a2b27969816ffb22fee6244a8b96", "source": "kam193", "versions": ["1.2.0"]}]}, "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "mal-2026-2559"}]}}}, {"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34621", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "state": "PUBLISHED", "assignerShortName": "adobe", "dateReserved": "2026-03-30T17:30:36.490Z", "datePublished": "2026-04-11T06:45:43.512Z", "dateUpdated": "2026-04-11T17:06:40.544Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Acrobat Reader", "vendor": "Adobe", "versions": [{"lessThanOrEqual": "26.001.21367", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2026-04-10T17:00:00.000Z", "descriptions": [{"lang": "en", "value": "Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 9.7, "environmentalSeverity": "CRITICAL", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 9.6, "temporalSeverity": "CRITICAL", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1321", "description": "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2026-04-11T06:45:43.512Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://helpx.adobe.com/security/products/acrobat/apsb26-43.html"}], "source": {"discovery": "EXTERNAL"}, "title": "Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)", "x_gcve": [{"recordType": "advisory", "vulnId": "cve-2026-34621"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-11T17:06:32.007984Z", "id": "CVE-2026-34621", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-11T17:06:40.544Z"}}]}}, {"schema_version": "1.4.0", "id": "GHSA-wqgp-m495-6968", "modified": "2026-04-11T15:30:24Z", "published": "2026-03-18T18:31:17Z", "aliases": ["CVE-2025-71269"], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not free data reservation in fallback from inline due to -ENOSPC\n\nIf we fail to create an inline extent due to -ENOSPC, we will attempt to\ngo through the normal COW path, reserve an extent, create an ordered\nextent, etc. However we were always freeing the reserved qgroup data,\nwhich is wrong since we will use data. Fix this by freeing the reserved\nqgroup data in __cow_file_range_inline() only if we are not doing the\nfallback (ret is <= 0).", "severity": [], "affected": [], "references": [{"type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71269"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/0a1fbbd780f04d1b6cf48dd327c866ba937de1c4"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/3a9fd45afadec1fbfec72057b9473d509fa8b68c"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/3edd1f6c7c520536b62b2904807033597554dbac"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/6de3a371a8b9fd095198b1aa68c22cc10a4c6961"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/f8da41de0bff9eb1d774a7253da0c9f637c4470a"}], "database_specific": {"cwe_ids": [], "severity": null, "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-03-18T18:16:22Z"}, "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "ghsa-wqgp-m495-6968"}]}}}, {"schema_version": "1.4.0", "id": "GHSA-p4gj-pp28-43q4", "modified": "2026-04-11T15:30:24Z", "published": "2026-04-11T15:30:24Z", "aliases": ["CVE-2026-23900"], "details": "Various stored XSS vulnerabilities in the maps- and icon rendering logic in Phoca Maps component 5.0.0-6.0.2 have been discovered.", "severity": [], "affected": [], "references": [{"type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23900"}, {"type": "WEB", "url": "https://phoca.cz"}], "database_specific": {"cwe_ids": ["CWE-79"], "severity": null, "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-04-11T14:16:03Z"}, "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "ghsa-p4gj-pp28-43q4"}]}}}, {"schema_version": "1.4.0", "id": "GHSA-mx2c-4m76-c7r4", "modified": "2026-04-11T15:30:24Z", "published": "2026-03-25T12:30:23Z", "aliases": ["CVE-2026-23360"], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: fix admin queue leak on controller reset\n\nWhen nvme_alloc_admin_tag_set() is called during a controller reset,\na previous admin queue may still exist. Release it properly before\nallocating a new one to avoid orphaning the old queue.\n\nThis fixes a regression introduced by commit 03b3bcd319b3 (\"nvme: fix\nadmin request_queue lifetime\").", "severity": [], "affected": [], "references": [{"type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23360"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/089a6f17881a82c6c6e05f8564a867be0767eade"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/2efbc838a26d3da72d8fe05770bdf869d4ca3ac5"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/64f87b96de0e645a4c066c7cffd753f334446db6"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/6e28bab900e40e4d610b04f9f82e01983d8fb356"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/8eb2b3cdcd9b6631b94b82c1f4f6bc32b40d942f"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/b84bb7bd913d8ca2f976ee6faf4a174f91c02b8d"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/e159eb852aeee95443a9458ecb7d072bbb689913"}], "database_specific": {"cwe_ids": [], "severity": null, "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-03-25T11:16:34Z"}, "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "ghsa-mx2c-4m76-c7r4"}]}}}, {"schema_version": "1.4.0", "id": "GHSA-c47v-8m9c-7hhr", "modified": "2026-04-11T15:30:24Z", "published": "2025-09-05T18:31:16Z", "aliases": ["CVE-2025-38710"], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Validate i_depth for exhash directories\n\nA fuzzer test introduced corruption that ends up with a depth of 0 in\ndir_e_read(), causing an undefined shift by 32 at:\n\n  index = hash >> (32 - dip->i_depth);\n\nAs calculated in an open-coded way in dir_make_exhash(), the minimum\ndepth for an exhash directory is ilog2(sdp->sd_hash_ptrs) and 0 is\ninvalid as sdp->sd_hash_ptrs is fixed as sdp->bsize / 16 at mount time.\n\nSo we can avoid the undefined behaviour by checking for depth values\nlower than the minimum in gfs2_dinode_in(). Values greater than the\nmaximum are already being checked for there.\n\nAlso switch the calculation in dir_make_exhash() to use ilog2() to\nclarify how the depth is calculated.