Security Vulnerabilities
In the Linux kernel, the following vulnerability has been resolved:
perf/x86/intel/uncore: Skip discovery table for offline dies
This warning can be triggered if NUMA is disabled and the system
boots with fewer CPUs than the number of CPUs in die 0.
WARNING: CPU: 9 PID: 7257 at uncore.c:1157 uncore_pci_pmu_register+0x136/0x160 [intel_uncore]
Currently, the discovery table continues to be parsed even if all CPUs
in the associated die are offline. This can lead to an array overflow
at "pmu->boxes[die] = box" in uncore_pci_pmu_register(), which may
trigger the warning above or cause other issues.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-05-06
Vulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle Open Source Projects. The supported versions that is affected is v2.3.2. Easily exploitable vulnerability allows unauthenticated attacker to compromise Oracle Cloud Native Environment Command Line Interface product via a malicious environment variable. Successful attacks of this vulnerability can result in Oracle Cloud Native Environment Command Line Interface allowing users to execute arbitrary code.
CVSS Score
6.6
EPSS Score
0.001
Published
2026-05-06
Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Macaron Tool. Successful attacks of this vulnerability can result in Oracle Macaron Tool failing host address validation.
CVSS Score
4.7
EPSS Score
0.0
Published
2026-05-06
Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The supported versions that is affected is 3.77. Easily exploitable vulnerability allows unauthenticated attacker with network access to compromise Oracle OCI CLI. Successful attacks of this vulnerability can result in Oracle OCI CLI allowing users to place imported files outside the intended directory.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-05-06
An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy (roles and permissions) for any user across all organizations by supplying targeted Name and Org parameters via a network request.
CVSS Score
5.0
EPSS Score
0.0
Published
2026-05-06
An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service (DoS) via a process crash by providing a specially crafted .evtx file to the parse_evtx VQL plugin.
CVSS Score
4.4
EPSS Score
0.0
Published
2026-05-06
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-05-06
In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-05-06
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-05-06
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-05-06