PT-2026-39648

Name of the Vulnerable Software and Affected Versions dnsmasq affected versions not specified Description The extract name function can be abused to cause a heap buffer overflow, a condition where data exceeds the allocated memory buffer on the heap. This allows an attacker to inject false DNS...

Unity Linux 20.1070e Security Update: varnish (UTSA-2026-017377)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017377 advisory. In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise Cache Plus 4.1.x before 4.1.11r6 and 6.0.x before...

CVE-2026-7944

An insufficient validation of untrusted input flaw was found in the Persistent Cache component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=495783187...

CLSA-2026-1778252773 squid: Fix of CVE-2022-41317

CVE-2022-41317: fix exposure of sensitive cache manager information via non-HTTP URI schemes due to typo in default manager ACL regex...

Open WebUI: Redis Cache Keys tool_servers and terminal_servers Missing Instance Prefix Enable Cross-Instance Cache Poisoning

Redis Cache Keys toolservers and terminalservers Missing Instance Prefix Enable Cross-Instance Cache Poisoning Affected Component Tool server and terminal server Redis cache: - backend/openwebui/utils/tools.py line 841, toolservers SET - backend/openwebui/utils/tools.py line 850, toolservers GET ...

Exposure of Resource to Wrong Sphere

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere in the handling of Redis cache keys for toolservers and terminalservers when multiple instances share a Redis backend. An attacker can overwrite or inject malicious tool...

GHSA-3X8W-4F7P-XXC2 Open WebUI: Redis Cache Keys tool_servers and terminal_servers Missing Instance Prefix Enable Cross-Instance Cache Poisoning

Redis Cache Keys toolservers and terminalservers Missing Instance Prefix Enable Cross-Instance Cache Poisoning Affected Component Tool server and terminal server Redis cache: - backend/openwebui/utils/tools.py line 841, toolservers SET - backend/openwebui/utils/tools.py line 850, toolservers GET ...

GHSA-45M8-CPM2-3V65 Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access

Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access Affected Component Socket.IO session state and role-check callsites: - backend/openwebui/socket/main.py lines 330-351, connect handler — role snapshotted into SESSIONPOOL - backend/openwebui/socket/main.py lin...

Exploit for Write-what-where Condition in Linux Linux_Kernel

Dirty Frag Technical Analysis CVE-2026-43284 xfrm-ESP / C...

Exploit for Write-what-where Condition in Linux Linux_Kernel

Dirty Frag — kernel page-cache write tracking site Patch-stat...

EUVD-2026-27131

@fastify/accepts-serializer Vulnerable to Denial of Service via Unbounded Accept Header Cache Growth...

GHSA-QXHC-WX3P-2WMG @fastify/accepts-serializer Vulnerable to Denial of Service via Unbounded Accept Header Cache Growth

Impact @fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct but matching Accept header variants to make the cache grow unbounded. Under sustained load,...

@fastify/accepts-serializer Vulnerable to Denial of Service via Unbounded Accept Header Cache Growth

Impact @fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct but matching Accept header variants to make the cache grow unbounded. Under sustained load,...

Active attack: Dirty Frag Linux vulnerability expands post-compromise risk

In this article 1. Why Dirty Frag matters 2. Technical overview 3. Exploitation scenarios 4. Mitigation guidance 5. Post-mitigation integrity verification 6. References A newly disclosed Linux local privilege escalation vulnerability known as “Dirty Frag” enables escalation from an unprivileged...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 - Exploit de Escalada de Privilegios en Linux...

CVE-2026-43437

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: fix use-after-free on linked stream runtime in sndpcmdrain In the drain loop, the local variable 'runtime' is reassigned to a linked stream's runtime runtime = s-runtime at line 2157. After releasing the stream lock at...

CVE-2026-43447 iavf: fix PTP use-after-free during reset

In the Linux kernel, the following vulnerability has been resolved: iavf: fix PTP use-after-free during reset Commit 7c01dbfc8a1c5f "iavf: periodically cache PHC time" introduced a worker to cache PHC time, but failed to stop it during reset or disable. This creates a race condition where...

CVE-2026-43437

CVE-2026-43437 affects the Linux kernel ALSA PCM subsystem (snd_pcm_drain). The issue is a use-after-free in the drain path: during drain, runtime is reassigned to a linked stream’s runtime and after releasing the stream lock, runtime fields (no_period_wakeup, rate, buffer_size) are accessed with...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

DIRTYFAIL A unified detector and PoC harness for the Copy...

Exploit for Write-what-where Condition in Linux Linux_Kernel

DIRTY FRAG Detection with Wazuh 4.14.4 - CVE-2026-43284 / CVE-...