SUSE CVE-2025-38344

In the Linux kernel, the following vulnerability has been resolved: ACPICA: fix acpi parse and parseext cache leaks ACPICA commit 8829e70e1360c81e7a5a901b5d4f48330e021ea5 I'm Seunghun Han, and I work for National Security Research Institute of South Korea. I have been doing a research on ACPI and...

SUSE CVE-2026-40033

FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...

Exploit for Deserialization of Untrusted Data in Drupal

CVE-2019-6340 — Drupal RESTful Web Services RCE Python imple...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an oversight in AppArmor where the counter for each CPU’s cache holdings does not check for...

PT-2026-44160

Summary The compliance-trestle library's remote fetching cache mechanism HTTPSFetcher and SFTPFetcher constructs the local cache file path from the URL path component without sanitizing path traversal sequences ../. When a remote OSCAL profile references a URL with traversal in its path, the HTTP...

CVE-2026-45899

ext4: drop extent cache when splitting extent fails...

PT-2026-43784

In the Linux kernel, the following vulnerability has been resolved: ipvs: do not keep dest dst if dev is going down There is race between the netdev notifier ip vs dst event and the code that caches dst with dev that is going down. As the FIB can be notified for the closed device after our handle...

PT-2026-43759

In the Linux kernel, the following vulnerability has been resolved: ext4: drop extent cache after doing PARTIAL VALID1 zeroout When splitting an unwritten extent in the middle and converting it to initialized in ext4 split extent with the EXT4 EXT MAY ZEROOUT and EXT4 EXT DATA VALID2 flags set, i...

WordPress plugin LiteSpeed Cache 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a race condition between the dst cache and network devices when they are disabled in IPVS,...

PT-2026-43919

In the Linux kernel, the following vulnerability has been resolved: ceph: only d add negative dentries when they are unhashed Ceph can call d adddentry, NULL on a negative dentry that is already present in the primary dcache hash. In the current VFS that is not safe. d add goes through d add to d...

PT-2026-43729

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Flush cache for PASID table before using it When writing the address of a freshly allocated zero-initialized PASID table to a PASID directory entry, do that after the CPU cache flush for this PASID table, not before i...

Linux Distros Unpatched Vulnerability : CVE-2026-45917

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipvs: do not keep destdst if dev is going down There is race between the netdev notifier ipvsdstevent and the code that caches dst with dev that is going down. ...

PT-2026-44142

Description SymfonyComponentCacheAdapterPdoAdapter is the PDO-backed cache adapter. Its clear$prefix method inherited from AbstractAdapterTrait is documented to delete cache items whose key starts with $prefix. In the non-versioning code path, the caller-supplied $prefix is concatenated into...

claude-code-cache-fix 代码注入漏洞

claude-code-cache-fix is a caching optimization tool developed by Chris Nighswonger. Versions 3.5.0 to 3.5.2 of claude-code-cache-fix had a code injection vulnerability. This vulnerability stemmed from the use of tools/quota-statusline.sh, which directly inserted the hook’s standard input payload...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the possibility that the DMA transfer buffer in the powerz driver and the subsequent mutex may...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of CPU cache flushing before writing PASID table addresses to the PASID directory entries. Thi...

VulnCheck KEV: CVE-2026-45321

On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/ packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself...

PT-2026-43546

The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp-json/litespeed/v1/notify ccss and /wp-json/litespeed/v1/notify ucss REST API endpoints in all versions up to, and including, 7.7. These endpoints accept CSS content from QUIC.cloud callback...

PT-2026-43766

In the Linux kernel, the following vulnerability has been resolved: ext4: drop extent cache when splitting extent fails When the split extent fails, we might leave some extents still being processed and return an error directly, which will result in stale extent entries remaining in the extent...