CVE-2026-53045 memory: tegra124-emc: Fix dll_change check

In the Linux kernel, the following vulnerability has been resolved: memory: tegra124-emc: Fix dllchange check The code checking whether the specified memory timing enables DLL in the EMRS register was reversed. DLL is enabled if bit A0 is low. Fix the check...

CVE-2026-53043 ocfs2/dlm: validate qr_numregions in dlm_match_regions()

In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: validate qrnumregions in dlmmatchregions Patch series "ocfs2/dlm: fix two bugs in dlmmatchregions". In dlmmatchregions, the qrnumregions field from a DLMQUERYREGION network message is used to drive loops over the...

CVE-2026-53036 bpf, arm64: Fix off-by-one in check_imm signed range check

In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix off-by-one in checkimm signed range check checkimmbits, imm is used in the arm64 BPF JIT to verify that a branch displacement in arm64 instruction units fits into the signed N-bit immediate field of a B, B.cond or...

CVE-2026-53036

The CVE-2026-53036 issue concerns the Linux kernel BPF JIT on ARM64. check_imm(bits, imm) erroneously allowed a signed N-bit range of [-2^N, 2^N), effectively giving an (N+1)-bit range, which permits values in [2^18, 2^19) for imm19 (and similarly for imm26) to slip through. This caused potential...

CVE-2026-52998

CVE-2026-52998 affects the Linux kernel’s netfilter nfnetlink_osf module. The nf_osf_ttl() function can dereference a device pointer (skb->dev) without validating the device, risking a NULL dereference. The patch removes the device dereference and the in_dev_for_each_ifa_rcu loop used to match...

CVE-2026-52969

In the provided documents, CVE-2026-52969 affects the Linux kernel KVM path for dirty-page tracking. The vulnerability arises in kvm_reset_dirty_gfn(), where an unchecked 64-bit offset can wrap and bypass the range check, allowing a mismatch between slot/offset data and the gfn bounds via the MAP...

CVE-2026-52952

Summary: CVE-2026-52952 affects the Linux kernel IOMMU subsystem. A race occurs during device recovery when multiple memory domains are attached concurrently, which can trigger a Use-After-Free (UAF) due to concurrent domain detachment and re-attachment in a multi-device group sharing the same RI...

CVE-2026-57304

A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username and password...

CVE-2026-57307

A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b450b1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2026-57300

A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs they can access...

CVE-2026-57285

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration...

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

EUVD-2026-38788

A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b450b1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2026-57307

CVE-2026-57307 describes a vulnerability in the Jenkins Zowe zDevOps Plugin (1.1.3.50.ve350c9b_450b_1 and earlier) where a missing permission check allows users with Overall/Read to initiate connections to attacker-specified URLs using attacker-specified credentials IDs. This can lead to credenti...

CVE-2026-57304

A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username and password...

EUVD-2026-38785

A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username and password...

CVE-2026-57300

A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs they can access...

EUVD-2026-38781

A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs they can access...

EUVD-2026-38780

Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata...

CVE-2026-57297

CVE-2026-57297 affects Jenkins via the Contrast Continuous Application Security Plugin (3.11 and earlier). The issue is a missing permission check that lets attackers with Overall/Read access cause a connection to an attacker‑specified URL using attacker‑provided credentials (username, API key, s...