\n\nTested with the syzkaller repro.c and xfstests '-g quick'.", "severity": [{"type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}], "affected": [], "references": [{"type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38710"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/53a0249d68a210c16e961b83adfa82f94ee0a53d"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/557c024ca7250bb65ae60f16c02074106c2f197b"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/9680c58675b82348ab84d387e4fa727f7587e1a0"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/b5f46951e62377b6e406fadc18bc3c5bdf1632a7"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/cddea0c721106ea480371412d8de21705eb27376"}], "database_specific": {"cwe_ids": [], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-09-04T16:15:40Z"}, "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "ghsa-c47v-8m9c-7hhr"}]}}}, {"schema_version": "1.4.0", "id": "GHSA-8fgp-q3pf-q3rh", "modified": "2026-04-11T15:30:24Z", "published": "2026-04-02T12:31:05Z", "aliases": ["CVE-2026-23414"], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: Purge async_hold in tls_decrypt_async_wait()\n\nThe async_hold queue pins encrypted input skbs while\nthe AEAD engine references their scatterlist data. Once\ntls_decrypt_async_wait() returns, every AEAD operation\nhas completed and the engine no longer references those\nskbs, so they can be freed unconditionally.\n\nA subsequent patch adds batch async decryption to\ntls_sw_read_sock(), introducing a new call site that\nmust drain pending AEAD operations and release held\nskbs. Move __skb_queue_purge(&ctx->async_hold) into\ntls_decrypt_async_wait() so the purge is centralized\nand every caller -- recvmsg's drain path, the -EBUSY\nfallback in tls_do_decryption(), and the new read_sock\nbatch path -- releases held skbs on synchronization\nwithout each site managing the purge independently.\n\nThis fixes a leak when tls_strp_msg_hold() fails part-way through,\nafter having added some cloned skbs to the async_hold\nqueue. tls_decrypt_sg() will then call tls_decrypt_async_wait() to\nprocess all pending decrypts, and drop back to synchronous mode, but\ntls_sw_recvmsg() only flushes the async_hold queue when one record has\nbeen processed in \"fully-async\" mode, which may not be the case here.\n\n[pabeni@redhat.com: added leak comment]", "severity": [], "affected": [], "references": [{"type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23414"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/2dcf324855c34e7f934ce978aa19b645a8f3ee71"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/6dc11e0bd0a5466bcc76d275c09e5537bd0597dd"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/84a8335d8300576f1b377ae24abca1d9f197807f"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/9f557c7eae127b44d2e863917dc986a4b6cb1269"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/ac435be7c7613eb13a5a8ceb5182e10b50c9ce87"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/fd8037e1f18ca5336934d0e0e7e1a4fe097e749d"}], "database_specific": {"cwe_ids": [], "severity": null, "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-04-02T12:16:20Z"}, "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "ghsa-8fgp-q3pf-q3rh"}]}}}, {"schema_version": "1.4.0", "id": "GHSA-82h6-xw4j-pq2m", "modified": "2026-04-11T15:30:24Z", "published": "2026-04-06T09:31:42Z", "aliases": ["CVE-2026-31408"], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold\n\nsco_recv_frame() reads conn->sk under sco_conn_lock() but immediately\nreleases the lock without holding a reference to the socket. A concurrent\nclose() can free the socket between the lock release and the subsequent\nsk->sk_state access, resulting in a use-after-free.\n\nOther functions in the same file (sco_sock_timeout(), sco_conn_del())\ncorrectly use sco_sock_hold() to safely hold a reference under the lock.\n\nFix by using sco_sock_hold() to take a reference before releasing the\nlock, and adding sock_put() on all exit paths.", "severity": [], "affected": [], "references": [{"type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31408"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/108b81514d8f2535eb16651495cefb2250528db3"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/45aaca995e4a7a05b272a58e7ab2fff4f611b8f1"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/598dbba9919c5e36c54fe1709b557d64120cb94b"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/7197462e90b8ce15caa1ae15d4bc2bb8cd21b11e"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/b0a7da0e3f7442545f071499beb36374714bb9de"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/e76e8f0581ef555eacc11dbb095e602fb30a5361"}], "database_specific": {"cwe_ids": [], "severity": null, "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-04-06T08:16:38Z"}, "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "ghsa-82h6-xw4j-pq2m"}]}}}, {"schema_version": "1.4.0", "id": "GHSA-57pg-f379-59c5", "modified": "2026-04-11T15:30:24Z", "published": "2025-09-16T15:32:35Z", "aliases": ["CVE-2025-39816"], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths\n\nSince the buffers are mapped from userspace, it is prudent to use\nREAD_ONCE() to read the value into a local variable, and use that for\nany other actions taken. Having a stable read of the buffer length\navoids worrying about it changing after checking, or being read multiple\ntimes.\n\nSimilarly, the buffer may well change in between it being picked and\nbeing committed. Ensure the looping for incremental ring buffer commit\nstops if it hits a zero sized buffer, as no further progress can be made\nat that point.", "severity": [{"type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}], "affected": [], "references": [{"type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39816"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/390a61d284e1ced088d43928dfcf6f86fffdd780"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/695673eb5711ee5eb1769481cf1503714716a7d1"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/91f262ea2a76a02d9e37dba6637cfe6feebb20a8"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/98b6fa62c84f2e129161e976a5b9b3cb4ccd117b"}], "database_specific": {"cwe_ids": [], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-09-16T13:15:56Z"}, "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "ghsa-57pg-f379-59c5"}]}}}, {"schema_version": "1.4.0", "id": "GHSA-4r22-fj9f-vv8r", "modified": "2026-04-11T15:30:24Z", "published": "2026-03-25T12:30:24Z", "aliases": ["CVE-2026-23389"], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix memory leak in ice_set_ringparam()\n\nIn ice_set_ringparam, tx_rings and xdp_rings are allocated before\nrx_rings. If the allocation of rx_rings fails, the code jumps to\nthe done label leaking both tx_rings and xdp_rings. Furthermore, if\nthe setup of an individual Rx ring fails during the loop, the code jumps\nto the free_tx label which releases tx_rings but leaks xdp_rings.