Exploit for Write-what-where Condition in Linux Linux_Kernel

CVE-2026-43284 xfrm/ESP page cache write exploit, 4 byte primit...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 - Linux Kernel AFALG "Copy Fail" Local Privile...

Improper Access Control

kcp is vulnerable to Improper Access Control. The vulnerability is due to the cache server being exposed without authentication or authorization controls, which allows an attacker to read from and write to the cache server if they can access the root shard...

curl: SSL session-cache peer key omits signature_algorithms: strict-sigalg handle silently resumes a permissive sibling's session

CURLOPTSSLSIGNATUREALGORITHMS policy bypass: SSL session cache key omits sigalgs, allowing a strict-sigalg handle to resume a session negotiated under a permissive policy AI disclosure This report was prepared with the assistance of an AI coding assistant Claude. The behavioral diff pre/post patc...

SUSE CVE-2026-8612

WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution. With no explicit cache backend, WWW::Mechanize::Cached constructs a default Cache::FileCache under /tmp/FileCache without...

disclosures

Delphos Labs - Vulnerability Disclosures Public vulnerability...

EUVD-2026-30656

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHEDIR/audio/transcriptions/.. The /cache/path route serve...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

copyfail — CVE-2026-31431 4-byte page-cache write primitive →...

CVE-2026-44552 Open WebUI: Redis Cache Keys tool_servers and terminal_servers Missing Instance Prefix Enable Cross-Instance Cache Poisoning

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the toolservers and terminalservers keys in utils/tools.py do use a prefix. When two or more Open WebUI instances share a Redis database a supported and documented deployment pattern...

CVE-2026-44552

CVE-2026-44552 affects Open WebUI. Before 0.9.0, tool_servers and terminal_servers keys in Redis were unprefixed, so when multiple instances share a Redis backend they can collide, allowing an admin on one instance to poison another’s cache and have users interact with attacker-controlled tool co...

CVE-2026-44553

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, administrative role changes and user deletions do not iterate SESSIONPOOL to disconnect affected sessions. As a result, a user whose admin role has been revoked retains admin...

CVE-2026-44553 Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, administrative role changes and user deletions do not iterate SESSIONPOOL to disconnect affected sessions. As a result, a user whose admin role has been revoked retains admin...

EUVD-2026-30615

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, administrative role changes and user deletions do not iterate SESSIONPOOL to disconnect affected sessions. As a result, a user whose admin role has been revoked retains admin...

DirtyFrag-Linux-Kernel-Local-Privilege-Escalation-Educational-Mirror-

Dirty Frag: Universal Linux LPE Abstract !tuxasse...

kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel

A flaw was found in the Linux kernel's xfrm-ESP and RxRPC subsystems. Unsafe in-place cryptographic processing of shared socket buffer fragments allows a low-privileged local attacker to corrupt page-cache contents of readable files, including sensitive system files, and gain root privileges. The...

CVE-2026-45773

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14, Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the localhost callback. While the CLI was waiting for authentication, a malicious web page could send a...

SUSE-SU-2026:21782-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-54518: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache bsc1264013. - CVE-2026-46300: net: skbuff: propagate shared-frag marker throu...

CVE-2026-45773 Turborepo: Login callback CSRF/session fixation

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14, Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the localhost callback. While the CLI was waiting for authentication, a malicious web page could send a...

SUSE-SU-2026:21749-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-54518: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache bsc1264013. - CVE-2026-46300: net: skbuff: propagate shared-frag marker throu...

UBUNTU-CVE-2026-46333

In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'getdumpable' logic The 'dumpability' of a task is fundamentally about the memory image of the task - the concept comes from whether it can core dump or not - and makes no sense when you don't have an...