CVE-2026-31594

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown epfntbepcdestroy duplicates the teardown that the caller is supposed to perform later. This leads to an oops when .allowlink fails or when .droplink is performed. Th...

CVE-2026-31587

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: q6apm: move component registration to unmanaged version q6apm component registers dais dynamically from ASoC toplology, which are allocated using device managed version apis. Allocating both component and dynamic dais...

CVE-2026-31587

Summary (based on provided sources): CVE-2026-31587 affects the Linux kernel ASoC qcom q6apm component. The issue arises when the q6apm registers DAIs dynamically from ASoC topology using device-managed APIs for both the component and the DAIs, which can lead to an incorrect free ordering and a u...

CVE-2026-31587

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: q6apm: move component registration to unmanaged version q6apm component registers dais dynamically from ASoC toplology, which are allocated using device managed version apis. Allocating both component and dynamic dais...

CVE-2026-41318 AnythingLLM vulnerable to stored DOM XSS in chart caption renderer - LLM-driven prompt injection produces executable HTML via unsanitized renderMarkdown(content.caption) in Chartable component

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an unsafe custom rule for images that interpolates the markdown image's alt text into an HTML alt="..."...

GHSA-PR66-WHQJ-RQ5P Duplicate Advisory: OpenClaw: Discord Component Interaction Misclassifies Group DM as Direct Message

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6336-qqw9-v6x6. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group...

Duplicate Advisory: OpenClaw: Discord Component Interaction Misclassifies Group DM as Direct Message

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6336-qqw9-v6x6. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the work item “pmsrfreewk” is not canceled in the cfg80211 component. This...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper use of component registration management versions in ASoC qcom q6apm. This vulnerability may...

virt:kvm_utils3 bug fix update

hivex 1.3.18-23 - Limit recursion in ri-records CVE-2021-3622 resolves: rhbz1976194 1.3.18-22.el8 - Resolves: bz2000225 Rebase virt:rhel module:stream based on AV-8.6 1.3.18-21 - Bounds check for block exceeding page length CVE-2021-3504 resolves: rhbz1950501 1.3.18 - Resolves: bz1810193 Upgrade...

openSUSE 16 Security Update : tomcat10 (openSUSE-SU-2026:20612-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20612-1 advisory. - Update to Tomcat 10.1.54 - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open...

CVE-2026-31051

An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of service via the Client Balance component...

PT-2026-34961

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double-free issue exists in the SMB client. The function smbd send batch flush already invokes smbd free send io, leading to a second call to smbd free send io after smbd post send mov...

PT-2026-34939

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ASoC qcom q6apm component where dais are registered dynamically from ASoC topology using device managed APIs. When both the component and dynamic dais use managed...

CVE-2026-41341

OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. Attackers can exploit this misclassification to bypass group DM policy enforcement o...

CVE-2026-41341 OpenClaw < 2026.3.31 - Component Interaction Misclassification in Discord Extension

OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. Attackers can exploit this misclassification to bypass group DM policy enforcement o...

CVE-2026-41341

OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. Attackers can exploit this misclassification to bypass group DM policy enforcement o...

EUVD-2026-25288

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery SSRF vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force the server to make arbitrary HTTP requests t...

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

SUSE-SU-2026:21411-1 Security update for gdk-pixbuf

This update for gdk-pixbuf fixes the following issue: - CVE-2026-5201: improper validation of color component counts when processing a specially crafted JPEG image can lead to a heap buffer overflow bsc1261210...