\n\nFix this by introducing a free_xdp label and updating the error paths to\nensure both xdp_rings and tx_rings are properly freed if rx_rings\nallocation or setup fails.\n\nCompile tested only. Issue found using a prototype static analysis tool\nand code review.", "severity": [], "affected": [], "references": [{"type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23389"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/44ba32a892b72de3faa04b8cfb1f2f1418fdd580"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/63dc317dfcd3faffd082c2bf3080f9ad070273da"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/b23282218eca27b710111460b4964c8a456c6c44"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/fe868b499d16f55bbeea89992edb98043c9de416"}], "database_specific": {"cwe_ids": [], "severity": null, "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-03-25T11:16:39Z"}, "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "ghsa-4r22-fj9f-vv8r"}]}}}, {"schema_version": "1.4.0", "id": "GHSA-4g8j-hwjq-h8fr", "modified": "2026-04-11T15:30:24Z", "published": "2025-12-04T18:30:52Z", "aliases": ["CVE-2025-40242"], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix unlikely race in gdlm_put_lock\n\nIn gdlm_put_lock(), there is a small window of time in which the\nDFL_UNMOUNT flag has been set but the lockspace hasn't been released,\nyet.  In that window, dlm may still call gdlm_ast() and gdlm_bast().\nTo prevent it from dereferencing freed glock objects, only free the\nglock if the lockspace has actually been released.", "severity": [], "affected": [], "references": [{"type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40242"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/279bde3bbb0ac0bad5c729dfa85983d75a5d7641"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/28c4d9bc0708956c1a736a9e49fee71b65deee81"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/4913592a3358f6ec366b8346b733d5e2360b08e1"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/5fdc1474e678eea1700aa266c0b7c2c96f81dd0d"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/64c61b4ac645222fa7b724cef616c1f862a72a40"}], "database_specific": {"cwe_ids": [], "severity": null, "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-12-04T16:16:17Z"}, "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "ghsa-4g8j-hwjq-h8fr"}]}}}, {"schema_version": "1.4.0", "id": "GHSA-2rf6-4xf4-32wc", "modified": "2026-04-11T15:30:24Z", "published": "2025-12-16T15:30:47Z", "aliases": ["CVE-2025-68265"], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: fix admin request_queue lifetime\n\nThe namespaces can access the controller's admin request_queue, and\nstale references on the namespaces may exist after tearing down the\ncontroller. Ensure the admin request_queue is active by moving the\ncontroller's 'put' to after all controller references have been released\nto ensure no one is can access the request_queue. This fixes a reported\nuse-after-free bug:\n\n  BUG: KASAN: slab-use-after-free in blk_queue_enter+0x41c/0x4a0\n  Read of size 8 at addr ffff88c0a53819f8 by task nvme/3287\n  CPU: 67 UID: 0 PID: 3287 Comm: nvme Tainted: G            E       6.13.2-ga1582f1a031e #15\n  Tainted: [E]=UNSIGNED_MODULE\n  Hardware name: Jabil /EGS 2S MB1, BIOS 1.00 06/18/2025\n  Call Trace:\n   <TASK>\n   dump_stack_lvl+0x4f/0x60\n   print_report+0xc4/0x620\n   ? _raw_spin_lock_irqsave+0x70/0xb0\n   ? _raw_read_unlock_irqrestore+0x30/0x30\n   ? blk_queue_enter+0x41c/0x4a0\n   kasan_report+0xab/0xe0\n   ? blk_queue_enter+0x41c/0x4a0\n   blk_queue_enter+0x41c/0x4a0\n   ? __irq_work_queue_local+0x75/0x1d0\n   ? blk_queue_start_drain+0x70/0x70\n   ? irq_work_queue+0x18/0x20\n   ? vprintk_emit.part.0+0x1cc/0x350\n   ? wake_up_klogd_work_func+0x60/0x60\n   blk_mq_alloc_request+0x2b7/0x6b0\n   ? __blk_mq_alloc_requests+0x1060/0x1060\n   ? __switch_to+0x5b7/0x1060\n   nvme_submit_user_cmd+0xa9/0x330\n   nvme_user_cmd.isra.0+0x240/0x3f0\n   ? force_sigsegv+0xe0/0xe0\n   ? nvme_user_cmd64+0x400/0x400\n   ? vfs_fileattr_set+0x9b0/0x9b0\n   ? cgroup_update_frozen_flag+0x24/0x1c0\n   ? cgroup_leave_frozen+0x204/0x330\n   ? nvme_ioctl+0x7c/0x2c0\n   blkdev_ioctl+0x1a8/0x4d0\n   ? blkdev_common_ioctl+0x1930/0x1930\n   ? fdget+0x54/0x380\n   __x64_sys_ioctl+0x129/0x190\n   do_syscall_64+0x5b/0x160\n   entry_SYSCALL_64_after_hwframe+0x4b/0x53\n  RIP: 0033:0x7f765f703b0b\n  Code: ff ff ff 85 c0 79 9b 49 c7 c4 ff ff ff ff 5b 5d 4c 89 e0 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d dd 52 0f 00 f7 d8 64 89 01 48\n  RSP: 002b:00007ffe2cefe808 EFLAGS: 00000202 ORIG_RAX: 0000000000000010\n  RAX: ffffffffffffffda RBX: 00007ffe2cefe860 RCX: 00007f765f703b0b\n  RDX: 00007ffe2cefe860 RSI: 00000000c0484e41 RDI: 0000000000000003\n  RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000000\n  R10: 00007f765f611d50 R11: 0000000000000202 R12: 0000000000000003\n  R13: 00000000c0484e41 R14: 0000000000000001 R15: 00007ffe2cefea60\n   </TASK>", "severity": [], "affected": [], "references": [{"type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68265"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/03b3bcd319b3ab5182bc9aaa0421351572c78ac0"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/4896491c497226022626c3acc46044fd182f943c"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/a505f0ba36ab24176c300d7ff56aff85c2977e6c"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/e7dac681790556c131854b97551337aa8042215b"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/e8061d02b49c5c901980f58d91e96580e9a14acf"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/ff037b5f47eeccc1636c03f84cd47db094eb73c9"}], "database_specific": {"cwe_ids": [], "severity": null, "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-12-16T15:15:56Z"}, "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "ghsa-2rf6-4xf4-32wc"}]}}}, {"schema_version": "1.4.0", "id": "GHSA-2g4m-3wvw-crq2", "modified": "2026-04-11T15:30:24Z", "published": "2026-04-01T09:31:27Z", "aliases": ["CVE-2026-23401"], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE\n\nWhen installing an emulated MMIO SPTE, do so *after* dropping/zapping the\nexisting SPTE (if it's shadow-present).  