CVE-2026-43158 xfs: fix freemap adjustments when adding xattrs to leaf blocks

In the Linux kernel, the following vulnerability has been resolved: xfs: fix freemap adjustments when adding xattrs to leaf blocks xfs/592 and xfs/794 both trip this assertion in the leaf block freemap adjustment code after 20 minutes of running on my test VMs: ASSERTichdr-firstused = ichdr-count...

CVE-2025-71272 most: core: fix resource leak in most_register_interface error paths

In the Linux kernel, the following vulnerability has been resolved: most: core: fix resource leak in mostregisterinterface error paths The function mostregisterinterface did not correctly release resources if it failed early before registering the device. In these cases, it returned an error code...

CVE-2026-43086 ipvs: fix NULL deref in ip_vs_add_service error path

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix NULL deref in ipvsaddservice error path When ipvsbindscheduler succeeds in ipvsaddservice, the local variable sched is set to NULL. If ipvsstartestimator subsequently fails, the outerr cleanup calls...

CVE-2026-43086

CVE-2026-43086 concerns the Linux kernel IPVS component. The vulnerability occurs in the error path of ip_vs_add_service when ip_vs_bind_scheduler() has succeeded and the local variable sched is set to NULL; if ip_vs_start_estimator() then fails, ip_vs_unbind_scheduler(svc, sched) is invoked with...

CVE-2026-43086

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix NULL deref in ipvsaddservice error path When ipvsbindscheduler succeeds in ipvsaddservice, the local variable sched is set to NULL. If ipvsstartestimator subsequently fails, the outerr cleanup calls...

CVE-2026-43086

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix NULL deref in ipvsaddservice error path When ipvsbindscheduler succeeds in ipvsaddservice, the local variable sched is set to NULL. If ipvsstartestimator subsequently fails, the outerr cleanup calls...

CVE-2026-36358

CVE-2026-36358 is a Cross Site Scripting vulnerability in Juzaweb CMS v5.0.0. The issue allows a remote attacker to execute arbitrary code via a crafted script submitted to the Add Banner Ads function. Connected documents confirm the same description across NVD, CVE List, and related feeds; no ex...

Juzaweb CMS 跨站脚本漏洞

Juzaweb CMS is a content management system developed by Juzaweb’s individual developers, based on the Laravel framework and web platform. Version 5.0.0 of Juzaweb CMS has a cross-site scripting vulnerability. This vulnerability stems from the Add Banner Ads feature, which contains cross-site...

CVE-2026-36358

Cross Site Scripting vulnerability in Juzaweb CMS v.5.0.0 allows a remote attacker via execute arbitrary code via a crafted script to the Add Banner Ads function...

CVE-2026-36358

Cross Site Scripting vulnerability in Juzaweb CMS v.5.0.0 allows a remote attacker via execute arbitrary code via a crafted script to the Add Banner Ads function...

PT-2026-37447

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A resource leak exists in the most register interface function. The function fails to correctly release resources when an error occurs before the device is registered, resulting in the...

PT-2026-37629

Cross Site Scripting vulnerability in Juzaweb CMS v.5.0.0 allows a remote attacker via execute arbitrary code via a crafted script to the Add Banner Ads function...

PT-2026-37536

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double free issue exists in the pruss clk mux setup function. The devm add action or reset function indirectly triggers pruss of free clk provider, which executes of node putclk mux np...

Directory Traversal

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Directory Traversal via the addpackage function. An attacker can write files outside the intended download directory by submitting specially crafted folder...

PyLoad Vulnerable to Path Traversal via Package Folder Name

Insufficient sanitization of package folder names allows writing files outside the intended download directory. Affected Component - src/pyload/core/api/init.py - Function: addpackage Description Package folder names are sanitized using insufficient string replacement: python folder =...

Incorrect Authorization

Overview codechecker is an analyzer tooling, defect database and viewer extension Affected versions of this package are vulnerable to Incorrect Authorization via the Authentication endpoint functions, including getAuthorisedNames, getPermissionsForUser, hasPermission, addPermission, and...

CVE-2026-6994

A flaw was found in Envoy. A remote attacker could exploit a weakness in the Query Parameter Handler component, specifically within the params.add function. This vulnerability allows for injection, which may lead to limited impacts on the confidentiality, integrity, and availability of the affect...

kernel: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id

In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetrickeys - prevent overflow in asymmetrickeygenerateid Use checkaddoverflow to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetrickeyid structure and return...

CVE-2026-7810 UsamaK98 python-notebook-mcp server.py add_cell path traversal

A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function createnotebook/readnotebook/editcell/addcell of the file server.py. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit h...

CVE-2026-7810 UsamaK98 python-notebook-mcp server.py add_cell path traversal

A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function createnotebook/readnotebook/editcell/addcell of the file server.py. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit h...