Exploit for CVE-2026-33324

CVE-2026-33324 Overview SQLBot, a sophisticated Text-to-S...

SUSE CVE-2026-43039

In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: fix missing data copy and wrong recycle in ZC RX dispatch emacdispatchskbzc allocates a new skb via napiallocskb but never copies the packet data from the XDP buffer into it. The skb is passed up the stack...

SUSE CVE-2026-43050

In the Linux kernel, the following vulnerability has been resolved: atm: lec: fix use-after-free in sockdefreadable A race condition exists between lecatmclose setting priv-lecd to NULL and concurrent access to priv-lecd in sendtolecd, lechandlebridge, and lecatmsend. When the socket is freed via...

SUSE CVE-2026-43073

In the Linux kernel, the following vulnerability has been resolved: x86-64: rename misleadingly named 'copyusernocache' function This function was a masterclass in bad naming, for various historical reasons. It claimed to be a non-cached user copy. It is literally neither of those things. It's a...

PT-2026-37554

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the KVM x86 component where reading PDPTR registers in the get sregs2 function lacks proper SRCU read-side protection. Reading PDPTRs can trigger access to guest memor...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that xfrmpolicyfini does not wait for the RCU reader to complete before releasing the...

PT-2026-37401

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the xfrm component where the xfrm policy fini function frees the policy bydst hash tables after flushing policy work items and deleting policies without waiting for...

Linux Distros Unpatched Vulnerability : CVE-2026-43091

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xfrm: Wait for RCU readers during policy netns exit xfrmpolicyfini frees the policybydst hash tables after flushing the policy work items and deleting all...

Linux Distros Unpatched Vulnerability : CVE-2026-43092

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xsk: validate MTU against usable frame size on bind AFXDP bind currently accepts zero-copy pool configurations without verifying that the device MTU fits into t...

Linux Distros Unpatched Vulnerability : CVE-2026-43115

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - srcu: Use irqwork to start GP in tiny SRCU Tiny SRCU's srcugpstartifneeded directly calls schedulework, which acquires the workqueue pool-lock. This causes a...

Linux Distros Unpatched Vulnerability : CVE-2026-43075

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ocfs2: fix out-of-bounds write in ocfs2writeendinline KASAN reports a use-after-free write of 4086 bytes in ocfs2writeendinline, called from ocfs2writeendnolock...

RHCOS 3 : OpenShift Container Platform 3.11 atomic-openshift (RHSA-2019:3905)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3905 advisory. - kubernetes: kubectl cp allows for arbitrary file write via double symlinks CVE-2019-11251 - kubernetes: YAML parsing vulnerable to...

PT-2026-37384

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the Linux kernel where the ep free function in eventpoll.c may release the epi-ep eventpoll structure while it is still being accessed by another...

RHCOS 4 : OpenShift Container Platform 4.1 openshift (RHSA-2019:3266)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3266 advisory. - kubernetes: kubectl cp allows for arbitrary file write via double symlinks CVE-2019-11251 Note that Nessus has not tested for this issue bu...

CVE-2026-34462

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler copy a WCHAR boxname34 field from request structures into WCHAR40 stack buffers using wcscpy...

CVE-2026-33324

SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided question parameter is directly concatenated into the LLM prompt without filtering or escaping, and th...

CLSA-2026-1777995474 binutils: Fix of CVE-2025-7545

CVE-2025-7545: fix heap buffer overflow in objcopy copysection...

CVE-2026-34462

Sandboxie-Plus (Windows) versions ≤ 1.17.2 are affected by a stack-based overflow in ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler due to copying a WCHAR boxname[34] into a WCHAR[40] buffer with wcscpy without verifying termination. The service pipe allows conn...

CVE-2026-34462 Sandboxie-Plus ProcessServer boxname stack buffer overflows via unterminated wide string copy

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler copy a WCHAR boxname34 field from request structures into WCHAR40 stack buffers using wcscpy...

EUVD-2026-27462

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler copy a WCHAR boxname34 field from request structures into WCHAR40 stack buffers using wcscpy...