While commit a54aa15c6bda3 was\nright about it being impossible to convert a shadow-present SPTE to an\nMMIO SPTE due to a _guest_ write, it failed to account for writes to guest\nmemory that are outside the scope of KVM.\n\nE.g. if host userspace modifies a shadowed gPTE to switch from a memslot\nto emulted MMIO and then the guest hits a relevant page fault, KVM will\ninstall the MMIO SPTE without first zapping the shadow-present SPTE.\n\n  ------------[ cut here ]------------\n  is_shadow_present_pte(*sptep)\n  WARNING: arch/x86/kvm/mmu/mmu.c:484 at mark_mmio_spte+0xb2/0xc0 [kvm], CPU#0: vmx_ept_stale_r/4292\n  Modules linked in: kvm_intel kvm irqbypass\n  CPU: 0 UID: 1000 PID: 4292 Comm: vmx_ept_stale_r Not tainted 7.0.0-rc2-eafebd2d2ab0-sink-vm #319 PREEMPT\n  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n  RIP: 0010:mark_mmio_spte+0xb2/0xc0 [kvm]\n  Call Trace:\n   <TASK>\n   mmu_set_spte+0x237/0x440 [kvm]\n   ept_page_fault+0x535/0x7f0 [kvm]\n   kvm_mmu_do_page_fault+0xee/0x1f0 [kvm]\n   kvm_mmu_page_fault+0x8d/0x620 [kvm]\n   vmx_handle_exit+0x18c/0x5a0 [kvm_intel]\n   kvm_arch_vcpu_ioctl_run+0xc55/0x1c20 [kvm]\n   kvm_vcpu_ioctl+0x2d5/0x980 [kvm]\n   __x64_sys_ioctl+0x8a/0xd0\n   do_syscall_64+0xb5/0x730\n   entry_SYSCALL_64_after_hwframe+0x4b/0x53\n  RIP: 0033:0x47fa3f\n   </TASK>\n  ---[ end trace 0000000000000000 ]---", "severity": [], "affected": [], "references": [{"type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23401"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/459158151a158a6703b49f3c9de0e536d8bd553f"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/695320de6eadb75aaed8be1787c4ce4c189e4c7b"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/aad885e774966e97b675dfe928da164214a71605"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/bce7fe59d43531623f3e43779127bfb33804925d"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/ed5909992f344a7d3f4024261e9f751d9618a27d"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/fd28c5618699180cd69619801e9ae6a5266c0a22"}], "database_specific": {"cwe_ids": [], "severity": null, "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-04-01T09:16:15Z"}, "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "ghsa-2g4m-3wvw-crq2"}]}}}, {"schema_version": "1.4.0", "id": "GHSA-x689-8m9r-8332", "modified": "2026-04-11T15:30:23Z", "published": "2025-05-20T18:30:56Z", "aliases": ["CVE-2025-37945"], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY\n\nDSA has 2 kinds of drivers:\n\n1. Those who call dsa_switch_suspend() and dsa_switch_resume() from\n   their device PM ops: qca8k-8xxx, bcm_sf2, microchip ksz\n2. Those who don't: all others. The above methods should be optional.\n\nFor type 1, dsa_switch_suspend() calls dsa_user_suspend() -> phylink_stop(),\nand dsa_switch_resume() calls dsa_user_resume() -> phylink_start().\nThese seem good candidates for setting mac_managed_pm = true because\nthat is essentially its definition [1], but that does not seem to be the\nbiggest problem for now, and is not what this change focuses on.\n\nTalking strictly about the 2nd category of DSA drivers here (which\ndo not have MAC managed PM, meaning that for their attached PHYs,\nmdio_bus_phy_suspend() and mdio_bus_phy_resume() should run in full),\nI have noticed that the following warning from mdio_bus_phy_resume() is\ntriggered:\n\n\tWARN_ON(phydev->state != PHY_HALTED && phydev->state != PHY_READY &&\n\t\tphydev->state != PHY_UP);\n\nbecause the PHY state machine is running.\n\nIt's running as a result of a previous dsa_user_open() -> ... ->\nphylink_start() -> phy_start() having been initiated by the user.\n\nThe previous mdio_bus_phy_suspend() was supposed to have called\nphy_stop_machine(), but it didn't. So this is why the PHY is in state\nPHY_NOLINK by the time mdio_bus_phy_resume() runs.\n\nmdio_bus_phy_suspend() did not call phy_stop_machine() because for\nphylink, the phydev->adjust_link function pointer is NULL. This seems a\ntechnicality introduced by commit fddd91016d16 (\"phylib: fix PAL state\nmachine restart on resume\"). That commit was written before phylink\nexisted, and was intended to avoid crashing with consumer drivers which\ndon't use the PHY state machine - phylink always does, when using a PHY.\nBut phylink itself has historically not been developed with\nsuspend/resume in mind, and apparently not tested too much in that\nscenario, allowing this bug to exist unnoticed for so long. Plus, prior\nto the WARN_ON(), it would have likely been invisible.\n\nThis issue is not in fact restricted to type 2 DSA drivers (according to\nthe above ad-hoc classification), but can be extrapolated to any MAC\ndriver with phylink and MDIO-bus-managed PHY PM ops. DSA is just where\nthe issue was reported. Assuming mac_managed_pm is set correctly, a\nquick search indicates the following other drivers might be affected:\n\n$ grep -Zlr PHYLINK_NETDEV drivers/ | xargs -0 grep -L mac_managed_pm\ndrivers/net/ethernet/atheros/ag71xx.c\ndrivers/net/ethernet/microchip/sparx5/sparx5_main.c\ndrivers/net/ethernet/microchip/lan966x/lan966x_main.c\ndrivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c\ndrivers/net/ethernet/freescale/fs_enet/fs_enet-main.c\ndrivers/net/ethernet/freescale/dpaa/dpaa_eth.c\ndrivers/net/ethernet/freescale/ucc_geth.c\ndrivers/net/ethernet/freescale/enetc/enetc_pf_common.c\ndrivers/net/ethernet/marvell/mvpp2/mvpp2_main.c\ndrivers/net/ethernet/marvell/mvneta.c\ndrivers/net/ethernet/marvell/prestera/prestera_main.c\ndrivers/net/ethernet/mediatek/mtk_eth_soc.c\ndrivers/net/ethernet/altera/altera_tse_main.c\ndrivers/net/ethernet/wangxun/txgbe/txgbe_phy.c\ndrivers/net/ethernet/meta/fbnic/fbnic_phylink.c\ndrivers/net/ethernet/tehuti/tn40_phy.c\ndrivers/net/ethernet/mscc/ocelot_net.c\n\nMake the existing conditions dependent on the PHY device having a\nphydev->phy_link_change() implementation equal to the default\nphy_link_change() provided by phylib. Otherwise, we implicitly know that\nthe phydev has the phylink-provided phylink_phy_change() callback, and\nwhen phylink is used, the PHY state machine always needs to be stopped/\nstarted on the suspend/resume path. The code is structured as such that\nif phydev->phy_link_change() is absent, it is a matter of time until the\nkernel will crash - no need to further complicate the test.