Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel. This vulnerability arises from the cdns3 USB driver’s role switching during recovery. During this process, the resume...

PT-2026-43778

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the cdns3 driver when a role switch to host mode happens during the system resume process. The start operation of the host role registers a xhci-hcd...

IBM Controller 信任管理问题漏洞

IBM Controller is a web-based financial consolidation tool developed by the American multinational company International Business Machines IBM. Versions 11.0.1, 11.1.0, 11.1.1, and 11.1.2 of IBM Controller contain vulnerabilities related to trust management. These vulnerabilities stem from the us...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a failure in the spisetup function during spi device registration, resulting in the controller...

PT-2026-44013

Name of the Vulnerable Software and Affected Versions Jenkins Email Extension Plugin versions prior to 1933.v45cec755423f Description The plugin allows inlining images as base64 in email content by setting the data-inline attribute. Because there are no restrictions on the image URLs that can be...

PT-2026-44014

Name of the Vulnerable Software and Affected Versions Jenkins Pipeline: Groovy Libraries Plugin versions prior to 797.v90ea a 9b e45a 0 Description The plugin does not prohibit symbolic links in shared libraries. This allows attackers who can control the content of a library used by a Pipeline jo...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the spi imx controller is not properly referenced when unbinding, potentially leadi...

PT-2026-43863

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the SPI subsystem of the Linux kernel. The subsystem frees the controller and any allocated driver data during deregistration, unless the allocation is...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Samba vulnerabilities (USN-8306-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8306-1 advisory. Asim Viladi Oglu Manizada discovered that Samba incorrectly handled access checks on reparse point operations. An attacke...

CVE-2026-9580 JeecgBoot selectDepart LoginController.selectDepart access control

A vulnerability was determined in JeecgBoot up to 3.9.1. The affected element is the function LoginController.selectDepart of the file /sys/selectDepart. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and m...

kernel: can: raw: fix ro->uniq use-after-free in raw_rcv()

A flaw was found in the Linux kernel's Controller Area Network CAN raw socket implementation. A use-after-free vulnerability can occur due to a timing window during the unregistration of CAN receive filters, allowing a freed memory region to be accessed. This could lead to system instability or a...

CVE-2026-9518

The vulnerability CVE-2026-9518 affects hemant6488’s CodeIgniter-StudentManagementSystem, specifically the Students Controller function addStudent in view_students.php. The issue is cross site scripting caused by manipulating the Name argument, enabling remote exploitation. Documents indicate the...

Student Management System 代码注入漏洞

Student Management System is a student management system developed by Krishanmurariji. There is a code injection vulnerability in Student Management System. This vulnerability stems from improper handling of the Name parameter in the addStudent function of the Students Controller component, which...

kavita 访问控制错误漏洞

Kavita is a fast and feature-rich cross-platform reading server developed by Kavita OpenSource. Versions of Kavita prior to 0.9.0 contained an access control vulnerability. This vulnerability stemmed from the ReaderController.GetImage endpoint, which allowed completely unauthenticated access,...

Snipe-IT 安全漏洞

Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT prior to 8.4.1 contained security vulnerabilities. These vulnerabilities stemmed from the API controller, which only removed the superuser key from the permission array, potentially...

CVE-2026-3238

Denial of service against AD DC WINS server...

UBUNTU-CVE-2026-3238

A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the...

FuzzPilot: Plateau-Triggered Recipe Validation for Structured Text Fuzzing

FuzzPilot is a controller for AFL++ that moves expensive reasoning out of the mutation hot path. When coverage plateaus, it snapshots the corpus, prepares candidate mutation recipes, evaluates them in short isolated AFL++ micro-campaigns, and promotes only recipes with positive validation reward...

CVE-2026-46680 vulnerabilities

Vulnerabilities for packages: kargo, syft, datadog-agent, cluster-api-helm-controller, docker-cli-buildx, headlamp, helm, linkerd2, zarf, opa-envoy, k9s, rancher, tigera-operator, helm-set-status, gatekeeper, grype, kubescape-operator, eksctl, dagger, xeol, kubevela, trivy-operator, docker,...

GHSA-FQW6-GF59-QR4W vulnerabilities

Vulnerabilities for packages: kargo, syft, datadog-agent, cluster-api-helm-controller, docker-cli-buildx, headlamp, helm, linkerd2, zarf, opa-envoy, k9s, rancher, tigera-operator, helm-set-status, gatekeeper, grype, kubescape-operator, eksctl, dagger, xeol, kubevela, trivy-operator, docker,...