BIT-KYVERNO-2026-41485 Kyverno Controller Denial of Service via forEach Mutation Panic

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the forEach mutation handler allows any user with permission to create a Policy or ClusterPolicy to crash the cluster-wide background controller int...

CLSA-2026-1777321102 Fix CVE(s): CVE-2022-26923, CVE-2022-32743

SECURITY UPDATE: Samba AD DC did not enforce the Validated-DNS-Host-Name write right, allowing an unprivileged authenticated user with machine account write access e.g. SeMachineAccountPrivilege to set the dNSHostName attribute to an arbitrary value, bypassing the MS-ADTS requirement that it matc...

CVE-2026-6979

A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and m...

CVE-2026-7145

A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invitation Handler. This manipulation of the argument invitation causes authorization bypass. The attac...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, caused by an issue with the order of calls to the edacmcalloc function in the EDAC/mc component. This issue may le...

sendportal 授权问题漏洞

SendPortal is a self-hosted email marketing management tool developed by Mattel. Versions of SendPortal 3.0.1 and earlier had an authorization vulnerability. This vulnerability stemmed from improper handling of the parameter invitation in the destroy function of the Invitation Handler component...

nvme: fix admin queue leak on controller reset

...

ShowDoc has an Injection vulnerability

A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the argument pages ca...

CVE-2026-6979

A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and m...

CVE-2026-6979

Affects devlikeapro WAHA up to 2026.3.4; vulnerable in the API Request Handler function src/api/media.controller.ts, enabling server-side request forgery. Attackable remotely; exploit published. Vendor unresponsive. No remediation details provided in the documents.

CVE-2026-6979 devlikeapro WAHA API Request media.controller.ts server-side request forgery

A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and m...

CVE-2026-6979

A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and m...

EUVD-2026-25655

A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and m...

CVE-2026-6979 devlikeapro WAHA API Request media.controller.ts server-side request forgery

A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and m...

BIT-ARGO-WORKFLOWS-2026-40886 Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows controller

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed...

[SECURITY] Fedora 44 Update: qt6-qtserialbus-6.10.3-1.fc44

Qt Serial Bus API provides classes and functions to access the various industrial serial buses and protocols, such as CAN, ModBus, and others...

SUSE CVE-2026-31560

In the Linux kernel, the following vulnerability has been resolved: spi: spi-dw-dma: fix print error log when wait finish transaction If an error occurs, the device may not have a current message. In this case, the system will crash. In this case, it's better to use dev from the struct ctlr struc...

SUSE CVE-2026-31651

In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix NULL-deref on disconnect Make sure to deregister the controller before dropping the reference to the driver data on disconnect to avoid NULL-pointer dereferences or use-after-free...

WAHA 代码问题漏洞

WAHA is an open-source WhatsApp HTTP API service tool developed by devlikeapro. Versions of WAHA prior to 2026.3.4 contained code vulnerabilities. These vulnerabilities stemmed from unknown features in the component’s API Request Handler, specifically in the file src/api/media.controller.ts, whic...

PT-2026-35149

A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and m...