\n\nThus, for the situation where the PM is not managed b\n---truncated---", "severity": [{"type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}], "affected": [], "references": [{"type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37945"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/043aa41c43f8cb9cce75367ea07895ce68b5abb0"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/17eef1e44883845b9567afc893dc41e004c08d65"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/54e5d00a8de6c13f6c01a94ed48025e882cd15f7"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/a6ed6f8ec81b8ca7100dcd9e62bdbc0dff1b2259"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/bd4037d51d3f6667636a1383e78e48a5b7b60755"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/fc75ea20ffb452652f0d4033f38fe88d7cfdae35"}], "database_specific": {"cwe_ids": ["CWE-476"], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-05-20T16:15:32Z"}, "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "ghsa-x689-8m9r-8332"}]}}}, {"schema_version": "1.4.0", "id": "GHSA-rvcc-g859-q9qh", "modified": "2026-04-11T15:30:23Z", "published": "2024-05-01T06:31:43Z", "aliases": ["CVE-2024-27022"], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfork: defer linking file vma until vma is fully initialized\n\nThorvald reported a WARNING [1]. And the root cause is below race:\n\n CPU 1\t\t\t\t\tCPU 2\n fork\t\t\t\t\thugetlbfs_fallocate\n  dup_mmap\t\t\t\t hugetlbfs_punch_hole\n   i_mmap_lock_write(mapping);\n   vma_interval_tree_insert_after -- Child vma is visible through i_mmap tree.\n   i_mmap_unlock_write(mapping);\n   hugetlb_dup_vma_private -- Clear vma_lock outside i_mmap_rwsem!\n\t\t\t\t\t i_mmap_lock_write(mapping);\n   \t\t\t\t\t hugetlb_vmdelete_list\n\t\t\t\t\t  vma_interval_tree_foreach\n\t\t\t\t\t   hugetlb_vma_trylock_write -- Vma_lock is cleared.\n   tmp->vm_ops->open -- Alloc new vma_lock outside i_mmap_rwsem!\n\t\t\t\t\t   hugetlb_vma_unlock_write -- Vma_lock is assigned!!!\n\t\t\t\t\t i_mmap_unlock_write(mapping);\n\nhugetlb_dup_vma_private() and hugetlb_vm_op_open() are called outside\ni_mmap_rwsem lock while vma lock can be used in the same time.  Fix this\nby deferring linking file vma until vma is fully initialized.  Those vmas\nshould be initialized first before they can be used.", "severity": [{"type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}], "affected": [], "references": [{"type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27022"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/04b0c41912349aff11a1bbaef6a722bd7fbb90ac"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/0c42f7e039aba3de6d7dbf92da708e2b2ecba557"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/2e5cbab8ccbfc7d4a3d8a21d3c2a1f2c1aa29b5b"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/35e351780fa9d8240dd6f7e4f245f9ea37e96c19"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/abdb88dd272bbeb93efe01d8e0b7b17e24af3a34"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/cec11fa2eb512ebe3a459c185f4aca1d44059bbf"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/dd782da470761077f4d1120e191f1a35787cda6e"}, {"type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53"}, {"type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY"}, {"type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW"}], "database_specific": {"cwe_ids": ["CWE-908"], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-01T06:15:21Z"}, "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "ghsa-rvcc-g859-q9qh"}]}}}, {"schema_version": "1.4.0", "id": "GHSA-fh88-v2mj-cp79", "modified": "2026-04-11T15:30:23Z", "published": "2024-10-21T15:32:26Z", "aliases": ["CVE-2024-47736"], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: handle overlapped pclusters out of crafted images properly\n\nsyzbot reported a task hang issue due to a deadlock case where it is\nwaiting for the folio lock of a cached folio that will be used for\ncache I/Os.\n\nAfter looking into the crafted fuzzed image, I found it's formed with\nseveral overlapped big pclusters as below:\n\n Ext:   logical offset   |  length :     physical offset    |  length\n   0:        0..   16384 |   16384 :     151552..    167936 |   16384\n   1:    16384..   32768 |   16384 :     155648..    172032 |   16384\n   2:    32768..   49152 |   16384 :  537223168.. 537239552 |   16384\n...\n\nHere, extent 0/1 are physically overlapped although it's entirely\n_impossible_ for normal filesystem images generated by mkfs.\n\nFirst, managed folios containing compressed data will be marked as\nup-to-date and then unlocked immediately (unlike in-place folios) when\ncompressed I/Os are complete.  If physical blocks are not submitted in\nthe incremental order, there should be separate BIOs to avoid dependency\nissues.  However, the current code mis-arranges z_erofs_fill_bio_vec()\nand BIO submission which causes unexpected BIO waits.\n\nSecond, managed folios will be connected to their own pclusters for\nefficient inter-queries.  However, this is somewhat hard to implement\neasily if overlapped big pclusters exist.  Again, these only appear in\nfuzzed images so let's simply fall back to temporary short-lived pages\nfor correctness.\n\nAdditionally, it justifies that referenced managed folios cannot be\ntruncated for now and reverts part of commit 2080ca1ed3e4 (\"erofs: tidy\nup `struct z_erofs_bvec`\") for simplicity although it shouldn't be any\ndifference.", "severity": [{"type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}], "affected": [], "references": [{"type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47736"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/1bf7e414cac303c9aec1be67872e19be8b64980c"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/9cfa199bcbbbba31cbf97b2786f44f4464f3f29a"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/9e2f9d34dd12e6e5b244ec488bcebd0c2d566c50"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/b9b30af0e86ffb485301ecd83b9129c9dfb7ebf8"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/c1172e65aad4b115392ea4c6e61e56e5b9b69df4"}], "database_specific": {"cwe_ids": ["CWE-667"], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-10-21T13:15:03Z"}, "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "ghsa-fh88-v2mj-cp79"}]}}}, {"schema_version": "1.4.0", "id": "GHSA-87cq-2fcr-7xh3", "modified": "2026-04-11T15:30:23Z", "published": "2025-07-10T09:32:30Z", "aliases": ["CVE-2025-38303"], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: