UBUNTU-CVE-2026-40213

OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...

SUSE CVE-2026-43186

In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: fix heap buffer overflow in ioam6filltracedata On the receive path, ioam6filltracedata uses trace-nodelen to decide how much data to write for each node. It trusts this field as-is from the incoming packet, with no...

CVE-2026-43186 ipv6: ioam: fix heap buffer overflow in __ioam6_fill_trace_data()

In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: fix heap buffer overflow in ioam6filltracedata On the receive path, ioam6filltracedata uses trace-nodelen to decide how much data to write for each node. It trusts this field as-is from the incoming packet, with no...

Astra Linux - уязвимость в fig2dev

A issue was discovered in fig2dev prior to 3.2.8. A NULL pointer dereferencing exists in the function computeclosedspline located in transspline.c. This allows an attacker to cause a Denial of Service attack. The fixed version of fig2dev is 3.2.8...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/tsens: Fixed null pointer dereferencing. The function computeinterceptslope is called from calibrate8960 in tsens-8960.c. This call involves parameters priv, p1, NULL, and ONEPTCALIB, which can lead to a null...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: cxl/port: Fixed the issue where parentport was used after freeing it in cxldetachep. The cxldetachep function is called during the bottom-up removal process, when all CXL memory devices beneath a switch port have been removed...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed the KASAN use-after-free situation in computeeffectiveprogs. Syzbot identified a use-after-free bug in the computeeffectiveprogs function. The reproducer creates several BPF links, causing a failure in the injected...

CVE-2026-43001

An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied projectid for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credentia...

CVE-2026-43001

An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied projectid for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credentia...

CVE-2026-31530 cxl/port: Fix use after free of parent_port in cxl_detach_ep()

In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use after free of parentport in cxldetachep cxldetachep is called during bottom-up removal when all CXL memory devices beneath a switch port have been removed. For each port in the hierarchy it locks both the port a...

CVE-2026-4139

The CVE-2026-4139 case concerns the WordPress mCatFilter plugin (versions

PT-2026-34296

Name of the Vulnerable Software and Affected Versions mCatFilter versions prior to 0.5.3 Description The mCatFilter plugin for WordPress is susceptible to Cross-Site Request Forgery. The compute post function, which processes settings updates, lacks nonce verification and capability checks. This...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011098)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011098 advisory. In the Linux kernel, the following vulnerability has been resolved: cxl: fix possible null-ptr-deref in cxlguestinitafu|adapter If deviceregister fails in...

GHSA-P3P7-9H4W-JQW2 vulnerabilities

Vulnerabilities for packages: nvidia-nsight-compute-13.2...

CVE-2025-22873 vulnerabilities

Vulnerabilities for packages: nvidia-nsight-compute-13.2...

CVE-2026-32184

Deserialization of untrusted data in Microsoft High Performance Compute Pack HPC allows an authorized attacker to elevate privileges locally...

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit these vulnerabilities by having multiple Azure and Microsoft components fail to validate input adequately or process untrusted data insecurely, allowing an authorized attacker to increase privileges...

EUVD-2026-22565

Deserialization of untrusted data in Microsoft High Performance Compute Pack HPC allows an authorized attacker to elevate privileges locally...

CVE-2026-32184

CVE-2026-32184 concerns Microsoft High Performance Compute (HPC) Pack with an Elevation of Privilege vulnerability. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) yields a base score of 7.8 (HIGH) where the attacker requires local access, low attack complexity and low privileges, with ...

Microsoft High Performance Compute Pack 代码问题漏洞

Microsoft High Performance Compute Pack is a high-performance computing solution provided by Microsoft Corporation in the United States. It is primarily used for creating and managing high-performance computing clusters. There are code-related vulnerabilities in the Microsoft High Performance...