BELL-CVE-2026-46023

Bulletin has no description...

SUSE CVE-2026-45963

In the Linux kernel, the following vulnerability has been resolved: ASoC: nau8821: Cancel delayed work on component remove Attempting to unload the driver while a jack detection work is pending would likely crash the kernel when it is eventually scheduled for execution: 1984.896308 BUG: unable to...

CVE-2026-45874

A flaw was found in the Linux kernel, within the phy: freescale: imx8qm-hsio component. This vulnerability occurs when a specific pointer, refclkpad, is not properly initialized and is later used without validation. This can lead to a NULL pointer dereference, which may cause the system to crash...

CVE-2026-45908

A flaw was found in the Linux kernel's accel/amdxdna component. The amdxdnaubufmap function allocates memory for scatter-gather SG and internal SG table structures. However, it fails to free this allocated memory if subsequent operations, such as sgalloctablefrompages or dmamapsgtable, encounter ...

CVE-2026-45924

A flaw was found in ksmbd, a component of the Linux kernel. This vulnerability occurs because ksmbdvfskernpathendremoving is not called on certain error paths, leading to unbalanced inode locks and references. This can result in potential deadlocks and unbalanced locks, which may cause system...

Responsive FileManager 安全漏洞

Responsive FileManager is a free, open-source file manager developed by Alberto Peripolli. Version 9.14.0 of Responsive FileManager contains a security vulnerability. This vulnerability stems from issues with the forcedownload.php component, which could allow remote attackers to execute arbitrary...

PT-2026-44508

Name of the Vulnerable Software and Affected Versions Oracle REST Data Services versions 24.2.0 through 26.1.0 Description An issue in the Core component allows a low privileged attacker with network access via HTTPS to compromise the system. Successful exploitation can lead to unauthorized acces...

PT-2026-44507

Name of the Vulnerable Software and Affected Versions Oracle REST Data Services versions 24.2.0 through 26.1.0 Description An issue in the Core component allows a low privileged attacker with network access via HTTPS to compromise the system. Exploitation is difficult and requires human interacti...

Oracle REST Data Services 安全漏洞

Oracle REST Data Services is a middleware tool provided by Oracle Corporation in the United States, which exposes features of the Oracle database to applications through RESTful APIs. Versions 24.2.0 to 26.1.0 of Oracle REST Data Services have security vulnerabilities. These vulnerabilities stem...

PT-2026-44530

Name of the Vulnerable Software and Affected Versions Oracle REST Data Services versions 24.2.0 through 26.1.0 Description An issue in the Core component allows a low privileged attacker with network access via HTTPS to compromise the system. Successful exploitation can result in a complete...

CVE-2026-37579

An issue in SMSGate sms-core=2.1.13.6 allows a remote attacker to execute arbitrary code via the Cmpp7FDeliverRequestMessageCodec.java component...

PT-2026-44656

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.216 Description A use after free issue in Views allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape by using a crafted HTML page. Use after...

CVE-2026-37266

An issue in Responsive File Manager Responsive FileManager Version 9.14.0 allows a remote attacker to execute arbitrary code via the forcedownload.php component...

Oracle REST Data Services 安全漏洞

Oracle REST Data Services is a middleware tool provided by Oracle Corporation in the United States, which exposes features of the Oracle database to applications through RESTful APIs. Versions 24.2.0 to 26.1.0 of Oracle REST Data Services have security vulnerabilities. These vulnerabilities stem...

PT-2026-44598

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description An out of bounds read and write issue in Dawn allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. A sandbox escape is a technique...

CVE-2026-45982

A flaw was found in the Linux kernel. A NULL pointer dereference in the acpievaddressspacedispatch function could allow a local attacker to cause a denial of service DoS by triggering a missed execution path. This vulnerability arises from an incomplete check in the Advanced Configuration and Pow...

CVE-2026-45986

A flaw was found in the Linux kernel's cryptographic module, specifically within the ccmacdigest function of the ccree component. This vulnerability is a memory leak that occurs when a specific mapping operation fails to release allocated memory. Over time, this unreleased memory could lead to a...

CVE-2026-46000

A flaw was found in the Linux kernel's rxrpc component. Security operations that decrypt RESPONSE packets in place may share the socket buffer skbuff with a packet sniffer. This could allow a local attacker or an attacker with network access to intercept and view decrypted portions of these...

CVE-2026-44831

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting XSS. This vulnerability is fixed in 8.4.1...

CVE-2026-44451

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals fetch, window, eval, etc. with undefined. A static source validator...