eir: Fix possible crashes on eir_create_adv_data\n\neir_create_adv_data may attempt to add EIR_FLAGS and EIR_TX_POWER\nwithout checking if that would fit.", "severity": [{"type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}], "affected": [], "references": [{"type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38303"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/2af40d795d3fb0ee5c074b7ac56ab22402aa6e4f"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/2d4588f55cc10fc228f3b46469dbfb3f0a8b13c8"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/47c03902269aff377f959dc3fd94a9733aa31d6e"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/b9db0c27e73b7c8a19384a44af527edfda74ff3d"}], "database_specific": {"cwe_ids": [], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-07-10T08:15:29Z"}, "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "ghsa-87cq-2fcr-7xh3"}]}}}, {"schema_version": "1.4.0", "id": "GHSA-3hqw-p326-56f7", "modified": "2026-04-11T15:30:23Z", "published": "2025-05-20T18:30:58Z", "aliases": ["CVE-2025-37980"], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix resource leak in blk_register_queue() error path\n\nWhen registering a queue fails after blk_mq_sysfs_register() is\nsuccessful but the function later encounters an error, we need\nto clean up the blk_mq_sysfs resources.\n\nAdd the missing blk_mq_sysfs_unregister() call in the error path\nto properly clean up these resources and prevent a memory leak.", "severity": [{"type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}], "affected": [], "references": [{"type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37980"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/40f2eb9b531475dd01b683fdaf61ca3cfd03a51e"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/41e43134ddda35949974be40520460a12dda3502"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/549cbbd14bbec12469ceb279b79c763c8a24224e"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/55a7bb2708f7c7c5b366d4e40916113168a3824c"}, {"type": "WEB", "url": "https://git.kernel.org/stable/c/6af6d5feebf9423ab3b252831d1f52de31a8b5e0"}], "database_specific": {"cwe_ids": ["CWE-401"], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-05-20T17:15:48Z"}, "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "ghsa-3hqw-p326-56f7"}]}}}, {"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35537", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-04-03T03:28:28.897Z", "datePublished": "2026-04-03T03:28:29.321Z", "dateUpdated": "2026-04-11T14:12:39.387Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Webmail", "vendor": "Roundcube", "versions": [{"lessThan": "1.5.14", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "1.6.14", "status": "affected", "version": "1.6.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations by unauthenticated attackers via crafted session data."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-03T03:28:29.321Z"}, "references": [{"url": "https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14"}, {"url": "https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5"}, {"url": "https://github.com/roundcube/roundcubemail/commit/6d586cfa4d8a31f7957f7a445aaedd52592a0e74"}, {"url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.14"}, {"url": "https://github.com/roundcube/roundcubemail/commit/a4ead994d2f0ea92e4a1603196a197e0d5df1620"}, {"url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.14"}, {"url": "https://github.com/roundcube/roundcubemail/commit/618c5428edc69fb088e7ac6c89e506dd39df3"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "x_gcve": [{"recordType": "advisory", "vulnId": "cve-2026-35537"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-03T13:11:34.838938Z", "id": "CVE-2026-35537", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T13:11:42.666Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/04/11/6"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-11T14:12:39.387Z"}}]}}, {"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0966", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-01-14T21:54:59.132Z", "datePublished": "2026-03-26T20:06:28.313Z", "dateUpdated": "2026-04-11T14:56:45.344Z"}, "containers": {"cna": {"title": "Libssh: buffer underflow in ssh_get_hexa() on invalid input", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.0"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "The API function `ssh_get_hexa()` is vulnerable, when 0-lenght\ninput is provided to this function. This function is used internally\nin `ssh_get_fingerprint_hash()` and `ssh_print_hexa()` (deprecated),\nwhich is vulnerable to the same input (length is provided by the\ncalling application).\n\nThe function is also used internally in the gssapi code for logging\nthe OIDs received by the server during GSSAPI authentication. This\ncould be triggered remotely, when the server allows GSSAPI authentication\nand logging verbosity is set at least to SSH_LOG_PACKET (3). This\ncould cause self-DoS of the per-connection daemon process."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:10"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh2", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh2", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat Hardened Images", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh2", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:hummingbird:1"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhcos", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-0966", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433121", "name": "RHBZ#2433121", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/"}], "datePublic": "2026-02-10T18:47:15.531Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-124", "description": "Buffer Underwrite ('Buffer Underflow')", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-124: Buffer Underwrite ('Buffer Underflow')", "workarounds": [{"lang": "en", "value": "To mitigate this issue, consider disabling GSSAPI authentication if it is not required, or reduce the `LogLevel` in the `sshd_config` file to a value lower than `SSH_LOG_PACKET` (e.g., `INFO`).\n\nTo disable GSSAPI authentication, add or modify the following line in `/etc/ssh/sshd_config`:\n`GSSAPIAuthentication no`\n\nTo reduce logging verbosity, add or modify the following line in `/etc/ssh/sshd_config`:\n`LogLevel INFO`\n\nAfter making changes to `sshd_config`, the `sshd` service must be restarted for the changes to take effect. This may temporarily interrupt active SSH sessions."