CVE-2026-23187

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc-domains Fix out-of-range access of bc-domains in imx8mblkctrlremove...

CVE-2026-23187 pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc-domains Fix out-of-range access of bc-domains in imx8mblkctrlremove...

UBUNTU-CVE-2026-23166

In the Linux kernel, the following vulnerability has been resolved: ice: Fix NULL pointer dereference in icevsisetnapiqueues Add NULL pointer checks in icevsisetnapiqueues to prevent crashes during resume from suspend when ringsqidx-qvector is NULL. Tested adaptor: 60:00.0 Ethernet controller 020...

EUVD-2026-5872

In the Linux kernel, the following vulnerability has been resolved: ice: Fix NULL pointer dereference in icevsisetnapiqueues Add NULL pointer checks in icevsisetnapiqueues to prevent crashes during resume from suspend when ringsqidx-qvector is NULL. Tested adaptor: 60:00.0 Ethernet controller 020...

CVE-2026-23166

CVE-2026-23166 pertains to the Linux kernel ice driver. The issue arises from a NULL dereference in ice_vsi_set_napi_queues when rings[q_idx]->q_vector is NULL during resume from suspend. The fix adds NULL pointer checks for both the ring pointer and its q_vector in ice_vsi_set_napi_queues, en...

CVE-2026-23166 ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues

In the Linux kernel, the following vulnerability has been resolved: ice: Fix NULL pointer dereference in icevsisetnapiqueues Add NULL pointer checks in icevsisetnapiqueues to prevent crashes during resume from suspend when ringsqidx-qvector is NULL. Tested adaptor: 60:00.0 Ethernet controller 020...

CVE-2026-23167

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix race between rfkill and nciunregisterdevice. syzbot reported the splat below 0 without a repro. It indicates that struct ncidev.cmdwq had been destroyed before nciclosedevice was called via rfkill. ncidev.cmdwq is...

CVE-2025-71200

In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode When operating in HS200 or HS400 timing modes, reducing the clock frequency below 52MHz will lead to link broken as the Rockchip DWC MSHC controller...

CVE-2025-71200

The CVE-2025-71200 entry describes a Linux kernel vulnerability in mmc: sdhci-of-dwcmshc where in HS200/HS400 timing modes lowering the clock below 52MHz could break the link due to the Rockchip DWC MSHC controller requiring a 52MHz minimum. The fix adds a check to prevent illegal clock reduction...

CVE-2025-69633

A SQL Injection vulnerability in the Advanced Popup Creator advancedpopupcreator module for PrestaShop 1.1.26 through 1.2.6 Fixed in version 1.2.7 allows remote unauthenticated attackers to execute arbitrary SQL queries via the fromController parameter in the popup controller. The parameter is...

CVE-2025-9292

A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful...

CVE-2026-26056

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a...

CVE-2026-26055

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, caused by improper settings of the rst and clk masks for 8mq vpu in pmdomain imx8m-blk-ctrl, which may lead to...

Linux Distros Unpatched Vulnerability : CVE-2026-23197

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - i2c: imx: preserve error state in block data length handler When a block read returns an invalid length, zero or I2CSMBUSBLOCKMAX, the length handler sets the...

CVE-2025-69633

A SQL Injection vulnerability in the Advanced Popup Creator advancedpopupcreator module for PrestaShop 1.1.26 through 1.2.6 Fixed in version 1.2.7 allows remote unauthenticated attackers to execute arbitrary SQL queries via the fromController parameter in the popup controller. The parameter is...

CVE-2025-9292

CVE-2025-9292 affects TP-Link Omada Cloud Controller. A permissive web security configuration may bypass cross-origin restrictions in certain conditions, enabling potential unauthorized disclosure of sensitive data. Exploitation requires an existing client-side injection vulnerability and access ...

CVE-2025-9292

A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful...

CVE-2025-9292 Permissive Web Security Policy Allows Cross-Origin Access Control Bypass on Omada Cloud Controllers

A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful...

CVE-2025-69633

CVE-2025-69633 is a SQL injection vulnerability in the PrestaShop Advanced Popup Creator module, affecting versions 1.1.26–1.2.6 (fixed in 1.2.7). The flaw allows remote, unauthenticated attackers to execute arbitrary SQL queries via the fromController parameter in the popup controller, with the ...