}], "timeline": [{"lang": "en", "time": "2026-01-26T23:14:46.617Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-02-10T18:47:15.531Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Jakub Jelen (libssh), Jun Xu, Kang Yang, and Yunhang Zhang for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-11T14:56:45.344Z"}, "x_generator": {"engine": "cvelib 1.8.0"}, "x_gcve": [{"recordType": "advisory", "vulnId": "cve-2026-0966"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T19:52:22.819171Z", "id": "CVE-2026-0966", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T20:01:45.907Z"}}]}}, {"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0968", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-01-14T21:55:14.053Z", "datePublished": "2026-03-26T20:06:29.554Z", "dateUpdated": "2026-04-11T14:51:51.891Z"}, "containers": {"cna": {"title": "Libssh: libssh: denial of service due to malformed sftp message", "metrics": [{"other": {"content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can cause unexpected behavior or lead to a denial of service (DoS) due to application crashes."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:10"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh2", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh2", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat Hardened Images", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh2", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:hummingbird:1"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhcos", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-0968", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436982", "name": "RHBZ#2436982", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/"}], "datePublic": "2026-02-10T18:46:58.858Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-476: NULL Pointer Dereference", "timeline": [{"lang": "en", "time": "2026-02-04T23:46:17.534Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-02-10T18:46:58.858Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Jakub Jelen (libssh) and nevv (CTyun Red-Shield Security Lab) for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-11T14:51:51.891Z"}, "x_generator": {"engine": "cvelib 1.8.0"}, "x_gcve": [{"recordType": "advisory", "vulnId": "cve-2026-0968"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T20:21:00.402985Z", "id": "CVE-2026-0968", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T20:21:08.780Z"}}]}}, {"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0967", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-01-14T21:55:01.348Z", "datePublished": "2026-03-26T20:06:30.707Z", "dateUpdated": "2026-04-11T14:51:43.159Z"}, "containers": {"cna": {"title": "Libssh: libssh: denial of service via inefficient regular expression processing", "metrics": [{"other": {"content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L", "version": "3.0"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft specific hostnames that when processed by the `match_pattern()` function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion, resulting in a Denial of Service (DoS) for the client."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:10"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh2", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh2", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat Hardened Images", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh2", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:hummingbird:1"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhcos", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-0967", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436981", "name": "RHBZ#2436981", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/"}], "datePublic": "2026-02-10T18:47:09.215Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-1333", "description": "Inefficient Regular Expression Complexity", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-1333: Inefficient Regular Expression Complexity", "workarounds": [{"lang": "en", "value": "Avoid using complex patterns in configuration files and known_hosts."}], "timeline": [{"lang": "en", "time": "2026-02-04T23:43:23.869Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-02-10T18:47:09.215Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Jakub Jelen (libssh) and Kang Yang for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-11T14:51:43.159Z"}, "x_generator": {"engine": "cvelib 1.8.0"}, "x_gcve": [{"recordType": "advisory", "vulnId": "cve-2026-0967"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T13:36:27.743421Z", "id": "CVE-2026-0967", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T13:56:05.036Z"}}]}}, {"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0965", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-01-14T21:54:51.315Z", "datePublished": "2026-03-26T20:06:33.336Z", "dateUpdated": "2026-04-11T14:51:43.182Z"}, "containers": {"cna": {"title": "Libssh: libssh: denial of service via improper configuration file handling", "metrics": [{"other": {"content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to try and access dangerous files, such as block devices or large system files, which can disrupt normal operations."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:10"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh2", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh2", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat Hardened Images", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh2", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:hummingbird:1"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhcos", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-0965", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436980", "name": "RHBZ#2436980", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-02-10T18:47:22.524Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-73", "description": "External Control of File Name or Path", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-73: External Control of File Name or Path", "workarounds": [{"lang": "en", "value": "Ensure the client and server are using only regular files as configuration."}], "timeline": [{"lang": "en", "time": "2026-02-04T23:40:45.160Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-02-10T18:47:22.524Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Jakub Jelen (libssh) and Kang Yang for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-11T14:51:43.182Z"}, "x_generator": {"engine": "cvelib 1.8.0"}, "x_gcve": [{"recordType": "advisory", "vulnId": "cve-2026-0965"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T11:31:36.431851Z", "id": "CVE-2026-0965", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T11:31:45.667Z"}}]}}, {"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0964", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-01-14T21:54:31.925Z", "datePublished": "2026-03-26T20:06:28.871Z", "dateUpdated": "2026-04-11T14:51:43.325Z"}, "containers": {"cna": {"title": "Libssh: improper sanitation of paths received from scp servers", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.0"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A malicious SCP server can send unexpected paths that could make the\nclient application override local files outside of working directory.\nThis could be misused to create malicious executable or configuration\nfiles and make the user execute them under specific consequences.\n\nThis is the same issue as in OpenSSH, tracked as CVE-2019-6111."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:10"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh2", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh2", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat Hardened Images", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh2", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:hummingbird:1"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhcos", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-0964", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436979", "name": "RHBZ#2436979", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/"}], "datePublic": "2026-02-10T18:44:42.346Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "workarounds": [{"lang": "en", "value": "Do not use SCP! SCP is deprecated for several years and will\nbe removed in future releases!\n\nIf you have to, the application MUST validate the path returned\nfrom `ssh_scp_request_get_filename()` is the path the application\nrequested. The libssh does not do any writing in this case."}], "timeline": [{"lang": "en", "time": "2026-02-04T23:37:53.443Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-02-10T18:44:42.346Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank CTyun (Red-Shield Security Lab) and Jakub Jelen (libssh) for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-11T14:51:43.325Z"}, "x_generator": {"engine": "cvelib 1.8.0"}, "x_gcve": [{"recordType": "advisory", "vulnId": "cve-2026-0964"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T20:30:10.238699Z", "id": "CVE-2026-0964", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T20:30:22.993Z"}}]}}, {"modified": "2026-04-11T14:19:01Z", "published": "2026-04-11T14:18:43Z", "schema_version": "1.7.4", "id": "MAL-2026-2556", "summary": "Malicious code in api-analysis (PyPI)", "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (8ba11f1706dc7e5b86a76316bf4f8dbd6e7486d8ad8da568a6e6075ca8d0d75f)\nDuring installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap.\n\nThe campaign is built over a malicious Roblox API wrapper. The roboat[.]pro domain advertises a wrapper that is either directly malicious (as roboat collected in the campaign 2026-03-rowrap) or uses a malicious dependencies (like roboat-utils). New versions are published simultaneously with malicious dependencies and quickly removed. Another advertisement channel is https://github.com/Addi9000/roboat referencing two active contributors: https://github.com/Addi9000 and https://github.com/RoCruise\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-03-roboat-addition\n\n\nReasons (based on the campaign):\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n\n\n - Downloads and executes a remote executable.\n\n\n - The malicious code is intentionally included in a dependency of the package\n\n\n - malware\n\n\n - clones-real-package\n", "affected": [{"package": {"ecosystem": "PyPI", "name": "api-analysis"}, "versions": ["0.0.8"]}], "references": [{"type": "EVIDENCE", "url": "https://www.virustotal.com/gui/file/9f14d239ab8f1289bc7aedeb67d3d72b467ee6c11b201890ab14c5c4f7c175d2/detection"}, {"type": "EVIDENCE", "url": "https://www.virustotal.com/gui/file/48b108261d5de97a42eff81cf1a60a32286f72bf8b5f130959e0daa86b783608"}, {"type": "EVIDENCE", "url": "https://www.virustotal.com/gui/file/ef20289b52ab23ec23c5ff885a2293523ce8456fb00e3d67f1b084c28f7d282a/detection"}, {"type": "WEB", "url": "https://github.com/Addi9000/roboat/blob/331166c8ea3bd080f08fe6d571202e3b47017ed7/README.md#L31"}, {"type": "WEB", "url": "https://github.com/Addi9000/roboat/commit/331166c8ea3bd080f08fe6d571202e3b47017ed7"}, {"type": "WEB", "url": "https://github.com/Addi9000"}, {"type": "WEB", "url": "https://github.com/RoCruise"}, {"type": "WEB", "url": "https://www.roboat.pro/"}, {"type": "WEB", "url": "https://bad-packages.kam193.eu/pypi/package/api-analysis"}], "credits": [{"name": "Kamil Ma\u0144kowski (kam193)", "type": "ANALYST", "contact": ["https://github.com/kam193", "https://bad-packages.kam193.eu/"]}], "database_specific": {"iocs": {"domains": ["jolly-violet-def9.staraledreamer.workers.dev", "holy-sun-41ff.staraledreamer.workers.dev", "spring-math-9df3.aledreamsaledreams2.workers.dev"], "urls": ["https://jolly-violet-def9.staraledreamer.workers.dev/DDDD.exe", "https://holy-sun-41ff.staraledreamer.workers.dev/gore.vbs", "https://github.com/betonme27/flies/releases/download/a/s22s.zhr", "https://dawn-thunder-f821.staraledreamer.workers.dev/gore.vbs", "https://green-shadow-38d7.aledreamsaledreams2.workers.dev/tree.vbs", "https://spring-math-9df3.aledreamsaledreams2.workers.dev/winre.bat", "https://github.com/aledreamsaledreqms-source/frakenstein/raw/refs/heads/main/tree.vbs", "https://lingering-field-4351.aledreamer1234.workers.dev/yy.bat"]}, "malicious-packages-origins": [{"id": "pypi/2026-03-roboat-addition/api-analysis", "import_time": "2026-04-11T14:46:50.836338055Z", "modified_time": "2026-04-11T14:19:01.446528Z", "sha256": "8ba11f1706dc7e5b86a76316bf4f8dbd6e7486d8ad8da568a6e6075ca8d0d75f", "source": "kam193", "versions": ["0.0.8"]}]}, "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "mal-2026-2556"}]}}}]